Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorycritical severityuser authentication

Mageia 8 MGASA-2021-0494 Critical: Cloud-Init Local Access Issue

cloud-init has the ability to generate and set a randomized password for system users. This functionality is enabled at runtime by passing cloud-config data such as: 'chpasswd: list: | user1:RANDOM' When instructing cloud-init to set a random password for a new user . MGASA-2021-0494 - Updated cloud-init packages fix security vulnerability Publication date: 29 Oct 2021 URL: https://advisories.mageia.org/MGASA-2021-0494.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-3429 cloud-init has the ability to generate and set a randomized password for system users. This functionality is enabled at runtime by passing cloud-config data such as: 'chpasswd: list: | user1:RANDOM' When instructing cloud-init to set a random password for a new user account, versions before 21.1.19 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user (CVE-2021-3429). References: - https://bugs.mageia.org/show_bug.cgi?id=28991 - https://lists.debian.org/debian-lts-announce/2021/03/msg00025.html - https://github.com/canonical/cloud-init/releases/tag/21.2 - https://www.cve.org/CVERecord?id=CVE-2021-3429 SRPMS: - 8/core/cloud-init-20.2-2.1.mga8 . Stay informed about MGASA-2021-0494: an essential security patch for Mageia's cloud-init that impacts access for local users.. cloud-init Vulnerability, Mageia Security Advisory, Critical Updates, User Access Issues. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 29, 2021 Critical Mageia
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryupdatecritical

Fedora: 2019-2b8ef08c95 Critical: Kubernetes Bearer Token Exposure

Update to v1.15.2 + carry upstream #81330. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-2b8ef08c95 2019-08-26 00:51:36.378012 --------------------------------------------------------------------------------Name : kubernetes Product : Fedora 30 Version : 1.15.2 Release : 1.fc30 URL : https://kubernetes.io/docs/home/ Summary : Container cluster management Description : Container cluster management --------------------------------------------------------------------------------Update Information: Update to v1.15.2 + carry upstream #81330 --------------------------------------------------------------------------------ChangeLog: * Thu Aug 15 2019 Jan Chaloupka - 1.15.2-1 - Update to v1.15.2 (CVE-2019-11250 kubernetes: Bearer tokens written to logs at high verbosity levels (> = 7)) resolves: #1740435 * Thu Jul 25 2019 Fedora Release Engineering - 1.13.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Thu Apr 11 2019 Jan Chaloupka - 1.13.5-1 - Update to v1.13.5 (CVE-2019-1002101 - Mishandling of symlinks allows for arbitrary file write via `kubectl cp`) resolves: #1693884 --------------------------------------------------------------------------------References: [ 1 ] Bug #1740435 - CVE-2019-11250 kubernetes: Bearer tokens written to logs at high verbosity levels (> = 7) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1740435 [ 2 ] Bug #1738369 - CVE-2019-11248 kubernetes: /debug/pprof endpoint exposed on kubelet's healthz port [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1738369 [ 3 ] Bug #1737652 - CVE-2019-11249 kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1737652 [ 4 ] Bug #1737646 - CVE-2019-11247 kubernetes: API server allows access to cluster-scoped customresources as if resources were namespaced [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1737646 [ 5 ] Bug #1722684 - CVE-2019-11246 kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary file write via `kubectl cp` [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1722684 [ 6 ] Bug #1722682 - CVE-2019-11246 kubernetes:1.10/kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary file write via `kubectl cp` [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1722682 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-2b8ef08c95' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Fedora 30 now features an upgraded Kubernetes version, v1.15.2, addressing vulnerabilities related to log leaks and reinforcement of security protocols. Discover the latest enhancements!. Kubernetes Update,Fedora 30 Advisory,Security Fixes,Log Exposure,Container Management. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 25, 2019 Critical Fedora
Banner 4 1028x280 1708121825 1771600306
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorymoderateinformation disclosure

Mageia 6: MGASA-2018-0433 Moderate: Mediawiki Account Bypass

Updated mediawiki packages fix security vulnerabilities: '$wgRateLimits' entry for 'user' overrides 'newbie' (CVE-2018-0503). When a log event is (partially) hidden Special:Redirect/logid can link . MGASA-2018-0433 - Updated mediawiki packages fix security vulnerabilities Publication date: 03 Nov 2018 URL: https://advisories.mageia.org/MGASA-2018-0433.html Type: security Affected Mageia releases: 6 CVE: CVE-2018-0503, CVE-2018-0504, CVE-2018-0505 Updated mediawiki packages fix security vulnerabilities: '$wgRateLimits' entry for 'user' overrides 'newbie' (CVE-2018-0503). When a log event is (partially) hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information (CVE-2018-0504). BotPasswords can bypass CentralAuth's account lock (CVE-2018-0505). References: - https://bugs.mageia.org/show_bug.cgi?id=23662 - https://lists.wikimedia.org/hyperkitty/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/LEXZ2QALRATNRZBLFXYWCIJH4G5S2L3T/ - https://www.cve.org/CVERecord?id=CVE-2018-0503 - https://www.cve.org/CVERecord?id=CVE-2018-0504 - https://www.cve.org/CVERecord?id=CVE-2018-0505 SRPMS: - 6/core/mediawiki-1.27.5-1.mga6 . Updated Mediawiki packages address various security vulnerabilities in Mageia, impacting account and logging data.. mediawiki security,Mageia advisory,information disclosure,account bypass. . LinuxSecurity.com Team

Calendar 2 Nov 03, 2018 Mageia
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updatered hat

Advisory RHSA-2014:1939-01 for Red Hat Enterprise Linux OpenStack 5.0

Updated openstack-trove packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: openstack-trove security update Advisory ID: RHSA-2014:1939-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2014:1939.html Issue date: 2014-12-02 CVE Names: CVE-2014-7230 CVE-2014-7231 ==================================================================== 1. Summary: Updated openstack-trove packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: OpenStack Database (trove) is Database as a Service for Openstack. It runs entirely on OpenStack, with the goal of allowing users to quickly and easily utilize the features of a database without the burden of handling complex administrative tasks. Cloud users and database administrators can provision and manage multiple database instances as needed. It was found that the processutils.execute() and strutils.mask_password() functions did not correctly sanitize the authentication details from their output before storing them in log files. This could allow an attacker with read access to these log files to obtain sensitive information such as passwords. (CVE-2014-7230, CVE-2014-7231) The openstack-trove packages have been upgraded to upstream version 2014.1.3, which provides a number of bug fixes and enhancementsover the previous version. (BZ#1149745) All openstack-trove users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1147722 - CVE-2014-7230 CVE-2014-7231 OpenStack Cinder, Nova, Trove: potential leak of passwords into log files 1149745 - Rebase openstack-trove to 2014.1.3 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-trove-2014.1.3-1.el7ost.src.rpm noarch: openstack-trove-2014.1.3-1.el7ost.noarch.rpm openstack-trove-api-2014.1.3-1.el7ost.noarch.rpm openstack-trove-common-2014.1.3-1.el7ost.noarch.rpm openstack-trove-conductor-2014.1.3-1.el7ost.noarch.rpm openstack-trove-guestagent-2014.1.3-1.el7ost.noarch.rpm openstack-trove-taskmanager-2014.1.3-1.el7ost.noarch.rpm python-trove-2014.1.3-1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2014-7230 https://access.redhat.com/security/cve/CVE-2014-7231 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2014 Red Hat, Inc. . Red Hat issued a minor severity notification concerning openstack-trove that resolves a pair of security vulnerabilities. An update is advised.. Openstack Security, Red Hat Advisory, Log File Protection, Database Service, Trove Update. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Dec 02, 2014 Low Red Hat
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here