Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydebianpackage update

Debian 11 DLA-4056-1: golang-glog Link Risk, Moderate Severity

The following vulnerability has been discovered in the glog package for Go: When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4056-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Andrej Shadura February 17, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : golang-glog Version : 0.0~git20160126.23def4e-3+deb11u1 CVE ID : CVE-2024-45339 The following vulnerability has been discovered in the glog package for Go: When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists. For Debian 11 bullseye, this problem has been fixed in version 0.0~git20160126.23def4e-3+deb11u1. The following Go packages have been rebuilt in order to fix this issue: docker.io 20.10.5+dfsg1-1+deb11u4 golang-grpc-gateway 1.6.4-2+deb11u1 mtail 3.0.0~rc43-3+deb11u1 prometheus-mongodb-exporter 1.0.0+git20180522.e755a44-3+deb11u1 We recommend that you upgrade these packages. For the detailed security status of golang-glog please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/golang-glog Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The latest Debian LTS Advisory DLA-4056-1 addresses important updates for thegolang-glog library, responding to a recently identified security flaw.. Debian LTS,golang-glog,log file,package update,security threat. . LinuxSecurity.com Team

Calendar 2 Feb 17, 2025 Debian LTS
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorymoderateupdate instructions

openSUSE: 2024:0227-1 Moderate: gh Security Fix for Sensitive Logs

An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for gh ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0227-1 Rating: moderate References: #1227035 Cross-References: CVE-2024-6104 CVSS scores: CVE-2024-6104 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2024-6104 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gh fixes the following issues: Update to version 2.53.0: * CVE-2024-6104: gh: hashicorp/go-retryablehttp: url might write sensitive information to log file (boo#1227035) * Disable `TestGetTrustedRoot/successfully_verifies_TUF_root` test due to https://github.com/cli/cli/issues/8928 * Rename package directory and files * Rename package name to `update_branch` * Rename `gh pr update` to `gh pr update-branch` * Add test case for merge conflict error * Handle merge conflict error * Return error if PR is not mergeable * Replace literals with consts for `Mergeable` field values * Add separate type for `PullRequest.Mergeable` field * Remove unused flag * Print message on stdout instead of stderr * Raise error if editor is used in non-tty mode * Add tests for JSON field support on issue and pr view commands * docs: Update documentation for `gh repo create` to clarify owner * Ensure PR does not panic when stateReason is requested * Add `createdAt` field to tests * Add `createdAt` field to `Variable` type * Add test for exporting as JSON * Add test for JSON output * Only populate selected repo information for JSON output * Add test to verify JSON exporter gets set * Add `--json` optionsupport * Use `Variable` type defined in `shared` package * Add tests for JSON output * Move `Variable` type and `PopulateSelectedRepositoryInformation` func to shared * Fix query parameter name * Update tests to account for ref comparison step * Improve query variable names * Check if PR branch is already up-to-date * Add `ComparePullRequestBaseBranchWith` function * Run `go mod tidy` * Add test to verify `--repo` requires non-empty selector * Require non-empty selector when `--repo` override is used * Run `go mod tidy` * Register `update` command * Add tests for `pr update` command * Add `pr update` command * Add `UpdatePullRequestBranch` method * Upgrade `shurcooL/githubv4` Update to version 2.52.0: * Attestation Verification - Buffer Fix * Remove beta note from attestation top level command * Removed beta note from `gh at download`. * Removed beta note from `gh at verify`, clarified reusable workflows use case. * add `-a` flag to `gh run list` Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-227=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64): gh-2.53.0-bp155.2.12.1 - openSUSE Backports SLE-15-SP5 (noarch): gh-bash-completion-2.53.0-bp155.2.12.1 gh-fish-completion-2.53.0-bp155.2.12.1 gh-zsh-completion-2.53.0-bp155.2.12.1 References: https://www.suse.com/security/cve/CVE-2024-6104.html https://bugzilla.suse.com/1227035 . openSUSE has released a Security Update for zk that addresses vulnerabilities by deploying an upgrade aimed at minimizing potential threats.. openSUSE Security Update, gh security update, sensitive information log, security fix update. . LinuxSecurity.com Team

Calendar 2 Jul 27, 2024 OpenSUSE
Banner 4 1028x280 1708121825 1771600306
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraupdate

Fedora 34: 2021-54a73a7112 Critical: Dogtag PKI Admin Credential Exposure

[Bug 1967401](https://bugzilla.redhat.com/show_bug.cgi?id=1967401) - [CVE-2021-3551](https://access.redhat.com/security/cve/CVE-2021-3551) pki-core: pki-server: Dogtag installer "pkispawn" logs admin credentials into a world- readable log file. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-54a73a7112 2021-06-18 01:07:19.135549 --------------------------------------------------------------------------------Name : dogtag-pki Product : Fedora 34 Version : 10.10.6 Release : 1.fc34 URL : https://www.dogtagpki.org Summary : Dogtag PKI Package Description : Dogtag PKI is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. PKI consists of the following components: * Automatic Certificate Management Environment (ACME) Responder * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) --------------------------------------------------------------------------------Update Information: [Bug 1967401](https://bugzilla.redhat.com/show_bug.cgi?id=1967401) -[CVE-2021-3551](https://access.redhat.com/security/cve/CVE-2021-3551) pki-core: pki-server: Dogtag installer "pkispawn" logs admin credentials into a world-readable log file --------------------------------------------------------------------------------ChangeLog: * Wed Jun 9 2021 Dogtag PKI Team - 10.10.6-1 - Rebase to PKI 10.10.6 - CVE-2021-3551 Fix pkispawn logging admin credentials --------------------------------------------------------------------------------References: [ 1 ] Bug #1967401 - CVE-2021-3551 pki-core: pki-server: Dogtag installer "pkispawn" logs admin credentials into a world-readable log file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1967401 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-54a73a7112' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . This Debian notice highlights a security flaw in the Apache HTTP Server that inadvertently reveals sensitive data in publicly accessible log files.. Dogtag PKI, Admin Credential Exposure, Fedora Advisory, Security Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 17, 2021 Critical Fedora
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderatethreat

SUSE: 2018:2038-1 moderate: rsyslog log file permissions

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2038-1 Rating: moderate References: #935393 Cross-References: CVE-2015-3243 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rsyslog fixes the following issues: The following security vulnerability was addressed: CVE-2015-3243: Make sure that log files are not created world-readable (bsc#935393) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1375=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1375=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): rsyslog-8.24.0-3.3.1 rsyslog-debuginfo-8.24.0-3.3.1 rsyslog-debugsource-8.24.0-3.3.1 rsyslog-diag-tools-8.24.0-3.3.1 rsyslog-diag-tools-debuginfo-8.24.0-3.3.1 rsyslog-doc-8.24.0-3.3.1 rsyslog-module-gssapi-8.24.0-3.3.1 rsyslog-module-gssapi-debuginfo-8.24.0-3.3.1 rsyslog-module-gtls-8.24.0-3.3.1 rsyslog-module-gtls-debuginfo-8.24.0-3.3.1 rsyslog-module-mysql-8.24.0-3.3.1 rsyslog-module-mysql-debuginfo-8.24.0-3.3.1 rsyslog-module-pgsql-8.24.0-3.3.1 rsyslog-module-pgsql-debuginfo-8.24.0-3.3.1 rsyslog-module-relp-8.24.0-3.3.1 rsyslog-module-relp-debuginfo-8.24.0-3.3.1 rsyslog-module-snmp-8.24.0-3.3.1 rsyslog-module-snmp-debuginfo-8.24.0-3.3.1 rsyslog-module-udpspoof-8.24.0-3.3.1 rsyslog-module-udpspoof-debuginfo-8.24.0-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): rsyslog-8.24.0-3.3.1 rsyslog-debuginfo-8.24.0-3.3.1 rsyslog-debugsource-8.24.0-3.3.1 - SUSE CaaS Platform ALL (x86_64): rsyslog-8.24.0-3.3.1 rsyslog-debuginfo-8.24.0-3.3.1 rsyslog-debugsource-8.24.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2015-3243.html https://bugzilla.suse.com/935393 . Boost security by applying the latest SUSE patch for rsyslog, focusing on log file permission enhancement. Risk level: moderate. Detailed guidance provided.. rsyslog Security,SUSE Linux,Log File Permissions,Software Updates. . LinuxSecurity.com Team

Calendar 2 Jul 23, 2018 SuSE
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here