Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -7 articles for you...
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydebianpackage update

Debian 11 DLA-4056-1: golang-glog Link Risk, Moderate Severity

The following vulnerability has been discovered in the glog package for Go: When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4056-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Andrej Shadura February 17, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : golang-glog Version : 0.0~git20160126.23def4e-3+deb11u1 CVE ID : CVE-2024-45339 The following vulnerability has been discovered in the glog package for Go: When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists. For Debian 11 bullseye, this problem has been fixed in version 0.0~git20160126.23def4e-3+deb11u1. The following Go packages have been rebuilt in order to fix this issue: docker.io 20.10.5+dfsg1-1+deb11u4 golang-grpc-gateway 1.6.4-2+deb11u1 mtail 3.0.0~rc43-3+deb11u1 prometheus-mongodb-exporter 1.0.0+git20180522.e755a44-3+deb11u1 We recommend that you upgrade these packages. For the detailed security status of golang-glog please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/golang-glog Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The latest Debian LTS Advisory DLA-4056-1 addresses important updates for thegolang-glog library, responding to a recently identified security flaw.. Debian LTS,golang-glog,log file,package update,security threat. . LinuxSecurity.com Team

Calendar 2 Feb 17, 2025 Debian LTS
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedorapassword exposure

Fedora 27: Security Update for Keycloak-Httpd-Client-Install - Log Risk

Security fix for CVE-2017-15111, CVE-2017-15112 Two minor security issues were discovered and were assigned CVE's. CVE-2017-15112 concerns the ability to pass a password on the command line where it could be exposed. That option has been deprecated. See the man page for multiple ways to pass the password. CVE-2017-15111 corrects the default location of a log file when running the low. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-2299cfb708 2018-01-18 21:29:58.585847 --------------------------------------------------------------------------------Name : keycloak-httpd-client-install Product : Fedora 27 Version : 0.8 Release : 1.fc27 URL : https://github.com/jdennis/keycloak-httpd-client-install Summary : Tools to configure Apache HTTPD as Keycloak client Description : Keycloak is a federated Identity Provider (IdP). Apache HTTPD supports a variety of authentication modules which can be configured to utilize a Keycloak IdP to perform authentication. This package contains libraries and tools which can automate and simplify configuring an Apache HTTPD authentication module and registering as a client of a Keycloak IdP. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2017-15111, CVE-2017-15112 Two minor security issues were discovered and were assigned CVE's. CVE-2017-15112 concerns the ability to pass a password on the command line where it could be exposed. That option has been deprecated. See the man page for multiple ways to pass the password. CVE-2017-15111 corrects the default location of a log file when running the low level utilities directly, it had placed the log file in /tmp where a symbolic link could be created pointing to another file. The risk with CVE-2017-15111 is very low as this feature is seldom used, it's mostly fordevelopers. --------------------------------------------------------------------------------References: [ 1 ] Bug #1511626 - CVE-2017-15112 keycloak-httpd-client-install: unsafe use of -p/--admin-password on command line https://bugzilla.redhat.com/show_bug.cgi?id=1511626 [ 2 ] Bug #1511623 - CVE-2017-15111 keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloak_cli.py https://bugzilla.redhat.com/show_bug.cgi?id=1511623 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade keycloak-httpd-client-install' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . A security update for Fedora 27's keycloak-httpd-client-install tackles vulnerabilities related to command line and log file accessibility.. Fedora Security Update, Keycloak Client Tools, Apache Authentication. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jan 18, 2018 Important Fedora
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here