Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 12 articles for you...
203
security advisoryaccess controlfixMageia 9: python-flask-cors High Access Control Issues MGASA-2025-0286
MGASA-2025-0286 - Updated python-flask-cors packages fix security vulnerabilities. MGASA-2025-0286 - Updated python-flask-cors packages fix security vulnerabilities Publication date: 13 Nov 2025 URL: https://advisories.mageia.org/MGASA-2025-0286.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-1681, CVE-2024-6221, CVE-2024-6839, CVE-2024-6844, CVE-2024-6866 Description: Log Injection Vulnerability in corydolphin/flask-cors. (CVE-2024-1681) Improper Access Control in corydolphin/flask-cors. (CVE-2024-6221) Improper Regex Path Matching in corydolphin/flask-cors. (CVE-2024-6839) Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors. (CVE-2024-6844) Case-Insensitive Path Matching in corydolphin/flask-cors. (CVE-2024-6866) References: - https://bugs.mageia.org/show_bug.cgi?id=34424 - https://ubuntu.com/security/notices/USN-7612-1 - https://www.cve.org/CVERecord?id=CVE-2024-1681 - https://www.cve.org/CVERecord?id=CVE-2024-6221 - https://www.cve.org/CVERecord?id=CVE-2024-6839 - https://www.cve.org/CVERecord?id=CVE-2024-6844 - https://www.cve.org/CVERecord?id=CVE-2024-6866 SRPMS: - 9/core/python-flask-cors-3.0.10-1.1.mga9 . Updated python-flask-cors packages for Mageia address multiple security issues, enhancing system protection.. Mageia Python Flask CORS Security Update. . Severity: Important. LinuxSecurity.com Team
Nov 13, 2025
•Important
Mageia
89
security advisoryfedoraDoSFedora 41: Critical Log Injection and DoS Risks in rubygem-rack 2.2.21
Update to Rack 2.2.21. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-a35addbf9b 2025-11-13 01:22:15.119640+00:00 -------------------------------------------------------------------------------- Name : rubygem-rack Product : Fedora 41 Version : 2.2.21 Release : 1.fc41 URL : https://rack.github.io/ Summary : A modular Ruby webserver interface Description : Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call. -------------------------------------------------------------------------------- Update Information: Update to Rack 2.2.21 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 4 2025 Vt Ondruch - 1:2.2.21-1 - Update to Rack 2.2.21 - CVE-2025-25184: Possible Log Injection in Rack::CommonLogger Resolves: rhbz#2345712 - CVE-2025-27111: Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection Resolves: rhbz#2349978 - CVE-2025-27610: Local File Inclusion in Rack::Static Resolves: rhbz#2351278 - CVE-2025-46727: Unbounded-Parameter DoS in Rack::QueryParser Resolves: rhbz#2364999 - CVE-2025-32441: Rack Session Reuse Vulnerability Resolves: rhbz#2365052 - CVE-2025-59830: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters Resolves: rhbz#2402987 - CVE-2025-61919: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion Resolves: rhbz#2403524 - CVE-2025-61780: Improper handling of headers in `Rack::Sendfile` may allow proxy bypass Resolves: rhbz#2403529 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2164714 - CVE-2022-44571rubygem-rack: denial of service in Content-Disposition parsing https://bugzilla.redhat.com/show_bug.cgi?id=2164714 [ 2 ] Bug #2164719 - CVE-2022-44570 rubygem-rack: denial of service in Content-Disposition parsing https://bugzilla.redhat.com/show_bug.cgi?id=2164719 [ 3 ] Bug #2164722 - CVE-2022-44572 rubygem-rack: denial of service in Content-Disposition parsing https://bugzilla.redhat.com/show_bug.cgi?id=2164722 [ 4 ] Bug #2176477 - CVE-2023-27530 rubygem-rack: Denial of service in Multipart MIME parsing https://bugzilla.redhat.com/show_bug.cgi?id=2176477 [ 5 ] Bug #2179649 - CVE-2023-27539 rubygem-rack: denial of service in header parsing https://bugzilla.redhat.com/show_bug.cgi?id=2179649 [ 6 ] Bug #2265593 - CVE-2024-25126 rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing https://bugzilla.redhat.com/show_bug.cgi?id=2265593 [ 7 ] Bug #2265594 - CVE-2024-26141 rubygem-rack: Possible DoS Vulnerability with Range Header in Rack https://bugzilla.redhat.com/show_bug.cgi?id=2265594 [ 8 ] Bug #2265595 - CVE-2024-26146 rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing https://bugzilla.redhat.com/show_bug.cgi?id=2265595 [ 9 ] Bug #2345301 - CVE-2025-25184 rubygem-rack: Possible Log Injection in Rack::CommonLogger https://bugzilla.redhat.com/show_bug.cgi?id=2345301 [ 10 ] Bug #2349810 - CVE-2025-27111 rack: rubygem-rack: Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection https://bugzilla.redhat.com/show_bug.cgi?id=2349810 [ 11 ] Bug #2351231 - CVE-2025-27610 rack: rubygem-rack: Local File Inclusion in Rack::Static https://bugzilla.redhat.com/show_bug.cgi?id=2351231 [ 12 ] Bug #2364965 - CVE-2025-32441 rack: Rack Session Reuse Vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=2364965 [ 13 ] Bug #2364966 - CVE-2025-46727 rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser https://bugzilla.redhat.com/show_bug.cgi?id=2364966 [ 14 ] Bug #2398167 - CVE-2025-59830 rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters https://bugzilla.redhat.com/show_bug.cgi?id=2398167 [ 15 ] Bug #2402174 - CVE-2025-61770 rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) https://bugzilla.redhat.com/show_bug.cgi?id=2402174 [ 16 ] Bug #2402175 - CVE-2025-61771 rack: Rack's multipart parser buffers large non\u2011file fields entirely in memory, enabling DoS (memory exhaustion) https://bugzilla.redhat.com/show_bug.cgi?id=2402175 [ 17 ] Bug #2402200 - CVE-2025-61772 rack: Rack memory exhaustion denial of service https://bugzilla.redhat.com/show_bug.cgi?id=2402200 [ 18 ] Bug #2403126 - CVE-2025-61780 rubygem-rack: Improper handling of headers in `Rack::Sendfile` may allow proxy bypass https://bugzilla.redhat.com/show_bug.cgi?id=2403126 [ 19 ] Bug #2403180 - CVE-2025-61919 rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion https://bugzilla.redhat.com/show_bug.cgi?id=2403180 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-a35addbf9b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update to rubygem-rack 2.2.21 addresses critical security issues including Log Injections and DoS.. Rack Security Update, Fedora 41 Vulnerabilities, Rack Log Injection. . Severity: Important. LinuxSecurity.com Team
Nov 13, 2025
•Important
Fedora
202
security advisorymoderatesoftware updateopenSUSE: python-Django Moderate Log Injection Advisory 2025:0198-1
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0198-1 Rating: moderate References: #1244095 Cross-References: CVE-2025-48432 CVSS scores: CVE-2025-48432 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Django fixes the following issues: - CVE-2025-48432: Fixed potential log injection via unescaped request path (boo#1244095). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2025-198=1 Package List: - openSUSE Backports SLE-15-SP6 (noarch): python3-Django-2.2.28-bp156.12.1 References: https://www.suse.com/security/cve/CVE-2025-48432.html https://bugzilla.suse.com/1244095 . This security notification outlines a significant log injection vulnerability in python-Django specifically for openSUSE users.. openSUSE Security, python-Django Update, moderate Advisory, Log Injection Fix. . LinuxSecurity.com Team
Jul 27, 2025
OpenSUSE
203
security advisorycriticalpython-djangoMageia 9: 2025-0193 critical: python-django log injection issue
Potential log injection via unescaped request path. (CVE-2025-48432) References: - https://bugs.mageia.org/show_bug.cgi?id=34348 - https://www.openwall.com/lists/oss-security/2025/06/04/5 . MGASA-2025-0193 - Updated python-django packages fix security vulnerability Publication date: 25 Jun 2025 URL: https://advisories.mageia.org/MGASA-2025-0193.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-48432 Potential log injection via unescaped request path. (CVE-2025-48432) References: - https://bugs.mageia.org/show_bug.cgi?id=34348 - https://www.openwall.com/lists/oss-security/2025/06/04/5 - https://www.openwall.com/lists/oss-security/2025/06/10/2 - https://ubuntu.com/security/notices/USN-7555-1 - https://lists.fedoraproject.org/archives/list/
Jun 25, 2025
•Critical
Mageia
89
security advisorydenial of servicefedoraFedora 42 FEDORA-2025-ad58eb378b critical: python-django5 DoS risks
Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags() Fixes CVE-2025-48432: Potential log injection via unescaped request path. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-ad58eb378b 2025-06-19 01:56:35.684098+00:00 -------------------------------------------------------------------------------- Name : python-django5 Product : Fedora 42 Version : 5.2.2 Release : 1.fc42 URL : https://www.djangoproject.com/ Summary : A high-level Python Web framework Description : Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. -------------------------------------------------------------------------------- Update Information: Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags() Fixes CVE-2025-48432: Potential log injection via unescaped request path -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 9 2025 Michel Lind - 5.2.2-1 - Update to 5.2.2 - Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags() - Fixes CVE-2025-48432: Potential log injection via unescaped request path -------------------------------------------------------------------------------- References: [ 1 ] Bug #2365047 - CVE-2025-32873 python-django5: Django StripTags Denial of Service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2365047 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-ad58eb378b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the FedoraProject GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 19, 2025
•Critical
Fedora
89
security advisoryfedoradenial serviceFedora 41: FEDORA-2025-2dff80a8a3 critical: python-django5 denial service
Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags() Fixes CVE-2025-48432: Potential log injection via unescaped request path. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-2dff80a8a3 2025-06-19 01:20:13.177257+00:00 -------------------------------------------------------------------------------- Name : python-django5 Product : Fedora 41 Version : 5.1.10 Release : 1.fc41 URL : https://www.djangoproject.com/ Summary : A high-level Python Web framework Description : Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. -------------------------------------------------------------------------------- Update Information: Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags() Fixes CVE-2025-48432: Potential log injection via unescaped request path -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 9 2025 Michel Lind - 5.1.10-1 - Update to 5.1.10 - Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags() - Fixes CVE-2025-48432: Potential log injection via unescaped request path * Fri Apr 4 2025 Michel Lind - 5.1.8-1 - Update to 5.1.8 - On Windows, this fixes CVE-2025-27556. Mentioning for compleness - Fixes a regression in Django 5.1.7 affecting LogEntryManager.log_actions() - #36234 - Remove legacy symlinks * Wed Mar 19 2025 Tomáš HrnÄiar - 5.1.7-2 - Adjust patch to allow setuptools
Jun 19, 2025
•Critical
Fedora
89
security advisoryfedoracriticalFedora 42: FEDORA-2025-6de2ab1d25 Critical python-django DoS Threats
Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags() Fixes CVE-2025-48432: Potential log injection via unescaped request path. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-6de2ab1d25 2025-06-18 14:42:09.231422+00:00 -------------------------------------------------------------------------------- Name : python-django4.2 Product : Fedora 42 Version : 4.2.22 Release : 1.fc42 URL : https://www.djangoproject.com/ Summary : A high-level Python Web framework Description : Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. -------------------------------------------------------------------------------- Update Information: Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags() Fixes CVE-2025-48432: Potential log injection via unescaped request path -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 8 2025 Michel Lind - 4.2.22-1 - Update to version 4.2.22 - Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags() - Fixes CVE-2025-48432: Potential log injection via unescaped request path - Revert setuptools bump; we don't need it and don't have the needed version - Rebase Python 3.13 patch -------------------------------------------------------------------------------- References: [ 1 ] Bug #2365046 - CVE-2025-32873 python-django4.2: Django StripTags Denial of Service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2365046 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6de2ab1d25' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 18, 2025
•Critical
Fedora
172
security advisoryimportantubuntuUbuntu 20.04 LTS USN-7555-3: Django Log Injection Risk Identified
Django could be made to log injection if received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-7555-3 June 17, 2025 python-django vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Django could be made to log injection if received specially crafted input. Software Description: - python-django: High-level Python web development framework Details: USN-7555-1 fixed a vulnerability in Django. This update provides an additional fix for Ubuntu 20.04 LTS. Original advisory details: It was discovered that Django incorrectly handled certain unescaped request paths. An attacker could possibly use this issue to perform a log injection. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS python3-django 2:2.2.12-1ubuntu0.29+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7555-3 https://ubuntu.com/security/notices/USN-7555-2 https://ubuntu.com/security/notices/USN-7555-1 https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/2113924 . Ubuntu Security Notice USN-7555-4 tackles the python-django flaw, mitigating log injection risks in Ubuntu 22.04.. django security, log injection, ubuntu update, python framework, release notes. . Severity: Important. LinuxSecurity.com Team
Jun 17, 2025
•Important
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!