Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":547,"type":"x","order":1,"pct":78.48,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.88,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.34,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -7 articles for you...
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryimportantred hat enterprise linux

Red Hat Enterprise Linux 8.2 RHSA-2022:0291-01 Important: Parfait Log4j RCE

An update for the parfait:0.5 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: parfait:0.5 security update Advisory ID: RHSA-2022:0291-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0291 Issue date: 2022-01-26 CVE Names: CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 ==================================================================== 1. Summary: An update for the parfait:0.5 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - noarch 3. Description: Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot (PCP) using the Memory Mapped Value (MMV) machinery for extremely lightweight instrumentation. Security Fix(es): * log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305) * log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307) * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104) * log4j: Remote code execution in Log4j 1.x when applicationis configured to use JMSSink (CVE-2022-23302) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.2): Source: parfait-0.5.4-4.module+el8.2.0+13999+fa2fb353.src.rpm si-units-0.6.5-2.module+el8+2463+615f6896.src.rpm unit-api-1.0-5.module+el8+2463+615f6896.src.rpm uom-lib-1.0.1-6.module+el8+2463+615f6896.src.rpm uom-parent-1.0.3-3.module+el8+2463+615f6896.src.rpm uom-se-1.0.4-3.module+el8+2463+615f6896.src.rpm uom-systems-0.7-1.module+el8+2463+615f6896.src.rpm noarch: parfait-0.5.4-4.module+el8.2.0+13999+fa2fb353.noarch.rpm parfait-examples-0.5.4-4.module+el8.2.0+13999+fa2fb353.noarch.rpm parfait-javadoc-0.5.4-4.module+el8.2.0+13999+fa2fb353.noarch.rpm pcp-parfait-agent-0.5.4-4.module+el8.2.0+13999+fa2fb353.noarch.rpm si-units-0.6.5-2.module+el8+2463+615f6896.noarch.rpm si-units-javadoc-0.6.5-2.module+el8+2463+615f6896.noarch.rpm unit-api-1.0-5.module+el8+2463+615f6896.noarch.rpm unit-api-javadoc-1.0-5.module+el8+2463+615f6896.noarch.rpm uom-lib-1.0.1-6.module+el8+2463+615f6896.noarch.rpm uom-lib-javadoc-1.0.1-6.module+el8+2463+615f6896.noarch.rpm uom-parent-1.0.3-3.module+el8+2463+615f6896.noarch.rpm uom-se-1.0.4-3.module+el8+2463+615f6896.noarch.rpm uom-se-javadoc-1.0.4-3.module+el8+2463+615f6896.noarch.rpm uom-systems-0.7-1.module+el8+2463+615f6896.noarch.rpm uom-systems-javadoc-0.7-1.module+el8+2463+615f6896.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-4104 https://access.redhat.com/security/cve/CVE-2022-23302 https://access.redhat.com/security/cve/CVE-2022-23305 https://access.redhat.com/security/cve/CVE-2022-23307 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYfGCstzjgjWX9erEAQiUxw//S5hSjsz3pQC3KoSelkCnB+ypLxHtPi5w xkOYSwGjYdEEvd3aiG481BNAdJnA49YlhzG4oeXF/R6hkOPIrmOnEjImuV1izeTf Xj2mYiVTe0G0I6sjmELj8nLtkEN/ZxQ6BodmVXvP8daup8WkS3nbPMev7yfh+hWV F5RMfngonWLDbg8CM/OHmuRiUz5mx4PbdvEsTYH0xDYMrNY3Qa3In7Dhjrb76cS+ e/EKwUc53Cdvugbm64f5u8Y02qQB4m8eBwPP9wx0DfUfhLSOD/GXRefnY+npjBj5 C/Wfcc8mD5Jg8Vnr/wm3M3jNaANzFN+SQ8w4hVTElPtRzHseQ+y31CumCYLrbsDP 8QPQisamigD5owzGHasy9Dk6abe7qt635ErU9XCBVR7QEYK/HfKSc0VeuUR2TOTd h/yE8WU9TvUPFlavdo0l0PYq8NMkLmR1HhuW9URSoiIwC3q791p3QxLShEbvxH2+ UxIJWOufMX98m2Saaye//9G68iQgjUd8FRaV7Z2La7qVgG9o9/ZtnjuAEaJbW5fi wXSS74Ex8AAMQ1KPpO8U6HzVU91O8Z1WnoxVKvbxIbRDVFRpM2G38O8G5oHzAdZ3 5yqfYgkIM5xCv9Odcoe/e/HxCZYp2q+di9K1mQceTRaOc/WvIG3QC7V61FDAwPbY dbOVG0oan7U=6pMI -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Crucial safety enhancement for Red Hat's parfait:0.5 component, tackling several significant security flaws.. Red Hat Security Advisory, Parfait Module Update, Log4j Security Issues. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jan 26, 2022 Important Red Hat
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoramoderate risk

Fedora 36: FEDORA-2023-739c8d3c87 Moderate: Jython Log4j Issue

Update to newer version of arara with newer log4j. Severity is low because exploiting this locally would be challenging.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-639b9d2b85 2022-01-20 14:51:14.480785 --------------------------------------------------------------------------------Name : texlive-base Product : Fedora 35 Version : 20210325 Release : 44.fc35 URL : https://tug.org/texlive/ Summary : TeX formatting system Description : The TeX Live software distribution offers a complete TeX system for a variety of Unix, Macintosh, Windows and other platforms. It encompasses programs for editing, typesetting, previewing and printing of TeX documents in many different languages, and a large collection of TeX macros and font libraries. The distribution includes extensive general documentation about TeX, as well as the documentation for the included software packages. --------------------------------------------------------------------------------Update Information: Update to newer version of arara with newer log4j. Severity is low because exploiting this locally would be challenging. --------------------------------------------------------------------------------ChangeLog: * Tue Jan 11 2022 Tom Callaway - 9:20210325-44 - update arara to address log4j CVEs * Wed Dec 15 2021 Tom Callaway - 9:20210325-43 - rework the font map trigger logic * Mon Aug 16 2021 Stephen Gallagher - 9:20210325-41 - Rebuild for libpoppler soname bump --------------------------------------------------------------------------------References: [ 1 ] Bug #2039492 - arara embeds a vulnerable version of log4j https://bugzilla.redhat.com/show_bug.cgi?id=2039492 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-639b9d2b85' at the command line. For moreinformation, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Ubuntu Security Update for texlive-base focuses on patching arara's log4j security flaws. Local exploitation remains a complex task.. texlive-base, arara, log4j, fedora security, patch update. . LinuxSecurity.com Team

Calendar 2 Jan 20, 2022 Fedora
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":547,"type":"x","order":1,"pct":78.48,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.88,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.34,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here