Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisoryhigh severitygentoo

Gentoo: GLSA 202311-01 Critical: Maildrop Remote Code Execution

Insecure permission handling in maildrop might allow local attackers to elevate their privileges.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201009-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Maildrop: privilege escalation Date: September 06, 2010 Bugs: #308043 ID: 201009-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Insecure permission handling in maildrop might allow local attackers to elevate their privileges. Background ========= maildrop is the mail filter/mail delivery agent that is used by the Courier Mail Server. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-filter/maildrop < 2.4.2 > = 2.4.2 Description ========== Christoph Anton Mitterer reported that maildrop does not properly drop its privileges when run as root. Impact ===== A local attacker could create a specially crafted .mailfilter file, possibly leading to the execution of arbitrary commands with the "root" group privileges. NOTE: Successful exploitation requires that maildrop is run as root with the -d option. Workaround ========= There is no known workaround at this time. Resolution ========= All maildrop users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =mail-filter/maildrop-2.4.2" References ========= [ 1 ] CVE-2010-0301 https://www.cve.org/CVERecord?id=CVE-2010-0301 Availability =========== This GLSA and any updates to it are available for viewing at the GentooSecurity Website: https://security.gentoo.org/glsa/201009-02 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . The Debian security advisory DSA 2021-05 details a critical vulnerability in Dovecot, which permits unauthorized access to sensitive user data.. Maildrop Privilege Escalation,Gentoo Security Advisory,Local Attack. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Sep 06, 2010 Important Gentoo
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticalprivilege escalation

Debian: DSA-1981-2 Critical: Maildrop Privilege Escalation Issue

The latest DSA for maildrop introduced two regressions. The maildrop program stopped working when invoked as a non-root user, such as with postfix. Also, the lenny version dropped a dependency on the courier-authlib package. . - ------------------------------------------------------------------------ Debian Security Advisory DSA-1981-2 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Steffen Joeris January 28, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : maildrop Vulnerability : privilege escalation Problem type : local Debian-specific: no CVE Id : CVE-2010-0301 Debian Bug : 564601 The latest DSA for maildrop introduced two regressions. The maildrop program stopped working when invoked as a non-root user, such as with postfix. Also, the lenny version dropped a dependency on the courier-authlib package. For the stable distribution (lenny), this problem has been fixed in version 2.0.4-3+lenny3. For the oldstable distribution (etch), this problem has been fixed in version 2.0.2-11+etch2. For the testing distribution (squeeze) this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 2.2.0-3.1. For reference, the original advisory text is below. Christoph Anton Mitterer discovered that maildrop, a mail delivery agent with filtering abilities, is prone to a privilege escalation issue that grants a user root group privileges. We recommend that you upgrade your maildrop packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources fromthe footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 736 280d7371f21cd78c4977d65967f4695c Size/MD5 checksum: 13965 269c15cb493be7357dc5d8a8acbad25d Size/MD5 checksum: 3217622 d799e44aa65027a02343e5e08b97f3a0 alpha architecture (DEC Alpha) Size/MD5 checksum: 398482 c4dcbec55c55dff97a738617b367f517 amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 363478 94687bb12867af71bcf9680f089e422f arm architecture (ARM) Size/MD5 checksum: 350004 513a26c626071a4d58abbbc22a7f9f4b hppa architecture (HP PA RISC) Size/MD5 checksum: 388388 ce6100257045fe40df77af384d5d2b51 i386 architecture (Intel ia32) Size/MD5 checksum: 355890 07f603a68d05bf05f9fad916f9de51e0 ia64 architecture (Intel ia64) Size/MD5 checksum: 470078 78f1972ef14698a20d5c181b90dd31e7 mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 376390 678ed61359f44e3bb9161d03e4b6675f powerpc architecture (PowerPC) Size/MD5 checksum: 358184 c76433b354ed838938340a06a7f93cd2 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 3566630 78e6c27afe7eff9e132b8bc20087aae7 Size/MD5 checksum: 807850 15846a840e3bad8301778630d7e7bf24 Size/MD5 checksum: 1137 826da92ceb403b0e0778c3609c109a1e alpha architecture (DEC Alpha) Size/MD5 checksum: 402062 21c37f944be6d5b02544acb17c521681 amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 371772 18b875356d68e326c51decf8061eff99 hppa architecture (HP PA RISC) Size/MD5 checksum: 389098c59222e68d068e2d68db475854b8f52d i386 architecture (Intel ia32) Size/MD5 checksum: 359508 340a509db515cd0d4e9af017871d0f80 ia64 architecture (Intel ia64) Size/MD5 checksum: 466646 826d66a3b3bc85492bf45f9552db15ca mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 375330 c0c80404e33608fdc46d007d7ad97c08 mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 376072 ece64fb17424086e64dd5cb84604f80b powerpc architecture (PowerPC) Size/MD5 checksum: 379196 3cd9eb52eb8a14feebd37be8578f467f These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . The recent updates to Debian's maildrop packages tackle significant issues related to operation and access control.. maildrop regression fix, Debian DSA 1981-2, privilege escalation, package update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 28, 2010 Critical Debian
Banner 3 1028x280 1708121785 1771599793
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianprivilege escalation

Debian: DSA-1981-1 Moderate: Maildrop Privilege Escalation Issue

Christoph Anton Mitterer discovered that maildrop, a mail delivery agent with filtering abilities, is prone to a privilege escalation issue that grants a user root group privileges. . - ------------------------------------------------------------------------ Debian Security Advisory DSA-1981-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Steffen Joeris January 28, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : maildrop Vulnerability : privilege escalation Problem type : local Debian-specific: no CVE Id : No CVE id yet Debian Bug : 564601 Christoph Anton Mitterer discovered that maildrop, a mail delivery agent with filtering abilities, is prone to a privilege escalation issue that grants a user root group privileges. For the stable distribution (lenny), this problem has been fixed in version 2.0.4-3+lenny1. For the oldstable distribution (etch), this problem has been fixed in version 2.0.2-11+etch1. For the testing distribution (squeeze) and the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your maildrop packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 736 5d4c1da5e17a5055431958284386d2ae Size/MD5 checksum: 3217622 d799e44aa65027a02343e5e08b97f3a0 Size/MD5 checksum: 13865 bbbbb2f714d5aafbca2255ae600ed4d4 alpha architecture (DEC Alpha) Size/MD5 checksum: 396270 721dac0bfe0adfe12821648b114b529b amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 363334 361b1d09e6029290979f22eef0fdba91 arm architecture (ARM) Size/MD5 checksum: 349906 8fee827790bdc6698f3597e12fe52d6f hppa architecture (HP PA RISC) Size/MD5 checksum: 388340 08b9be87f2c3cc52c620db2adbfcacef i386 architecture (Intel ia32) Size/MD5 checksum: 355822 0a4b406123abee445305109c4915ba23 ia64 architecture (Intel ia64) Size/MD5 checksum: 469936 91586db32dc8713252dd82239ae0eda8 mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 376078 1ab6b5a13b76f428dac12534de3caa01 powerpc architecture (PowerPC) Size/MD5 checksum: 361516 932ec47bae8d8e0415cc34b9ef01da38 s390 architecture (IBM S/390) Size/MD5 checksum: 366974 f39b7f1d816f17060e5b0253426a9438 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 1137 fc8c7f28371afe62703db1c24103f348 Size/MD5 checksum: 3566630 78e6c27afe7eff9e132b8bc20087aae7 Size/MD5 checksum: 807697 85669f0b67c38a7e55e3f22e9431ea65 alpha architecture (DEC Alpha) Size/MD5 checksum: 401854 c19dc4ca2946033b4fdeb85fed6d86e1 amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 371578 1a3079eaa90d5665de73671a7f478d2e arm architecture (ARM) Size/MD5 checksum: 350228 2e2614f28b004dbfbc51ed1ab6a90771 armel architecture (ARM EABI) Size/MD5 checksum: 347804 66b6ff4506f5376c92bfc9c5e5fc6fd6 hppa architecture (HP PA RISC) Size/MD5 checksum: 388948 34f00537866981c9613aa7ac4ef16e5f i386 architecture (Intel ia32) Size/MD5 checksum: 3593261e1b2e94312f7074321d5b11dc3524f5 ia64 architecture (Intel ia64) Size/MD5 checksum: 466472 f2e570b2fcd4835f2fe69449aa95e069 mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 375164 7fd35c034b5008d27cfd2cfedd106e16 mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 375880 f94835ac5be58099a0b9fa7168dd53d8 powerpc architecture (PowerPC) Size/MD5 checksum: 380282 a84766802c113e9635589ed9d921a09d s390 architecture (IBM S/390) Size/MD5 checksum: 375186 ed49ebd7e0c72e3d602e12b2d24d5464 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Debian DSA-1982-1 addresses a Systemd package vulnerability to mitigate potential information disclosure threats to the infrastructure.. Maildrop Privilege Escalation Fix, Debian Security Advisory, Mail Delivery Agent. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jan 28, 2010 Important Debian
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticallocal issue

Debian Sarge: DSA 791-1 Critical Maildrop Local Command Execution

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 791-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze August 30th, 2005 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : maildrop Vulnerability : missing privilege release Problem-Type : local Debian-specific: yes CVE ID : CAN-2005-2655 Debian Bug : 325135 Max Vozeler discoveredt hat the lockmail program from maildrop, a simple mail delivery agent with filtering abilities, does not drop group privileges before executing commands given on the commandline, allowing an attacker to execute arbitrary commands under with group mail privileges. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 1.5.3-1.1sarge1. For the unstable distribution (sid) this problem has been fixed in version 1.5.3-2. We recommend that you upgrade your maildrop package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 596 e76d7a43dde5122dbabd21b994a32f2f Size/MD5 checksum: 22819 3ec43b768cfb2c8b006c5c4a381afc3b Size/MD5 checksum: 1009174 5c7727ddff120a339fb9658d6c553462 Alpha architecture: Size/MD5 checksum: 3633305aa987d64b2d28961fb2b1e65b865ea3 AMD64 architecture: Size/MD5 checksum: 329170 29e4ae76fce86fa5c7b17be3fc06b07f ARM architecture: Size/MD5 checksum: 305936 c99c08496e5aa6f4e48f3cead6cd1041 Intel IA-32 architecture: Size/MD5 checksum: 315316 45a21b635d79fd783a6a4b2ea8eeb0fb Intel IA-64 architecture: Size/MD5 checksum: 405646 c2be65e5af7085deafd4c332d624f9b5 HP Precision architecture: Size/MD5 checksum: 348108 400ddf8ee844b685e683893de2bc7186 Motorola 680x0 architecture: Size/MD5 checksum: 294932 72e7e31ec6408f5a00012141718666d6 Big endian MIPS architecture: Size/MD5 checksum: 348182 f66f3863c068e3f3897ee531f242f4ea Little endian MIPS architecture: Size/MD5 checksum: 348002 6b8b8047154a4aae6ae4a08a26c328a4 PowerPC architecture: Size/MD5 checksum: 326702 0b5a94cede67887ce474ca37cd48da54 IBM S/390 architecture: Size/MD5 checksum: 321620 d7c3b3acc5445e5ca53cf9986a837d81 Sun Sparc architecture: Size/MD5 checksum: 307994 0ca7e53ae93ba472527eedda1d92490f These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The recent update to the maildrop package in Debian fixes privilege escalation problems, mitigating risks associated with potential command injection exploits.. maildrop Security, Debian Updates, Privilege Escalation. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 30, 2005 Critical Debian
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here