Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H800
openSUSE

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Calendar White Jun 08, 2026
moderate
Ubuntu Large Esm H900
Ubuntu

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

Calendar White Jun 08, 2026
Critical
Opensuse Large Esm H800
openSUSE

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Calendar White Jun 08, 2026
Critical
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorymoderatepython

Mageia 9: 2024-0317 moderate: Python memory race, email header injection

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a . MGASA-2024-0317 - Updated python3 packages fix security vulnerabilities Publication date: 27 Sep 2024 URL: https://advisories.mageia.org/MGASA-2024-0317.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-0397, CVE-2024-4032, CVE-2024-6923, CVE-2024-8088, CVE-2024-6232, CVE-2024-7592, CVE-2015-2104, CVE-2023-27043 A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. (CVE-2024-0397) The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. (CVE-2024-4032) The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. (CVE-2024-6923) When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defectapplies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected. (CVE-2024-8088) Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. (CVE-2024-6232) When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. (CVE-2024-7592) Urlparse insufficient validation leads to open redirect. (CVE-2015-2104) The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. (CVE-2023-27043) References: - https://bugs.mageia.org/show_bug.cgi?id=33436 - https://www.openwall.com/lists/oss-security/2024/06/17/2 - https://www.openwall.com/lists/oss-security/2024/06/17/3 - - https://www.openwall.com/lists/oss-security/2024/08/01/3 - https://www.openwall.com/lists/oss-security/2024/08/22/1 - https://www.openwall.com/lists/oss-security/2024/09/03/5 - https://www.openwall.com/lists/oss-security/2024/09/07/3 - https://www.cve.org/CVERecord?id=CVE-2024-0397 - https://www.cve.org/CVERecord?id=CVE-2024-4032 - https://www.cve.org/CVERecord?id=CVE-2024-6923 - https://www.cve.org/CVERecord?id=CVE-2024-8088 - https://www.cve.org/CVERecord?id=CVE-2024-6232 - https://www.cve.org/CVERecord?id=CVE-2024-7592 - https://www.cve.org/CVERecord?id=CVE-2015-2104 - https://www.cve.org/CVERecord?id=CVE-2023-27043 SRPMS: - 9/core/python3-3.10.11-1.3.mga9 . Recentenhancements to python3 libraries address concerns related to memory concurrency and secure SSL context protocols for Mageia 9. Release date: 27 September 2024.. Python Security, Mageia Advisory, TLS Handshake Issues, Memory Race Condition, Email Serialization. . LinuxSecurity.com Team

Calendar 2 Sep 27, 2024 Mageia
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoraupdate information

Fedora 39: 2024-7008b2fedf Moderate: Python3 Memory Race Condition

Add patch for CVE-2024-8088. Update to python-3.11.9. Backport fix for CVE-2024-6923.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-7008b2fedf 2024-09-06 03:52:10.864348 -------------------------------------------------------------------------------- Name : mingw-python3 Product : Fedora 39 Version : 3.11.9 Release : 2.fc39 URL : https://www.python.org/ Summary : MinGW Windows python3 Description : MinGW Windows python3 -------------------------------------------------------------------------------- Update Information: Add patch for CVE-2024-8088. Update to python-3.11.9. Backport fix for CVE-2024-6923. -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 28 2024 Sandro Mani - 3.11.9-2 - Backport patch for CVE-2024-8088 * Mon Aug 26 2024 Sandro Mani - 3.11.9-1 - Update to 3.11.9 * Thu Jul 18 2024 Fedora Release Engineering - 3.11.8-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2301903 - CVE-2024-0397 mingw-python3: Memory race condition in ssl.SSLContext certificate store methods [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2301903 [ 2 ] Bug #2303155 - CVE-2024-6923 mingw-python3: email module doesn't properly quotes newlines in email headers, allowing header injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2303155 [ 3 ] Bug #2307457 - CVE-2024-8088 mingw-python3: From NVD collector [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2307457 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-7008b2fedf' at the command line. For more information, refer to the dnf documentationavailable at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . The recent upgrade of mingw-python3 within Fedora 39 brings essential patches and backports addressing known problems. Discover further details.. mingw-python3, Fedora updates, security patches, threat fixes, CVE issues. . LinuxSecurity.com Team

Calendar 2 Sep 06, 2024 Fedora
Banner 4 1028x280 1708121825 1771600306
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisoryupdateUbuntu

Ubuntu 22.04 LTS: USN-6928-1 Critical Python Security Issues

Several security issues were fixed in Python.. ========================================================================== Ubuntu Security Notice USN-6928-1 July 30, 2024 python3.10, python3.8 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Python. Software Description: - python3.10: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language Details: It was discovered that the Python ssl module contained a memory race condition when handling the APIs to obtain the CA certificates and certificate store statistics. This could possibly result in applications obtaining wrong results, leading to various SSL issues. (CVE-2024-0397) It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered "private" or "globally reachable". This could possibly result in applications applying incorrect security policies. (CVE-2024-4032) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS python3.10 3.10.12-1~22.04.5 python3.10-minimal 3.10.12-1~22.04.5 Ubuntu 20.04 LTS python3.8 3.8.10-0ubuntu1~20.04.11 python3.8-minimal 3.8.10-0ubuntu1~20.04.11 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6928-1 CVE-2024-0397, CVE-2024-4032 Package Information: https://launchpad.net/ubuntu/+source/python3.10/3.10.12-1~22.04.5 https://launchpad.net/ubuntu/+source/python3.8/3.8.10-0ubuntu1~20.04.11 . Update patches for Python in Ubuntu versions 20.04 and 22.04 resolve serious vulnerabilities related to SSL protocolsand IP address management.. Ubuntu Security, Python Update, Python Security Advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 30, 2024 Critical Ubuntu
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderatesecurity update

SUSE: 2024:2274-1 Moderate: Python39 Memory Race Condition and DoS

* bsc#1226447 * bsc#1226448 Cross-References: * CVE-2024-0397 . # Security update for python39 Announcement ID: SUSE-SU-2024:2274-1 Rating: moderate References: * bsc#1226447 * bsc#1226448 Cross-References: * CVE-2024-0397 * CVE-2024-4032 CVSS scores: * CVE-2024-0397 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2024-4032 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for python39 fixes the following issues: * CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) * CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-2274=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-2274=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-2274=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-2274=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * python36-devel-3.6.15-58.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libpython3_6m1_0-debuginfo-3.6.15-58.1 * python36-debuginfo-3.6.15-58.1 * libpython3_6m1_0-3.6.15-58.1 *python36-debugsource-3.6.15-58.1 * python36-3.6.15-58.1 * python36-base-3.6.15-58.1 * python36-base-debuginfo-3.6.15-58.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libpython3_6m1_0-debuginfo-32bit-3.6.15-58.1 * libpython3_6m1_0-32bit-3.6.15-58.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libpython3_6m1_0-debuginfo-3.6.15-58.1 * python36-debuginfo-3.6.15-58.1 * libpython3_6m1_0-3.6.15-58.1 * python36-debugsource-3.6.15-58.1 * python36-3.6.15-58.1 * python36-base-3.6.15-58.1 * python36-base-debuginfo-3.6.15-58.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libpython3_6m1_0-debuginfo-32bit-3.6.15-58.1 * libpython3_6m1_0-32bit-3.6.15-58.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libpython3_6m1_0-debuginfo-3.6.15-58.1 * python36-debuginfo-3.6.15-58.1 * libpython3_6m1_0-3.6.15-58.1 * python36-debugsource-3.6.15-58.1 * python36-3.6.15-58.1 * python36-base-3.6.15-58.1 * python36-base-debuginfo-3.6.15-58.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libpython3_6m1_0-debuginfo-32bit-3.6.15-58.1 * libpython3_6m1_0-32bit-3.6.15-58.1 ## References: * https://www.suse.com/security/cve/CVE-2024-0397.html * https://www.suse.com/security/cve/CVE-2024-4032.html * https://bugzilla.suse.com/show_bug.cgi?id=1226447 * https://bugzilla.suse.com/show_bug.cgi?id=1226448 . Python 3.9 has released a security patch addressing two critical vulnerabilities. Keep your systems protected and check for the latest updates!. Python Security Updates,SUSE Advisory 2024,Security Fixes,SUSE Linux Enterprise. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 02, 2024 Important SuSE
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here