Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian LTS openssl Important Use-After-Free NULL Pointer Issues DLA-4624-1

Calendar White Jun 09, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 alsa-lib Important Denial of Service Fix USN-8044-2

Calendar White Jun 09, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS node-shell-quote Important Denial of Service CVE-2026-9277

Calendar White Jun 09, 2026
Important
Mageia Large Esm H800
Mageia

Mageia 9 Suricata Critical Performance Security Issues MGASA-2026-0181

Calendar White Jun 09, 2026
Critical
Mageia Large Esm H900
Mageia

Mageia 9 PackageKit Important TOCTOU Race Escalation CVE-2026-41651

Calendar White Jun 09, 2026
Important
Mageia Large Esm H900
Mageia

Mageia 9 Unbound Critical Remote Code Execution Advisory 2026-0034

Calendar White Jun 09, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 26.04 LTS Netatalk Multiple Security Issues USN-8395-1

Calendar White Jun 09, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 43 mingw-objfw 1.5.5 Update Security Fix FEDORA-2026-de23fedf3e

Calendar White Jun 08, 2026
Fedora Large Esm H900
Fedora

Fedora 43 objfw Important Update 1.5.5 Bug Fixes June 2026

Calendar White Jun 08, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":549,"type":"x","order":1,"pct":78.54,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.29,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.86,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.3,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -6 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraimportant

Fedora 42: Important Nonce Security Fix for perl-Catalyst-Authentication

This update upgrade the package to version 1.019. This version fixes CVE-2025-40920 by using Crypt::SysRandom to generate nonces instead of Data::UUID.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-d72429a1f8 2025-09-16 01:14:45.503754+00:00 -------------------------------------------------------------------------------- Name : perl-Catalyst-Authentication-Credential-HTTP Product : Fedora 42 Version : 1.019 Release : 1.fc42 URL : https://metacpan.org/release/Catalyst-Authentication-Credential-HTTP Summary : HTTP Basic and Digest authentication for Catalyst Description : This module lets you use HTTP authentication with Catalyst::Plugin::Authentication. Both basic and digest authentication are currently supported. -------------------------------------------------------------------------------- Update Information: This update upgrade the package to version 1.019. This version fixes CVE-2025-40920 by using Crypt::SysRandom to generate nonces instead of Data::UUID. -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 31 2025 Emmanuel Seyman - 1.019-1 - Update to 1.019 - Rework dependencies - Switch build system -------------------------------------------------------------------------------- References: [ 1 ] Bug #2387730 - CVE-2025-40920 perl-Catalyst-Authentication-Credential-HTTP: Catalyst::Authentication::Credential::HTTP insecure nonce generation [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2387730 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d72429a1f8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with theFedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Update perl-Catalyst-Authentication-Credential-HTTP to rectify nonce generation vulnerabilities, improving security measures for Fedora 42.. perl Catalyst authentication nonce security fix, Fedora updates, CVE-2025-40920, authentication credentials. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Sep 16, 2025 Important Fedora
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorymoderateOpenSUSE

openSUSE: perl-Authen-SASL Moderate Insecure Nonce Fix 2025:03087-1

An update that solves one vulnerability and contains one feature can now be installed.. # Security update for perl-Authen-SASL, perl-Crypt-URandom Announcement ID: SUSE-SU-2025:03087-1 Release Date: 2025-09-05T10:34:04Z Rating: moderate References: * bsc#1246623 * jsc#PED-13306 Cross-References: * CVE-2025-40918 CVSS scores: * CVE-2025-40918 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-40918 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-40918 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Development Tools Module 15-SP6 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux EnterpriseServer for SAP Applications 15 SP7 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for perl-Authen-SASL, perl-Crypt-URandom fixes the following issues: Changes in perl-Authen-SASL: * CVE-2025-40918: Fixed insecurely generated client nonce (bsc#1246623) Changes in perl-Crypt-URandom: * Included 0.540.0 for use by perl-Authen-SASL in SLE-15 (jsc#PED-13306 / bsc#1246623). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3087=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-3087=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-3087=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3087=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3087=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3087=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3087=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3087=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3087=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3087=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3087=1 * SUSE Linux Enterprise Serverfor SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3087=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3087=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3087=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-3087=1 ## Package List: * openSUSE Leap 15.6 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * Development Tools Module 15-SP6 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * Development Tools Module 15-SP7 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 *perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 * SUSE Enterprise Storage 7.1 (noarch) * perl-Authen-SASL-2.16-150000.1.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * perl-Crypt-URandom-debuginfo-0.540.0-150000.1.3.1 * perl-Crypt-URandom-0.540.0-150000.1.3.1 * perl-Crypt-URandom-debugsource-0.540.0-150000.1.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40918.html * https://bugzilla.suse.com/show_bug.cgi?id=1246623 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-13306&page_caps=&user_role= . Security audit alerts medium-risk vulnerabilities for perl-Authen-SASL and perl-Crypt-URandom on openSUSE, demanding immediate action for system safety. perl update, security patch, openSUSE advisory. . LinuxSecurity.com Team

Calendar 2 Sep 05, 2025 OpenSUSE
Banner 3 1028x280 1708121785 1771599793
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisoryencryptionopenssl

Mageia 2019-0354 Critical Update for OpenSSL Security Vulnerabilities

The updated packages fix security vulnerabilities: ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length . MGASA-2019-0354 - Updated openssl packages fix security vulnerabilities Publication date: 06 Dec 2019 URL: https://advisories.mageia.org/MGASA-2019-0354.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-1543, CVE-2019-1547, CVE-2019-1563 The updated packages fix security vulnerabilities: ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. (CVE-2019-1543) Normally in OpenSSL EC groups always have a co-factorpresent and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parametersmatch a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. (CVE-2019-1547) In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. (CVE-2019-1563) References: - https://bugs.mageia.org/show_bug.cgi?id=24888 - https://openssl-library.org/news/secadv/20190306.txt - https://lists.debian.org/debian-security-announce/2019/msg00123.html - https://openssl-library.org/news/secadv/20190910.txt - https://lists.debian.org/debian-security-announce/2019/msg00188.html - https://www.cve.org/CVERecord?id=CVE-2019-1543 - https://www.cve.org/CVERecord?id=CVE-2019-1547 - https://www.cve.org/CVERecord?id=CVE-2019-1563 SRPMS: - 7/core/openssl-1.1.0l-1.mga7 - 7/core/compat-openssl10-1.0.2t-1.mga7 . OpenSSL update for Mageia addresses critical vulnerabilities ensuring secure encryption practicesfor applications.. openssl update, mageia security, chacha20-poly1305, encryption risks. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Dec 06, 2019 Critical Mageia
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":549,"type":"x","order":1,"pct":78.54,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.29,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.86,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.3,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here