Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 386 articles for you...
91

Gentoo DTrace Arbitrary File Creation Normal Risk 202604-04

A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202604-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: DTrace: Arbitrary file creation via dtprobed Date: April 17, 2026 Bugs: #971491 ID: 202604-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names. Background ========== DTrace is a dynamic tracing tool for analysing or debugging the whole system. Specifically, dtprobed is a component of the DTrace system that keeps track of USDT probes within running processes, parsing and storing the DOF they provide for later consumption by dtrace proper. Affected packages ================= Package Vulnerable Unaffected ---------------- ------------ ------------ dev-debug/dtrace < 2.0.6 > = 2.0.6 Description =========== A vulnerability has been found in dtprobed that allows for arbitrary file creation through specially crafted USDT provider names. Impact ====== The worst possible outcome is the ability for an attacker to run arbitrary code via the maliciously created file. Workaround ========== There is no known workaround at this time. Resolution ========== All DTrace users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-debug/dtrace-2.0.6" References ========== [ 1 ] CVE-2026-21991 https://nvd.nist.gov/vuln/detail/CVE-2026-21991 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202604-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2026 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Explore the DTrace dtprobed arbitrary file creation risk and update guidance in Gentoo's security advisory dated April 17, 2026.. DTrace, Gentoo, dtprobed, security advisory, arbitrary code execution. . Severity: Medium. LinuxSecurity.com Team

Calendar%202 Apr 17, 2026 Medium Gentoo
91

Gentoo: PHP Library Remote Code Execution Vulnerabilities GLSA-202510-07

Multiple vulnerabilities have been discovered in Composer, the worst of which can lead to arbitrary code execution. . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202508-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Composer: Multiple Vulnerabilities Date: August 06, 2025 Bugs: #838268 ID: 202508-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Composer, the worst of which can lead to arbitrary code execution. Background ========== Composer is a dependency manager for the PHP programming language. Affected packages ================= Package Vulnerable Unaffected ---------------- ------------ ------------ dev-php/composer

Calendar%202 Aug 06, 2025 Critical Gentoo
91

Gentoo: Spreadsheet-ParseExcel Vulnerability Overview GLSA-202508-06

A vulnerability has been discovered in Spreadsheet-ParseExcel, which can lead to arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202508-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Spreadsheet-ParseExcel: Arbitrary Code Execution Date: August 06, 2025 Bugs: #920954 ID: 202508-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in Spreadsheet-ParseExcel, which can lead to arbitrary code execution. Background ========== Spreadsheet::ParseExcel is a perl module to extract information from Excel files. Affected packages ================= Package Vulnerable Unaffected ------------------------------- ------------ ------------ dev-perl/Spreadsheet-ParseExcel < 0.660.0 > = 0.660.0 Description =========== A vulnerability has been discovered in Spreadsheet::ParseExcel. Please review the CVE identifier referenced below for details. Impact ====== Please review the referenced CVE identifier for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Spreadsheet::ParseExcel users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-perl/Spreadsheet-ParseExcel-0.660.0" References ========== [ 1 ] CVE-2023-7101 https://nvd.nist.gov/vuln/detail/CVE-2023-7101 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202508-05 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importanceto us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2025 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Critical security flaw detected in Spreadsheet-ParseExcel. Immediate update advised to reduce potential threats.. Gentoo security advisory, Spreadsheet-ParseExcel advisory, code execution risk, Perl module vulnerability, upgrade Spreadsheet-ParseExcel. . LinuxSecurity.com Team

Calendar%202 Aug 06, 2025 Gentoo
91

Gentoo: Mozilla NSS Standard TLS RSA Decryption Timing Flaw GLSA-202509-05

A vulnerability has been discovered in NSS, which can lead to the recovery of private data.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202508-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Network Security Service (NSS): TLS RSA decryption timing attack Date: August 06, 2025 Bugs: #925027 ID: 202508-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in NSS, which can lead to the recovery of private data. Background ========== The Mozilla Network Security Service is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. Affected packages ================= Package Vulnerable Unaffected ------------ ------------ ------------ dev-libs/nss < 3.98 > = 3.98 Description =========== A vulnerability has been discovered in Mozilla Network Security Service (NSS). Please review the CVE identifier referenced below for details. Impact ====== Please review the referenced CVE identifier for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Network Security Service (NSS) users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-libs/nss-3.98" References ========== [ 1 ] CVE-2023-5388 https://nvd.nist.gov/vuln/detail/CVE-2023-5388 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202508-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users'machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2025 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . An urgent security notice concerning Gentoo's NSS library highlights a vulnerability related to a TLS RSA decryption timing attack, which poses risk to sensitive information.. Mozilla Security, Decryption Attack, Gentoo Linux. . LinuxSecurity.com Team

Calendar%202 Aug 06, 2025 Gentoo
91

Gentoo: FontForge Standard Uncontrolled Code Execution GLSA-202509-04

A vulnerability has been discovered in FontForge, which can lead to arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202508-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: FontForge: Arbitrary Code Execution Date: August 06, 2025 Bugs: #926521 ID: 202508-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in FontForge, which can lead to arbitrary code execution. Background ========== FontForge is a PostScript font editor and converter. Affected packages ================= Package Vulnerable Unaffected ------------------- ------------- -------------- media-gfx/fontforge < 20230101-r1 > = 20230101-r1 Description =========== A vulnerabilitiy has been discovered in FontForge. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All FontForge users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-gfx/fontforge-20230101-r1" References ========== [ 1 ] CVE-2024-25081 https://nvd.nist.gov/vuln/detail/CVE-2024-25081 [ 2 ] CVE-2024-25082 https://nvd.nist.gov/vuln/detail/CVE-2024-25082 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202508-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressedto This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2025 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Gentoo Linux has issued a crucial security advisory for FontForge, revealing vulnerabilities that could allow code execution. Update your packages to stay secure.. Gentoo FontForge Security, Arbitrary Code Execution Fix, Linux FontForge Update. . LinuxSecurity.com Team

Calendar%202 Aug 06, 2025 Gentoo
91

Gentoo: GLSA-202507-09 high: XMLParser security vulnerability

Multiple vulnerabilities have been discovered in REXML, the worst of which can lead to a denial of service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202507-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: REXML: Multiple Vulnerabilities Date: July 08, 2025 Bugs: #932013, #936133, #937114, #938298, #942432 ID: 202507-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in REXML, the worst of which can lead to a denial of service. Background ========== REXML is an XML toolkit for Ruby. Affected packages ================= Package Vulnerable Unaffected -------------- ------------ ------------ dev-ruby/rexml < 3.3.9 > = 3.3.9 Description =========== Multiple vulnerabilities have been discovered in REXML. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All REXML users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-ruby/rexml-3.3.9" References ========== [ 1 ] CVE-2024-35176 https://nvd.nist.gov/vuln/detail/CVE-2024-35176 [ 2 ] CVE-2024-39908 https://nvd.nist.gov/vuln/detail/CVE-2024-39908 [ 3 ] CVE-2024-41123 https://nvd.nist.gov/vuln/detail/CVE-2024-41123 [ 4 ] CVE-2024-41946 https://nvd.nist.gov/vuln/detail/CVE-2024-41946 [ 5 ] CVE-2024-43398 https://nvd.nist.gov/vuln/detail/CVE-2024-43398 [ 6 ] CVE-2024-49761 https://nvd.nist.gov/vuln/detail/CVE-2024-49761 Availability ============ This GLSA and any updates to it areavailable for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202507-08 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2025 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Exploitable flaws within REXML may result in service disruption; Gentoo Linux users should ensure timely upgrades.. REXML vulnerabilities, Gentoo security advisory, denial of service, upgrade REXML, Ruby XML toolkit. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2025 Gentoo
91

Gentoo: GLSA-202507-06 normal: OpenSSL critical security flaws addressed

Multiple vulnerabilities have been discovered in NTP, the worst of which could lead to the execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202507-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: NTP: Multiple Vulnerabilities Date: July 08, 2025 Bugs: #904337 ID: 202507-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in NTP, the worst of which could lead to the execution of arbitrary code. Background ========== NTP contains software for the Network Time Protocol. Affected packages ================= Package Vulnerable Unaffected ------------ ------------ ------------ net-misc/ntp < 4.2.8_p16 > = 4.2.8_p16 Description =========== Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact ====== The first four of these CVEs affect a function in libntp that is only used by ntpq, but not by ntpd. The last CVE affects the driver for a hardware clock (GPS receiver), so ntpd might be vulnerable to manipulated devices of that type, but not to remote attacks. Workaround ========== There is no known workaround at this time. Resolution ========== All NTP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-misc/ntp-4.2.8_p16" References ========== [ 1 ] CVE-2023-26551 https://nvd.nist.gov/vuln/detail/CVE-2023-26551 [ 2 ] CVE-2023-26552 https://nvd.nist.gov/vuln/detail/CVE-2023-26552 [ 3 ] CVE-2023-26553 https://nvd.nist.gov/vuln/detail/CVE-2023-26553 [ 4 ] CVE-2023-26554 https://nvd.nist.gov/vuln/detail/CVE-2023-26554 [ 5 ]CVE-2023-26555 https://nvd.nist.gov/vuln/detail/CVE-2023-26555 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202507-05 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2025 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Exploiting security flaws in NTP can lead to unapproved execution of code. Ensure you upgrade to the newest release to protect against these threats.. NTP vulnerabilities,Gentoo security,linux time protocol,arbitrary code execution. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2025 Gentoo
91

Gentoo GLSA 202507-04: strongSwan Buffer Overflow Risk - Normal Severity

A buffer overflow has been discovered in strongSwan, which can lead to remote code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202507-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: strongSwan: Buffer Overflow Date: July 08, 2025 Bugs: #920105 ID: 202507-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow has been discovered in strongSwan, which can lead to remote code execution. Background ========== strongSwan is an IPSec implementation for Linux. Affected packages ================= Package Vulnerable Unaffected ------------------ ------------ ------------ net-vpn/strongswan < 5.9.13 > = 5.9.13 Description =========== Multiple vulnerabilities have been discovered in strongSwan. Please review the CVE identifiers referenced below for details. Impact ====== A vulnerability in charon-tkm related to processing DH public values was discovered in strongSwan that can result in a buffer overflow and potentially remote code execution. Workaround ========== There is no known workaround at this time. Resolution ========== All strongSwan users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-vpn/strongswan-5.9.13" References ========== [ 1 ] CVE-2023-41913 https://nvd.nist.gov/vuln/detail/CVE-2023-41913 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202507-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concernsshould be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2025 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Vulnerability identified in strongSwan may allow for unpermitted execution; patch now released. Threat level: moderate. strongSwan, buffer overflow, Gentoo upgrade, remote execution. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2025 Gentoo
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200