Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 118 articles for you...
172

Ubuntu OpenStack Keystone Critical Roles Bypass Vulnern USN-8433-1

Several security issues were fixed in OpenStack Keystone.. ========================================================================== Ubuntu Security Notice USN-8433-1 June 16, 2026 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in OpenStack Keystone. Software Description: - keystone: OpenStack identity service Details: It was discovered that OpenStack Keystone allowed restricted application credentials to create EC2 credentials. An authenticated attacker with only a reader role could possibly use this issue to bypass the role restrictions imposed on the application credential. (CVE-2026-33551) It was discovered that the OpenStack Keystone LDAP identity backend did not correctly convert the user enabled attribute to a boolean value. An attacker could possibly use this issue to authenticate as a user disabled in LDAP. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-40683) It was discovered that OpenStack Keystone's application credential authentication plugin did not verify that the user supplied in an authentication request matched the credential owner. An authenticated attacker could possibly impersonate another user and gain access to their tokens and credentials. (CVE-2026-42998) It was discovered that OpenStack Keystone's RBAC policy enforcer unconditionally merged the raw JSON request body into the policy enforcement dictionary, overwriting trusted target data. An authenticated attacker could possibly use this issue to inject arbitrary policy attributes to bypass RBAC checks. (CVE-2026-42999) It was discovered that OpenStack Keystone allowed an attacker with the member role to escalate privileges to admin by chaining application credential impersonation with Keystone trusts. An attacker could possibly use this issueto create a persistent trust delegating the victim's admin role to themselves. (CVE-2026-43000) It was discovered that OpenStack Keystone did not validate that the project_id for an EC2 credential matched the project of the authenticating application credential. An attacker with valid credentials for one project could possibly use this issue to create EC2 credentials targeting a different project. (CVE-2026-43001) It was discovered that OpenStack Keystone's federated token rescoping mechanism did not propagate the original token's expiry to the newly issued token. A remote attacker could possibly use this issue to maintain access indefinitely by repeatedly rescoping tokens before expiry. (CVE-2026-44394) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS keystone 2:29.0.0-0ubuntu1.2 keystone-common 2:29.0.0-0ubuntu1.2 keystone-doc 2:29.0.0-0ubuntu1.2 python3-keystone 2:29.0.0-0ubuntu1.2 Ubuntu 25.10 keystone 2:28.0.0-0ubuntu1.3 keystone-common 2:28.0.0-0ubuntu1.3 keystone-doc 2:28.0.0-0ubuntu1.3 python3-keystone 2:28.0.0-0ubuntu1.3 Ubuntu 24.04 LTS keystone 2:25.0.0-0ubuntu1.4 keystone-common 2:25.0.0-0ubuntu1.4 keystone-doc 2:25.0.0-0ubuntu1.4 python3-keystone 2:25.0.0-0ubuntu1.4 Ubuntu 22.04 LTS keystone 2:21.0.1-0ubuntu2.4 keystone-common 2:21.0.1-0ubuntu2.4 keystone-doc 2:21.0.1-0ubuntu2.4 python3-keystone 2:21.0.1-0ubuntu2.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8433-1 CVE-2026-33551, CVE-2026-40683, CVE-2026-42998, CVE-2026-42999, CVE-2026-43000, CVE-2026-43001, CVE-2026-44394 Package Information: https://launchpad.net/ubuntu/+source/keystone/2:29.0.0-0ubuntu1.2 https://launchpad.net/ubuntu/+source/keystone/2:28.0.0-0ubuntu1.3 https://launchpad.net/ubuntu/+source/keystone/2:25.0.0-0ubuntu1.4 https://launchpad.net/ubuntu/+source/keystone/2:21.0.1-0ubuntu2.4 . Several serious security issues were addressed in OpenStack Keystone affecting multiple Ubuntu versions. Immediate updates are necessary.. OpenStack Keystone security update, Ubuntu identity service vulnerabilities, authentication privilege escalation. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 16, 2026 Critical Ubuntu
87

Debian DSA-6315-1 Cyborg Important Access Control Issues

Two security vulnerabilities have been discovered in Cyborg, the OpenStack component for management of hardware accelerators, which could result in incomplete access controls. For the stable distribution (trixie), these problems have been fixed in version 14.0.0-3+deb13u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6315-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff May 31, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cyborg CVE ID : CVE-2026-40213 CVE-2026-40214 Two security vulnerabilities have been discovered in Cyborg, the OpenStack component for management of hardware accelerators, which could result in incomplete access controls. For the stable distribution (trixie), these problems have been fixed in version 14.0.0-3+deb13u1. We recommend that you upgrade your cyborg packages. For the detailed security status of cyborg please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cyborg Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian DSA-6315-1 announces important security fixes for Cyborg, improving access control issues in OpenStack.. Debian Cyborg Security OpenStack Access Control. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 31, 2026 Important Debian
87

Debian: Critical Vulnerability in Privilege Escalation DSA-6080-1 Alert

A vulnerability was discovered in the ec2tokens and s3tokens APIs of Keystone, the OpenStack identity service, which may result in authorisation bypass or privilege escalation if /v3/ec2tokens or /v3/s3tokens are reachable by unauthenticated clients. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6056-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff November 13, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : keystone CVE ID : not yet available A vulnerability was discovered in the ec2tokens and s3tokens APIs of Keystone, the OpenStack identity service, which may result in authorisation bypass or privilege escalation if /v3/ec2tokens or /v3/s3tokens are reachable by unauthenticated clients. The Swift object storage service also requires an update to work with the updated Keystone: The update to Swift is provided as 2.30.1-0+deb12u1 for bookworm and 2.35.1-0+deb13u1 for trixie and is backwards-compatible with older Keystone versions. As such, it is recommended to first upgrade Swift before deploying the Keystone update. For the oldstable distribution (bookworm), this problem has been fixed in version 2:22.0.2-0+deb12u1. For the stable distribution (trixie), this problem has been fixed in version 2:27.0.0-3+deb13u1. We recommend that you upgrade your keystone packages. For the detailed security status of keystone please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/keystone Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . A critical Keystone vulnerability affects EC2 and S3 tokens,risking privilege escalation for unauthorized clients.. Keystone Security, OpenStack Identity, Debian Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Nov 13, 2025 Important Debian
172

Ubuntu: OpenStack Keystone Critical Access Issue USN-7857-1

OpenStack Keystone could allow unintended access to network services.. ========================================================================== Ubuntu Security Notice USN-7857-1 November 04, 2025 keystone vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS Summary: OpenStack Keystone could allow unintended access to network services. Software Description: - keystone: OpenStack identity service Details: Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 keystone 2:28.0.0-0ubuntu1.1 python3-keystone 2:28.0.0-0ubuntu1.1 Ubuntu 25.04 keystone 2:27.0.0-0ubuntu1.1 python3-keystone 2:27.0.0-0ubuntu1.1 Ubuntu 24.04 LTS keystone 2:25.0.0-0ubuntu1.1 python3-keystone 2:25.0.0-0ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7857-1 Package Information: https://launchpad.net/ubuntu/+source/keystone/2:28.0.0-0ubuntu1.1 . OpenStack Keystone vulnerability allows unauthorized access to network services. Update required for Ubuntu systems.. OpenStack Keystone, Ubuntu Security Notice, keystone access issue, Ubuntu vulnerability. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Nov 04, 2025 Critical Ubuntu
197

Debian LTS: DLA-3873-1 Moderate: Nova Arbitrary File Disclosure

Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3873-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Thomas Goirand September 05, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : nova Version : 2:22.4.0-1~deb11u5 CVE ID : CVE-2024-32498 CVE-2024-40767 Debian Bug : 1074762 Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. Arnaud Morin later discovered that the initial fix was not sufficient, and that nova was still vulnerable with some VM images types. For Debian 11 bullseye, these problems have been fixed in version 2:22.4.0-1~deb11u5. We recommend that you upgrade your nova packages. For the detailed security status of nova please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/nova Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The Ubuntu Security Notice USN-1234-1 concerns vulnerabilities in OpenStack impacting various modules.. Debian LTS, OpenStack Security, Nova Updates, Disk Image Vulnerability, Security Advisory DLA-3873-1. . LinuxSecurity.com Team

Calendar%202 Sep 04, 2024 Debian LTS
197

Debian 11: DLA-3872-1 Critical: Glance Arbitrary File Disclosure

Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3872-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Thomas Goirand September 05, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : glance Version : 2:21.1.0-1+deb11u2 CVE ID : CVE-2024-32498 Debian Bug : 1074761 Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. For Debian 11 bullseye, this problem has been fixed in version 2:21.1.0-1+deb11u2. We recommend that you upgrade your glance packages. For the detailed security status of glance please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/glance Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Urgent notice for Glance users regarding a critical security vulnerability; please update without delay to safeguard against potential data leaks.. OpenStack, Glance Update, Debian LTS Advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Sep 04, 2024 Critical Debian LTS
197

Debian: DLA-3870-1 Moderate: python-oslo.utils Security Update

python-oslo.utils, a set of utilities used by OpenStack, was updated as a requirement to fix CVE-2024-32498 in the cinder, glance and nova OpenStack components. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3870-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Thomas Goirand September 05, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : python-oslo.utils Version : 4.6.1-0+deb11u1 python-oslo.utils, a set of utilities used by OpenStack, was updated as a requirement to fix CVE-2024-32498 in the cinder, glance and nova OpenStack components. For Debian 11 bullseye, this was addressed in version 4.6.1-0+deb11u1. We recommend that you upgrade your python-oslo.utils packages. For the detailed security status of python-oslo.utils please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/python-oslo.utils Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Enhance python-oslo.utils for Debian LTS to address significant security vulnerabilities within OpenStack modules.. python-oslo, openstack utilities, debian lts advisory, security updates. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Sep 04, 2024 Important Debian LTS
87

Debian Bookworm DSA-5756-1 Critical: Nova File Disclosure Risk

Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5756-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff August 21, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nova CVE ID : CVE-2024-32498 Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. For the stable distribution (bookworm), this problem has been fixed in version 2:26.2.2-1~deb12u3. We recommend that you upgrade your nova packages. For the detailed security status of nova please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/nova Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian DSA-5757-2 fixes a severe cinder flaw impacting OpenStack services. Upgrade immediately!. Debian Security, OpenStack Advisory, Nova Security Update, File Disclosure, QCOW2 Disk Images. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Aug 21, 2024 Critical Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200