Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H800
openSUSE

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Calendar White Jun 08, 2026
moderate
Ubuntu Large Esm H900
Ubuntu

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

Calendar White Jun 08, 2026
Critical
Opensuse Large Esm H800
openSUSE

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Calendar White Jun 08, 2026
Critical
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianrace condition

Debian: Trn Race Condition Fix for Overwrite Risk Due to Hardcoded Filename

All former versions of trn used a hardcoded filename in /tmp as temporary storage. If the file already exists as symbolic link to users files they will be overwritten. . All former versions of trn used a hardcoded filename in /tmp as temporary storage. If the file already exists as symbolic link to users files they will be overwritten. We recommend you upgrade your man2html package as soon as possible. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.1 alias slink -------------------------------- Source archives: MD5 checksum: a1b2a19ea060c289e079444edf908a18 MD5 checksum: 562b8ad926784d101646dc7148919015 Alpha architecture: MD5 checksum: 919bbf1ae668786ec945d4fb042d0d27 Intel ia32 architecture: MD5 checksum: b14c9ba3eeef6a33e574c55e022c47a4 Motorola 680x0 architecture: MD5 checksum: 3ad7ab653b333cfc4fb4409c7fe1e192 Sun Sparc architecture: MD5 checksum: 97cebe97d78372706c225309898a2e7d Debian GNU/Linux unstable alias potato -------------------------------------- Source archives: -9.4.diff.gz MD5 checksum: 46a3f905fecec6e9079ccb6e6c0d27dd MD5 checksum: e23192e418c3299f0bee0c5ef0f182e8 . tar.gz MD5 checksum: b42f4226072442265fbbda865ca4b796 Alpha architecture: MD5 checksum: bdcad9ead736edd1082bd203a26a3233 ARM architecture: MD5 checksum: f8c918679d759b3ec22a017eb58fc3b4 Intel ia32 architecture: MD5 checksum: d2a73698ac259196876a71fd6f45b714 Motorola 680x0 architecture: MD5 checksum: 0eb1b01ce9d3a92c2072ba8a6e7c81fa PowerPC architecture: MD5 checksum: 60ddaabdecb48ae2062d5d88ee608c42 Sun Sparc architecture: MD5 checksum: a1525fc83d73502be41411e02ba8ec3f --Debian GNU/Linux . Security Managers . This email address is being protected from spambots. You need JavaScript enabled to view it. This email address is being protected from spambots. You need JavaScript enabled to view it. Christian Hudon . Wichert Akkerman . Martin Schulze . . . Previous iterations of trn incorporated fixed filenames in /tmp, increasing the potential for accidental file overwrites. Ensure man2html is upgraded without delay.. trn Update, Debian Security Advisory, File Overwrite Risk. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 22, 2020 Critical Debian
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorymoderatepackage update

Ubuntu 12.04 LTS USN-1591-1 Moderate: Xdiagnose File Overwrite Risk

3rd party applications using xdiagnose could potentially be made tooverwrite files.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 =========================================================================Ubuntu Security Notice USN-1591-1 October 02, 2012 xdiagnose update ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - - Ubuntu 12.04 LTS Summary: 3rd party applications using xdiagnose could potentially be made to overwrite files. Software Description: - - xdiagnose: X.org diagnosis tool Details: Alec Warner discovered that xdiagnose improperly handled temporary files in welcome.py when creating user-initiated archive files. While failsafeX does not use the vulnerable code, this update removes this functionality to protect any 3rd party applications which import the vulnerable code. In the default Ubuntu installation, this should be prevented by the Yama link restrictions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: xdiagnose 2.5.2ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1591-1 https://bugs.launchpad.net/ubuntu/+source/xdiagnose/+bug/1036211 Package Information: https://launchpad.net/ubuntu/+source/xdiagnose/2.5.2ubuntu0.1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla -https://www.enigmail.net/index.php/en/ iQIbBAEBCgAGBQJQa0cLAAoJEFHb3FjMVZVzrYsP9Am30mCdGs6nEfuK162Kxi8j e/ByGns5xVxZoHgWyi54Jo9HD9d7rjtEdJoFWFVitTQGJlHq1CLrHhdSvXiKXIUe W1LaL5LP/8uGkAM1/HyBHG8vVNrh9T5PkB48AIdie0vhE3nvcRA1O3wcBqwzMFS7 6xIUoK9R9USmXfX2pkD1Mr2LMAxfRF0FLijAX/heQU3JiHuUlSHCcbyVcoiaAEFN k00uZMKUOWqn4kXfl9FvMbsxSN+Xg9pzQ/CN1byjWc/im8cVakU9I5kKQbp+t4FL ntN0PttVGn/9/+Rj2Pswa3zjGgnABitE0bEr3zYrwxfibLoVoqifR717731eFTXD dXbCx667rFtuwkEqssZjcwnovBqrfiG8cBeOxoDXie7vE7Z5alMoPRxOX8ZR1xuE KFP7pWSDp5aIJI7jp6yWO00puYuiW8gfjQ05fOiuUsLiCtFlY4W6Mz2FL3sXDtcw qywTqAj6O+AJiB+h0BFSaXEa7rZa8ZGbESR3QXSDW7UEssYuIEDlGsw6x7KZ1zFz AtL2dwFgqMBKRZCSmnaksMj6DnHLR8XNioXBoPAIF7VD2vT0r+siHpuvpAxxSd8y 6GnDeAzWSevR/Pq/2nzZPC/+07/EJa69CqxyzI43ZYb8oeZve52MmfFNaAgS1zkM /6u26JNyATb75G0cYdc=bAqp -----END PGP SIGNATURE----- -- ubuntu-security-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . Ubuntu security advisory for xdiagnose patch tackles potential file overwrite vulnerabilities and offers essential update guidelines.. Ubuntu Update, xdiagnose Security, File Overwrite, Ubuntu 12.04. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Oct 02, 2012 Important Ubuntu
Banner 3 1028x280 1708121785 1771599793
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentoooverwrite risk

Gentoo GLSA 200509-21 Normal: Hylafax File Overwrite Risk

Hylafax is vulnerable to linking attacks, potentially allowing a local user to overwrite arbitrary files.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200509-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Hylafax: Insecure temporary file creation in xferfaxstats script Date: September 30, 2005 Bugs: #106882 ID: 200509-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Hylafax is vulnerable to linking attacks, potentially allowing a local user to overwrite arbitrary files. Background ========= Hylafax is a client-server fax package for class 1 and 2 fax modems. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/hylafax < 4.2.2 *> = 4.2.0-r3 *> = 4.2.1-r2 > = 4.2.2 Description ========== Javier Fernandez-Sanguino has discovered that xferfaxstats cron script supplied by Hylafax insecurely creates temporary files with predictable filenames. Impact ===== A local attacker could create symbolic links in the temporary file directory, pointing to a valid file somewhere on the filesystem. When the xferfaxstats script of Hylafax is executed, this would result in the file being overwritten with the rights of the user running the script, which typically is the root user. Workaround ========= There is no known workaround at this time. Resolution ========= All Hylafax users should upgrade to the latestversion: # emerge --sync # emerge --ask --oneshot --verbose net-misc/hylafax References ========= [ 1 ] Original bug report Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200509-21 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.0/ . The Hylafax security bulletin points out risks from insecure temporary file creation, exposing Gentoo environments to local exploit chances for attackers.. Hylafax Security Advisory,Gentoo Linking Attack,Temporary File Issue. . LinuxSecurity.com Team

Calendar 2 Sep 30, 2005 Gentoo
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentoodata protection

Gentoo: GLSA-200409-03 Normal: PostgreSQL Data Exposure Vulnerability

The mysqlhotcopy utility can create temporary files with predictable paths, allowing an attacker to use a symlink to trick MySQL into overwriting important data. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200409-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MySQL: Insecure temporary file creation in mysqlhotcopy Date: September 01, 2004 Bugs: #60744 ID: 200409-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= The mysqlhotcopy utility can create temporary files with predictable paths, allowing an attacker to use a symlink to trick MySQL into overwriting important data. Background ========= MySQL is a popular open-source multi-threaded, multi-user SQL database server. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/mysql = 4.0.20-r1 Description ========== Jeroen van Wolffelaar discovered that the MySQL database hot copy utility (mysqlhotcopy.sh), when using the scp method, uses temporary files with predictable names. A malicious local user with write access to the /tmp directory could create a symbolic link pointing to a file, which may then be overwritten. In cases where mysqlhotcopy is run as root, a malicious user could create a symlink to a critical file such as /etc/passwd and cause it to be overwritten. Impact ===== A local attacker could use this vulnerability to destroy other users' data or corrupt and destroy system files, possibly leading to a denial of service condition. Workaround ========= There is no knownworkaround at this time. Resolution ========= All MySQL users should upgrade to the latest version: # emerge sync # emerge -pv "> =dev-db/mysql-4.0.20-r1" # emerge "> =dev-db/mysql-4.0.20-r1" References ========= [ 1 ] CAN-2004-0457 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0457 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200409-02 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/1.0/ . PostgreSQL's pg_dump may leave unprotected backup files, posing a data security threat. Ensure your setup is current to maintain integrity!. MySQL Security Advisory, Gentoo MySQL Update, Insecure File Permissions, MySQL Data Protection, Temporary File Management. . LinuxSecurity.com Team

Calendar 2 Sep 01, 2004 Gentoo
Banner 3 1028x280 1708121785 1771599793
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisoryGentoofile handling

Gentoo: GLSA-200407-08 Normal: OpenSSH Key Disclosure Vulnerability

Shorewall contains a bug in the code handling the creation of temporary files and directories. This can allow a non-root user to overwrite arbitrary system files. [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200407-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Shorewall : Insecure temp file handling Date: July 08, 2004 Bugs: #55675 ID: 200407-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Shorewall contains a bug in the code handling the creation of temporary files and directories. This can allow a non-root user to overwrite arbitrary system files. Background ========= Shorewall is a high level tool for configuring Netfilter, the firewall facility included in the Linux Kernel. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-firewall/shorewall = 1.4.10f Description ========== Shorewall uses temporary files and directories in an insecure manner. A local user could create symbolic links at specific locations, eventually overwriting other files on the filesystem with the rights of the shorewall process. Impact ===== An attacker could exploit this vulnerability to overwrite arbitrary system files with root privileges, resulting in Denial of Service or further exploitation. Workaround ========= There is no known workaround at this time. All users should upgrade to the latest available version of Shorewall. Resolution ========= All users should upgrade to the latest availableversion of Shorewall, as follows: # emerge sync # emerge -pv "> =net-firewall/shorewall-1.4.10f" # emerge "> =net-firewall/shorewall-1.4.10f" References ========= [ 1 ] Shorewall Announcement Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200407-07 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/1.0/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - iD8DBQFA7YNjvcL1obalX08RAnEoAJwI4WXLMFQHLKej/GoiwfvMilgfwgCeLcQE eqXoYzwnpkLAnbmAjw5JLho=1nyP -----END PGP SIGNATURE----- . System Alert: Vulnerability in temporary file management allows unauthorized file replacement. Please update to the most recent version for enhanced protection.. Gentoo Linux Security, Shorewall Update, Temp File Handling, Security Advisory. . LinuxSecurity.com Team

Calendar 2 Jul 08, 2004 Gentoo
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here