Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
89
security advisoryfedorasystem updateFedora 44 kf6-kwallet 6.25.0 Security Update FEDORA-2026-fe3d8d4767
Frameworks 6.25.0 + KDE Plasma 6.6.4. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-fe3d8d4767 2026-04-16 23:40:54.273526+00:00 -------------------------------------------------------------------------------- Name : kf6-kwallet Product : Fedora 44 Version : 6.25.0 Release : 1.fc44 URL : https://invent.kde.org/frameworks/kwallet Summary : KDE Frameworks 6 Tier 3 solution for password management Description : KWallet is a secure and unified container for user passwords. -------------------------------------------------------------------------------- Update Information: Frameworks 6.25.0 + KDE Plasma 6.6.4 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 9 2026 Steve Cossette - 6.25.0-1 - 6.25.0 * Fri Mar 20 2026 Yaakov Selkowitz - 6.24.0-2 - Limit main package dependency to host installations -------------------------------------------------------------------------------- References: [ 1 ] Bug #2455469 - Configuring WifI network via Network pane appears to not work https://bugzilla.redhat.com/show_bug.cgi?id=2455469 [ 2 ] Bug #2457573 - FE: KDE Frameworks 6.25.0 + Plasma 6.6.4 https://bugzilla.redhat.com/show_bug.cgi?id=2457573 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-fe3d8d4767' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 16, 2026
•Important
Fedora
89
security advisorysoftware updateFedoraFedora 36: 2022-6f7a60a793 Urgent: Grafana Path Exploit Mitigation
* fix CVE-2021-44716 * fix CVE-2021-43813 * use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-6e6b59a682 2022-01-28 01:35:17.995540 --------------------------------------------------------------------------------Name : grafana Product : Fedora 35 Version : 7.5.11 Release : 3.fc35 URL : https://grafana.com/ Summary : Metrics dashboard and graph editor Description : Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. --------------------------------------------------------------------------------Update Information: * fix CVE-2021-44716 * fix CVE-2021-43813 * use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens --------------------------------------------------------------------------------ChangeLog: * Tue Jan 18 2022 Andreas Gerstmayr 7.5.11-3 - use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens - update FIPS tests in check phase * Thu Dec 16 2021 Andreas Gerstmayr 7.5.11-2 - resolve CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache - resolve CVE-2021-43813 grafana: directory traversal vulnerability for *.md files --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-6e6b59a682' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list
Jan 27, 2022
•Critical
Fedora
197
security advisorycriticaldebianDebian LTS: DLA-2602-1 High: AppArmor Privilege Escalation Risk
cloud-init has the ability to generate and set a randomized password for system users. This functionality is enabled at runtime by passing cloud-config data such as: . - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2601-1
Mar 20, 2021
Debian LTS
198
security advisorysoftware updatemedium severityArch Linux Advisory: 202011-17 Medium Risk for Rclone Key Recovery
The package rclone before version 1.53.3-1 is vulnerable to private key recovery. . Arch Linux Security Advisory ASA-202011-17 ========================================= Severity: Medium Date : 2020-11-19 CVE-ID : CVE-2020-28924 Package : rclone Type : private key recovery Remote : No Link : https://security.archlinux.org/AVG-1286 Summary ====== The package rclone before version 1.53.3-1 is vulnerable to private key recovery. Resolution ========= Upgrade to 1.53.3-1. # pacman -Syu "rclone> =1.53.3-1" The problem has been fixed upstream in version 1.53.3. Workaround ========= All passwords generated by rclone 1.49.0 up to 1.53.2 should be changed. Rclone provides a password checker to find weak passwords as a separate tool called passwordcheck. Description ========== An issue was discovered in rclone 1.49.0 up to 1.53.2. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed. Impact ===== A malicious user might be able to brute force the weak passwords. References ========= https://github.com/rclone/rclone/issues/4783 https://github.com/rclone/rclone/commit/7985df37681f54d013816a4641da4f9b085b3aa5 https://github.com/rclone/passwordcheck https://security.archlinux.org/CVE-2020-28924 . Enhance your Arch Linux security by updating rclone to resolve a medium severity vulnerability linked to private key exposure in previous versions. Use this command to check for updates:. Arch Linux, Rclone Update, Key Recovery Risk, PrivateKey Recovery. . Severity: Medium. LinuxSecurity.com Team
Nov 29, 2020
•Medium
ArchLinux
89
security advisoryFedorapackage updateFedora 32: 2020-7e974bd2bb moderate: SeaMonkey User Profile Update
Update to 2.53.3 The database format of the stored passwords and certificates in the user profile are now changed. SeaMonkey should perform the changes hiddenly at the first run, just asking for the master password (if used). To avoid a hypothetical data loss, it is recommended to backup user profile before the update, or even drop master password temporary. After the change, new files. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-7e974bd2bb 2020-07-12 01:00:08.101996 --------------------------------------------------------------------------------Name : seamonkey Product : Fedora 32 Version : 2.53.3 Release : 1.fc32 URL : https://www.seamonkey-project.org/ Summary : Web browser, e-mail, news, IRC client, HTML editor Description : SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite. --------------------------------------------------------------------------------Update Information: Update to 2.53.3 The database format of the stored passwords and certificates in the user profile are now changed. SeaMonkey should perform the changes hiddenly at the first run, just asking for the master password (if used). To avoid a hypothetical data loss, it is recommended to backup user profile before the update, or even drop master password temporary. After the change, new files cert9.db and key4.db shoud appear in the user profile. (The old ones, cert8.db and key3.db, might be preserved as well, but make sure they are not leaved unencrypted if you use master password). --------------------------------------------------------------------------------ChangeLog: * Mon Jul 6 2020 Dmitry Butskoy 2.53.3-1 - update to 2.53.3 - use sql nss databases (cert9.db, key4.db etc.) since the old format isstopping be supported. --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-7e974bd2bb' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 11, 2020
Fedora
197
security advisorydebianaccess controlDebian Jessie: DLA-2063-1 Moderate: debian-lan-config ACL Misconfiguration
In debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server allowed password changes for other Kerberos user principals. . Package : debian-lan-config Version : 0.19+deb8u2 CVE ID : CVE-2019-3467 Debian Bug : 947459 In debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server allowed password changes for other Kerberos user principals. For Debian 8 "Jessie", this problem has been fixed in version 0.19+deb8u2. We recommend that you upgrade your debian-lan-config packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail:
Jan 15, 2020
•Important
Debian LTS
87
security advisorycriticaldebianUbuntu: USN-5124-2 Severe ACL Vulnerability in ubuntu-network-config
It was discovered that debian-lan-config, a FAI config space for the Debian-LAN system, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other user principals. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4595-1
Dec 27, 2019
•Important
Debian
89
security advisoryFedorabug fixFedora 27: FEDORA-2018-57c3a424eb moderate: qtpass Password Limit Fix
Qtpass password generation had a bug where only a 1000 different passwords where possible https://github.com/IJHack/QtPass/issues/338 ---- Upstream release. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-57c3a424eb 2018-01-15 14:51:10.594819 --------------------------------------------------------------------------------Name : qtpass Product : Fedora 27 Version : 1.2.1 Release : 1.fc27 URL : https://qtpass.org/ Summary : Cross-platform GUI for pass Description : QtPass is a cross-platform GUI for pass, the standard Unix password manager. --------------------------------------------------------------------------------Update Information: Qtpass password generation had a bug where only a 1000 different passwords where possible https://github.com/IJHack/QtPass/issues/338 ---- Upstream release --------------------------------------------------------------------------------References: [ 1 ] Bug #1511469 - qtpass-1.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1511469 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade qtpass' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jan 15, 2018
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!