Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -2 articles for you...
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorymoderateUbuntu

Ubuntu 14.04 LTS USN-6722-1 Moderate: Django Account Hijack Risk

Django accounts could be hijacked through password reset requests.. ========================================================================== Ubuntu Security Notice USN-6722-1 April 08, 2024 python-django vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Django accounts could be hijacked through password reset requests. Software Description: - python-django: High-level Python web development framework Details: Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS (Available with Ubuntu Pro): python-django 1.6.11-0ubuntu1.3+esm7 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6722-1 CVE-2019-19844 . As cybersecurity threats evolve, Django developers must be vigilant about password reset vulnerabilities related to Ubuntu updates, ensuring secure token usage.. Django Vulnerability, Ubuntu 14.04, Password Reset Security. . LinuxSecurity.com Team

Calendar 2 Apr 08, 2024 Ubuntu
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoradirectory traversal

Fedora 34: FEDORA-2022-c6ae206be7 Moderate: Grafana Security Updates

* fix CVE-2021-44716 * fix CVE-2021-43813 * use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-c6ae206be7 2022-01-27 19:37:48.776907 --------------------------------------------------------------------------------Name : grafana Product : Fedora 34 Version : 7.5.11 Release : 3.fc34 URL : https://grafana.com/ Summary : Metrics dashboard and graph editor Description : Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. --------------------------------------------------------------------------------Update Information: * fix CVE-2021-44716 * fix CVE-2021-43813 * use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens --------------------------------------------------------------------------------ChangeLog: * Tue Jan 18 2022 Andreas Gerstmayr 7.5.11-3 - use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens - update FIPS tests in check phase * Thu Dec 16 2021 Andreas Gerstmayr 7.5.11-2 - resolve CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache - resolve CVE-2021-43813 grafana: directory traversal vulnerability for *.md files --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-c6ae206be7' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Enhance the security of Grafana on Fedora 34 by updating identified vulnerabilities and improving password reset token security through system updates. Grafana Security, Fedora Update, Password Reset Tokens, Directory Traversal, HMAC-SHA256. . LinuxSecurity.com Team

Calendar 2 Jan 27, 2022 Fedora
Banner 1 1028x280 1708121660 1771599717
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticaldebian

Debian: DSA-4598-1 Critical: Django Account Hijack Threat

Simon Charette reported that the password reset functionality in Django, a high-level Python web development framework, uses a Unicode case-insensitive query to retrieve accounts matching the email address requesting the password reset. An attacker can take advantage of this . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4598-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso January 07, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-django CVE ID : CVE-2019-19844 Debian Bug : 946937 Simon Charette reported that the password reset functionality in Django, a high-level Python web development framework, uses a Unicode case-insensitive query to retrieve accounts matching the email address requesting the password reset. An attacker can take advantage of this flaw to potentially retrieve password reset tokens and hijack accounts. For details please refer to https://www.djangoproject.com/weblog/2019/dec/18/security-releases/ For the oldstable distribution (stretch), this problem has been fixed in version 1:1.10.7-2+deb9u7. For the stable distribution (buster), this problem has been fixed in version 1:1.11.27-1~deb10u1. We recommend that you upgrade your python-django packages. For the detailed security status of python-django please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/python-django Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Update the python-django framework to address a significant vulnerability in the password recovery process, ensuring protection against unauthorized account access.. python django security,debian advisory DSA-4598-1, account recovery exploit. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 07, 2020 Critical Debian
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisoryaccount hijackingsecurity issue

Ubuntu 4224-1: Django Hijacking Risk Through Password Resets

Django accounts could be hijacked through password reset requests.. =========================================================================Ubuntu Security Notice USN-4224-1 December 19, 2019 python-django vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 - Ubuntu 19.04 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Django accounts could be hijacked through password reset requests. Software Description: - python-django: High-level Python web development framework Details: Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: python-django 1:1.11.22-1ubuntu1.1 python3-django 1:1.11.22-1ubuntu1.1 Ubuntu 19.04: python-django 1:1.11.20-1ubuntu0.3 python3-django 1:1.11.20-1ubuntu0.3 Ubuntu 18.04 LTS: python-django 1:1.11.11-1ubuntu1.6 python3-django 1:1.11.11-1ubuntu1.6 Ubuntu 16.04 LTS: python-django 1.8.7-1ubuntu5.11 python3-django 1.8.7-1ubuntu5.11 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4224-1 CVE-2019-19844 Package Information: https://launchpad.net/ubuntu/+source/python-django/1:1.11.22-1ubuntu1.1 https://launchpad.net/ubuntu/+source/python-django/1:1.11.20-1ubuntu0.3 https://launchpad.net/ubuntu/+source/python-django/1:1.11.11-1ubuntu1.6 https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.11 . The latest Ubuntu Security Notice USN-4225-1 addresses a critical vulnerability in thePostgreSQL module that could lead to unauthorized access through SQL injection attacks.. Python Django, Account Hijacking, Security Advisory, Software Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Dec 18, 2019 Critical Ubuntu
Banner 1 1028x280 1708121660 1771599717
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorysoftware updatedebian

Debian: DLA-933-1 Moderate: Roundcube Password Reset Issue Exploit

Roundcube Webmail allows arbitrary password resets by authenticated users. The issue is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin. . Hash: SHA512 Package : roundcube Version : 0.7.2-9+deb7u7 CVE ID : CVE-2017-8114 Debian Bug : 861388 Roundcube Webmail allows arbitrary password resets by authenticated users. The issue is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin. For Debian 7 "Wheezy", these problems have been fixed in version 0.7.2-9+deb7u7. We recommend that you upgrade your roundcube packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The Roundcube Webmail application supports the functionality of user password resets. A corrective update is accessible in Debian 7 through version 0.7.2-9+deb7u7.. Roundcube Security, Debian Update, Webmail Fix, User Authentication Patch. . LinuxSecurity.com Team

Calendar 2 May 07, 2017 Debian LTS
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorymoderateubuntu

Ubuntu 10.10 USN-1033-1 Moderate: Eucalyptus Password Reset Attack

It was discovered that Eucalyptus did not verify password resets fromthe Admin UI correctly. An unauthenticated remote attacker could issuepassword reset requests to gain admin privileges in the Eucalyptusenvironment. [More...]. ==========================================================Ubuntu Security Notice USN-1033-1 December 16, 2010 eucalyptus vulnerability CVE-2010-3905 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 10.10: eucalyptus-java-common 2.0+bzr1241-0ubuntu4.1 In general, a standard system update will make all the necessary changes. Details follow: It was discovered that Eucalyptus did not verify password resets from the Admin UI correctly. An unauthenticated remote attacker could issue password reset requests to gain admin privileges in the Eucalyptus environment. Updated packages for Ubuntu 10.10: Source archives: Size/MD5: 1089703 f069164d6b2ca21b88576a3ca0b9c2c4 Size/MD5: 3130 cc4ffed69d917b9b79a1e55ce4e4cce5 Size/MD5: 1125937 53aa41e05e82eb21b9c22986b908bb90 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 521416 38de80370f3ee94f76830c29595d2fde Size/MD5: 297032 859b7a1d592ef6bfb0d0e336ac4df096 Size/MD5: 442732 ecf1716a8c5550632769e93faf6c653d Size/MD5: 58358 924adeb96eae67118ea48ce66ccdd1de Size/MD5: 5823190 9e2d42104ae6d4e99b73b9af3767b3ed Size/MD5: 295222 b2a2b8e919da3190fd7fc6b62eee3fd0 Size/MD5: 83592 24f5a556f6efe3370c65fdbc9fcfad9b Size/MD5: 11386 ad7098126c99e9cf6b01be308fd15558 Size/MD5: 95918 554c4d2a8a54c96ffb2f6df06150a771 Size/MD5: 9840 12f99f596ecb7663227fa252d6f98ed8 i386 architecture (x86 compatibleIntel/AMD): Size/MD5: 456010 d3d65bdc406ffc849229db07fc932ed8 Size/MD5: 296976 c897fe371e8cf30ce2ebfaa370a4ee2f Size/MD5: 380950 9ffa8290b6a8c0170a8469cdbfb9e4aa Size/MD5: 51464 95f8361795cd1a1f7371ed32b6c85bb9 Size/MD5: 5824096 3dac8ecf2fd4e1d1a3c4334678f8e827 Size/MD5: 257456 fce08ca26921c9fdac1cb0191b2c03b8 Size/MD5: 83366 7cdad21c04f47a85fbba9549b4c5af91 Size/MD5: 10788 717ac6e2fa4cb9cff22a2e9438cfe304 Size/MD5: 95682 7af42d18b09a7d9793d916588919b0ce Size/MD5: 9068 74a75f5e3609cf0d99b749e464c0fcd3 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 484390 6f8a2db6d5ccae20a546ea6dd9ab8292 Size/MD5: 297160 d49246ad399a4e09cde53c9df202106b Size/MD5: 372256 30fc79eced7a8b97397da0cb0e813096 Size/MD5: 54520 7410a9f4ceaf409f578b0f70ff0b5f9e Size/MD5: 5823590 ae02398e3cfc0f9d2d41a92e5cb08ed2 Size/MD5: 273576 35b76654f50b4b4fb2244c42b8634dac Size/MD5: 83624 97c51d97f7b22e016dde4cfb76f50d77 Size/MD5: 11236 529ab9ec3dabeedff99676ab3d291c97 Size/MD5: 95974 9a6fe4ce4c41c3045935bbaaf36bf1c8 Size/MD5: 9532 54837904b0034e3bc7179033a22df851 . Eucalyptus permits illicit password alterations, granting administrative privileges. Upgrade Ubuntu 10.10 to secure the system.. Eucalyptus Exploit, Privilege Escalation, Ubuntu Security, Password Reset Issue. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Dec 16, 2010 Important Ubuntu
Banner 1 1028x280 1708121660 1771599717
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoracritical

Fedora 11: 2009-8468 Critical Remote Admin Password Reset Issue

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-8468 2009-08-11 21:51:50 -------------------------------------------------------------------------------- Name : wordpress Product : Fedora 11 Version : 2.8.3 Release : 2.fc11 URL : https://wordpress.org/ Summary : WordPress blogging software Description : Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. -------------------------------------------------------------------------------- Update Information: security update to fix "Remote admin reset password": -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 11 2009 Adrian Reber - 2.8.3-2 - another security update to fix "Remote admin reset password": * Mon Aug 3 2009 Adrian Reber - 2.8.3-1 - updated to 2.8.3 for security fixes * Tue Jul 28 2009 Adrian Reber - 2.8.2-1 - updated to 2.8.2 for security fixes - BZ 512900 - fixed "wrong-script-end-of-line-encoding" of license.txt - correctly disable auto update check - fixed an error message from 'find' during the build * Mon Jul 27 2009 Fedora Release Engineering - 2.8.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Fri Jul 10 2009 Adrian Reber - 2.8.1-1 - updated to 2.8.1 for security fixes - BZ 510745 * Mon Jun 22 2009 Adrian Reber - 2.8-1 - updated to 2.8 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update wordpress' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . security update to fix "Remote admin reset password": . Linux distribution Fedora has issued updates addressing a critical vulnerability linked to the remote administration password recovery feature.. Fedora Updates, WordPress Security, Admin Access Issues, Password Reset, Security Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 11, 2009 Critical Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here