Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
202
security advisorylocal privilege escalationimportantopenSUSE Leap 15.6 Kea Important Local Privilege Escalation Update
An update that solves three vulnerabilities can now be installed.. # Security update for kea Announcement ID: SUSE-SU-2026:1091-1 Release Date: 2026-03-26T17:48:28Z Rating: important References: * bsc#1243240 Cross-References: * CVE-2025-32801 * CVE-2025-32802 * CVE-2025-32803 CVSS scores: * CVE-2025-32801 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-32801 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-32801 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-32802 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-32802 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-32802 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-32803 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-32803 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2025-32803 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for kea fixes the following issues: Update to release 2.6.3 (bsc#1243240): * CVE-2025-32801: Fixed loading a malicious hook library can lead to local privilege escalation. * CVE-2025-32802: Fixed insecure handling of file paths allows multiple local attacks. * CVE-2025-32803: Fixed insecure file permissions can result in confidential information leakage. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1091=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1091=1 openSUSE-SLE-15.6-2026-1091=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1091=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libkea-util86-debuginfo-2.6.3-150600.13.6.1 * python3-kea-2.6.3-150600.13.6.1 * libkea-dhcpsrv111-2.6.3-150600.13.6.1 * libkea-exceptions33-debuginfo-2.6.3-150600.13.6.1 * libkea-cfgclient66-debuginfo-2.6.3-150600.13.6.1 * libkea-eval69-2.6.3-150600.13.6.1 * libkea-log61-2.6.3-150600.13.6.1 * kea-debuginfo-2.6.3-150600.13.6.1 * libkea-util86-2.6.3-150600.13.6.1 * kea-hooks-debuginfo-2.6.3-150600.13.6.1 * libkea-asiodns49-debuginfo-2.6.3-150600.13.6.1 * libkea-dns++57-2.6.3-150600.13.6.1 * libkea-cryptolink50-2.6.3-150600.13.6.1 * libkea-process74-debuginfo-2.6.3-150600.13.6.1 * libkea-dhcp_ddns57-debuginfo-2.6.3-150600.13.6.1 * libkea-cryptolink50-debuginfo-2.6.3-150600.13.6.1 * kea-devel-2.6.3-150600.13.6.1 * libkea-stats41-2.6.3-150600.13.6.1 * libkea-util-io0-debuginfo-2.6.3-150600.13.6.1 * libkea-hooks100-debuginfo-2.6.3-150600.13.6.1 * libkea-process74-2.6.3-150600.13.6.1 * libkea-stats41-debuginfo-2.6.3-150600.13.6.1 * libkea-tcp19-debuginfo-2.6.3-150600.13.6.1 * libkea-asiolink72-debuginfo-2.6.3-150600.13.6.1 * libkea-d2srv47-2.6.3-150600.13.6.1 * libkea-dns++57-debuginfo-2.6.3-150600.13.6.1 * libkea-cc68-2.6.3-150600.13.6.1 * libkea-exceptions33-2.6.3-150600.13.6.1 * kea-hooks-2.6.3-150600.13.6.1 * libkea-dhcp++92-2.6.3-150600.13.6.1 * libkea-dhcp_ddns57-2.6.3-150600.13.6.1 * libkea-d2srv47-debuginfo-2.6.3-150600.13.6.1 * libkea-database62-debuginfo-2.6.3-150600.13.6.1 * libkea-log61-debuginfo-2.6.3-150600.13.6.1 * libkea-mysql71-2.6.3-150600.13.6.1 * libkea-cfgclient66-2.6.3-150600.13.6.1 * kea-debugsource-2.6.3-150600.13.6.1 * libkea-mysql71-debuginfo-2.6.3-150600.13.6.1 * libkea-eval69-debuginfo-2.6.3-150600.13.6.1 * libkea-pgsql71-2.6.3-150600.13.6.1 * kea-2.6.3-150600.13.6.1 * libkea-database62-2.6.3-150600.13.6.1 * libkea-pgsql71-debuginfo-2.6.3-150600.13.6.1 * libkea-hooks100-2.6.3-150600.13.6.1 * libkea-http72-debuginfo-2.6.3-150600.13.6.1 * libkea-tcp19-2.6.3-150600.13.6.1 * libkea-http72-2.6.3-150600.13.6.1 * libkea-dhcpsrv111-debuginfo-2.6.3-150600.13.6.1 * libkea-asiodns49-2.6.3-150600.13.6.1 * libkea-cc68-debuginfo-2.6.3-150600.13.6.1 * libkea-util-io0-2.6.3-150600.13.6.1 * libkea-asiolink72-2.6.3-150600.13.6.1 * libkea-dhcp++92-debuginfo-2.6.3-150600.13.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * kea-doc-2.6.3-150600.13.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libkea-util86-debuginfo-2.6.3-150600.13.6.1 * python3-kea-2.6.3-150600.13.6.1 * libkea-dhcpsrv111-2.6.3-150600.13.6.1 * libkea-exceptions33-debuginfo-2.6.3-150600.13.6.1 * libkea-cfgclient66-debuginfo-2.6.3-150600.13.6.1 * libkea-eval69-2.6.3-150600.13.6.1 * libkea-log61-2.6.3-150600.13.6.1 * kea-debuginfo-2.6.3-150600.13.6.1 * libkea-util86-2.6.3-150600.13.6.1 * kea-hooks-debuginfo-2.6.3-150600.13.6.1 * libkea-asiodns49-debuginfo-2.6.3-150600.13.6.1 * libkea-dns++57-2.6.3-150600.13.6.1 * libkea-cryptolink50-2.6.3-150600.13.6.1 * libkea-process74-debuginfo-2.6.3-150600.13.6.1 * libkea-dhcp_ddns57-debuginfo-2.6.3-150600.13.6.1 * libkea-cryptolink50-debuginfo-2.6.3-150600.13.6.1 * kea-devel-2.6.3-150600.13.6.1 * libkea-stats41-2.6.3-150600.13.6.1 * libkea-util-io0-debuginfo-2.6.3-150600.13.6.1 * libkea-hooks100-debuginfo-2.6.3-150600.13.6.1 * libkea-process74-2.6.3-150600.13.6.1 * libkea-stats41-debuginfo-2.6.3-150600.13.6.1 * libkea-tcp19-debuginfo-2.6.3-150600.13.6.1 *libkea-asiolink72-debuginfo-2.6.3-150600.13.6.1 * libkea-d2srv47-2.6.3-150600.13.6.1 * libkea-dns++57-debuginfo-2.6.3-150600.13.6.1 * libkea-cc68-2.6.3-150600.13.6.1 * libkea-exceptions33-2.6.3-150600.13.6.1 * kea-hooks-2.6.3-150600.13.6.1 * libkea-dhcp++92-2.6.3-150600.13.6.1 * libkea-dhcp_ddns57-2.6.3-150600.13.6.1 * libkea-d2srv47-debuginfo-2.6.3-150600.13.6.1 * libkea-database62-debuginfo-2.6.3-150600.13.6.1 * libkea-log61-debuginfo-2.6.3-150600.13.6.1 * libkea-mysql71-2.6.3-150600.13.6.1 * libkea-cfgclient66-2.6.3-150600.13.6.1 * kea-debugsource-2.6.3-150600.13.6.1 * libkea-mysql71-debuginfo-2.6.3-150600.13.6.1 * libkea-eval69-debuginfo-2.6.3-150600.13.6.1 * libkea-pgsql71-2.6.3-150600.13.6.1 * kea-2.6.3-150600.13.6.1 * libkea-database62-2.6.3-150600.13.6.1 * libkea-pgsql71-debuginfo-2.6.3-150600.13.6.1 * libkea-hooks100-2.6.3-150600.13.6.1 * libkea-http72-debuginfo-2.6.3-150600.13.6.1 * libkea-tcp19-2.6.3-150600.13.6.1 * libkea-http72-2.6.3-150600.13.6.1 * libkea-dhcpsrv111-debuginfo-2.6.3-150600.13.6.1 * libkea-asiodns49-2.6.3-150600.13.6.1 * libkea-cc68-debuginfo-2.6.3-150600.13.6.1 * libkea-util-io0-2.6.3-150600.13.6.1 * libkea-asiolink72-2.6.3-150600.13.6.1 * libkea-dhcp++92-debuginfo-2.6.3-150600.13.6.1 * openSUSE Leap 15.6 (noarch) * kea-doc-2.6.3-150600.13.6.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libkea-util86-debuginfo-2.6.3-150600.13.6.1 * python3-kea-2.6.3-150600.13.6.1 * libkea-dhcpsrv111-2.6.3-150600.13.6.1 * libkea-exceptions33-debuginfo-2.6.3-150600.13.6.1 * libkea-cfgclient66-debuginfo-2.6.3-150600.13.6.1 * libkea-eval69-2.6.3-150600.13.6.1 * libkea-log61-2.6.3-150600.13.6.1 * kea-debuginfo-2.6.3-150600.13.6.1 * libkea-util86-2.6.3-150600.13.6.1 * kea-hooks-debuginfo-2.6.3-150600.13.6.1 * libkea-asiodns49-debuginfo-2.6.3-150600.13.6.1 * libkea-dns++57-2.6.3-150600.13.6.1 *libkea-cryptolink50-2.6.3-150600.13.6.1 * libkea-process74-debuginfo-2.6.3-150600.13.6.1 * libkea-dhcp_ddns57-debuginfo-2.6.3-150600.13.6.1 * libkea-cryptolink50-debuginfo-2.6.3-150600.13.6.1 * kea-devel-2.6.3-150600.13.6.1 * libkea-stats41-2.6.3-150600.13.6.1 * libkea-util-io0-debuginfo-2.6.3-150600.13.6.1 * libkea-hooks100-debuginfo-2.6.3-150600.13.6.1 * libkea-process74-2.6.3-150600.13.6.1 * libkea-stats41-debuginfo-2.6.3-150600.13.6.1 * libkea-tcp19-debuginfo-2.6.3-150600.13.6.1 * libkea-asiolink72-debuginfo-2.6.3-150600.13.6.1 * libkea-d2srv47-2.6.3-150600.13.6.1 * libkea-dns++57-debuginfo-2.6.3-150600.13.6.1 * libkea-cc68-2.6.3-150600.13.6.1 * libkea-exceptions33-2.6.3-150600.13.6.1 * kea-hooks-2.6.3-150600.13.6.1 * libkea-dhcp++92-2.6.3-150600.13.6.1 * libkea-dhcp_ddns57-2.6.3-150600.13.6.1 * libkea-d2srv47-debuginfo-2.6.3-150600.13.6.1 * libkea-database62-debuginfo-2.6.3-150600.13.6.1 * libkea-log61-debuginfo-2.6.3-150600.13.6.1 * libkea-mysql71-2.6.3-150600.13.6.1 * libkea-cfgclient66-2.6.3-150600.13.6.1 * kea-debugsource-2.6.3-150600.13.6.1 * libkea-mysql71-debuginfo-2.6.3-150600.13.6.1 * libkea-eval69-debuginfo-2.6.3-150600.13.6.1 * libkea-pgsql71-2.6.3-150600.13.6.1 * kea-2.6.3-150600.13.6.1 * libkea-database62-2.6.3-150600.13.6.1 * libkea-pgsql71-debuginfo-2.6.3-150600.13.6.1 * libkea-hooks100-2.6.3-150600.13.6.1 * libkea-http72-debuginfo-2.6.3-150600.13.6.1 * libkea-tcp19-2.6.3-150600.13.6.1 * libkea-http72-2.6.3-150600.13.6.1 * libkea-dhcpsrv111-debuginfo-2.6.3-150600.13.6.1 * libkea-asiodns49-2.6.3-150600.13.6.1 * libkea-cc68-debuginfo-2.6.3-150600.13.6.1 * libkea-util-io0-2.6.3-150600.13.6.1 * libkea-asiolink72-2.6.3-150600.13.6.1 * libkea-dhcp++92-debuginfo-2.6.3-150600.13.6.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * kea-doc-2.6.3-150600.13.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-32801.html * https://www.suse.com/security/cve/CVE-2025-32802.html * https://www.suse.com/security/cve/CVE-2025-32803.html * https://bugzilla.suse.com/show_bug.cgi?id=1243240 . This update for kea addresses three vulnerabilities in openSUSE, enhancing security in critical processes.. openSUSE updates, kea security, important updates, application vulnerabilities, local attacks. . Severity: Important. LinuxSecurity.com Team
Mar 27, 2026
•Important
OpenSUSE
87
security advisorycriticaldebianDebian: python-internetarchive Critical Path Handling Fix DSA-6035-1
It was discovered that insecure path handling in the Python interface to the Internet Archive/archive.org could result in overwriting a user's files. For the oldstable distribution (bookworm), this problem has been fixed in version 3.3.0-2~deb12u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6035-1
Oct 23, 2025
•Critical
Debian
172
security advisorycriticalremote code executionUbuntu 22.04 LTS: USN-7271-1 critical python-virtualenv remote code exec
python-virtualenv could be made to crash or run programs as your login if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-7271-1 February 18, 2025 python-virtualenv vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: python-virtualenv could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - python-virtualenv: Python virtual environment creator Details: It was discovered that virtualenv incorrectly handled paths when activating virtual environments. An attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS python3-virtualenv 20.13.0+ds-2ubuntu0.1~esm1 Available with Ubuntu Pro virtualenv 20.13.0+ds-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS python3-virtualenv 20.0.17-1ubuntu0.4+esm1 Available with Ubuntu Pro virtualenv 20.0.17-1ubuntu0.4+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7271-1 CVE-2024-53899 . Ubuntu Security Notice USN-7271-2 outlines vulnerabilities in the python-virtualenv package that pose risks to system integrity.. python-virtualenv, remote CodeExecution, ubuntu security, update instructions. . Severity: Critical. LinuxSecurity.com Team
Feb 18, 2025
•Critical
Ubuntu
197
security advisorydebianpath handlingDebian 11: DLA-4046-1 urgent fix for ark archive path issue
A flaw was discovered in ark, an archive utility for the KDE platform. Ark extracted archives with absolute paths to the corresponding location on the user's file system. Absolute paths are now treated as relative paths to prevent overwriting of sensitive information. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4046-1
Feb 08, 2025
•Important
Debian LTS
89
security advisoryFedorasecurity fixFedora 39: FEDORA-2024-c94f884440 critical: less command injection
Security fix for CVE-2024-32487 - less with LESSOPEN mishandles \n in paths. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-c94f884440 2024-09-22 02:03:26.291758 -------------------------------------------------------------------------------- Name : less Product : Fedora 39 Version : 633 Release : 4.fc39 URL : https://www.greenwoodsoftware.com/less/ Summary : A text file browser similar to more, but better Description : The less utility is a text file browser that resembles more, but has more capabilities. Less allows you to move backwards in the file as well as forwards. Since less doesn't have to read the entire input file before it starts, less starts up more quickly than text editors (for example, vi). You should install less because it is a basic utility for viewing text files, and you'll use it frequently. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2024-32487 - less with LESSOPEN mishandles \n in paths -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 21 2024 Michal Hlavinka - 643-6 - fix CVE-2024-32487 - less with LESSOPEN mishandles \n in paths (#2274981) * Sun Jul 28 2024 Michal Hlavinka - 633-3 - fix incorrect display when filename contains control chars -------------------------------------------------------------------------------- References: [ 1 ] Bug #2274980 - CVE-2024-32487 less: OS command injection https://bugzilla.redhat.com/show_bug.cgi?id=2274980 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-c94f884440' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Sep 22, 2024
•Critical
Fedora
100
security advisoryupdatemoderate severitySUSE: 2023:4646-2 Moderate: Haproxy Update for Path Issues
* bsc#1214102 * bsc#1217653 Cross-References: * CVE-2023-40225 . # Security update for haproxy Announcement ID: SUSE-SU-2023:4646-1 Rating: moderate References: * bsc#1214102 * bsc#1217653 Cross-References: * CVE-2023-40225 * CVE-2023-45539 CVSS scores: * CVE-2023-40225 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-40225 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N * CVE-2023-45539 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-45539 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for haproxy fixes the following issues: * CVE-2023-45539: Fixed misinterpretation of a path_end rule with # as part of the URI component (bsc#1217653). * CVE-2023-40225: reject any empty content-length header value (bsc#1214102). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-4646=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * haproxy-debugsource-2.0.31-150100.8.34.1 * haproxy-debuginfo-2.0.31-150100.8.34.1 * haproxy-2.0.31-150100.8.34.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40225.html *https://www.suse.com/security/cve/CVE-2023-45539.html * https://bugzilla.suse.com/show_bug.cgi?id=1214102 * https://bugzilla.suse.com/show_bug.cgi?id=1217653 . Enhance the security of your HAProxy installation by updating and monitoring for CVE issues in SUSE systems.. SUSE Linux, Haproxy Update, Security Measures, Path Handling Fix. . LinuxSecurity.com Team
Dec 14, 2023
SuSE
203
security advisorydenial of servicepath handlingMageia 8: 2022-0356 Moderate: Golang DoS and Path Handling Issues
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. (CVE-2022-27664) JoinPath and URL.JoinPath do not remove ../ path elements appended to a . MGASA-2022-0356 - Updated golang packages fix security vulnerability Publication date: 05 Oct 2022 URL: https://advisories.mageia.org/MGASA-2022-0356.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-27664, CVE-2022-32190 In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. (CVE-2022-27664) JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "", despite the JoinPath documentation stating that ../ path elements are removed from the result. (CVE-2022-32190) References: - https://bugs.mageia.org/show_bug.cgi?id=30835 - https://groups.google.com/g/golang-announce/c/x49AQzIVX-s - https://lists.fedoraproject.org/archives/list/
Oct 05, 2022
Mageia
203
security advisorymoderatesecurity issueMageia 8, MGASA-2022-0280: Moderate Path Issue in Ruby-Sinatra
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. (CVE-2022-29970) References: - https://bugs.mageia.org/show_bug.cgi?id=30542 . MGASA-2022-0280 - Updated ruby-sinatra packages fix security vulnerability Publication date: 13 Aug 2022 URL: https://advisories.mageia.org/MGASA-2022-0280.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-29970 Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. (CVE-2022-29970) References: - https://bugs.mageia.org/show_bug.cgi?id=30542 - https://lists.suse.com/pipermail/sle-security-updates/2022-June/011265.html - https://www.cve.org/CVERecord?id=CVE-2022-29970 SRPMS: - 8/core/ruby-sinatra-2.0.8.1-1.1.mga8 . Python-flask libraries upgraded to resolve image hosting bug in Mageia. Urgent vulnerability notice issued.. Ruby Sinatra,Mageia Security,Static File Validation,Sinatra Update,Mageia Advisory. . LinuxSecurity.com Team
Aug 13, 2022
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!