Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
172
security advisoryUbuntuimportantUbuntu 22.04 Tar-FS Important Security Flaws USN-8367-1
Several security issues were fixed in tar-fs.. ========================================================================== Ubuntu Security Notice USN-8367-1 June 02, 2026 node-tar-fs vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in tar-fs. Software Description: - node-tar-fs: File system bindings for tar-stream Details: It was discovered that tar-fs did not properly limit paths when extracting crafted tar files. An attacker could possibly use this issue to write or overwrite files outside the intended extraction directory. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-12905) It was discovered that tar-fs did not properly validate extraction paths for certain crafted tar archives. An attacker could possibly use this issue to write files outside the intended extraction directory. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-48387) It was discovered that tar-fs had a symlink validation bypass when extracting crafted tar files. An attacker could possibly use this issue to write files outside the intended extraction directory. (CVE-2025-59343) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 node-tar-fs 3.0.9+~cs2.0.4-1+deb13u1build0.25.10.1 Ubuntu 24.04 LTS node-tar-fs 2.1.1-6ubuntu0.24.04.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS node-tar-fs 2.1.1-6ubuntu0.22.04.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8367-1 CVE-2024-12905, CVE-2025-48387, CVE-2025-59343 Package Information: https://launchpad.net/ubuntu/+source/node-tar-fs/3.0.9+~cs2.0.4-1+deb13u1build0.25.10.1 . Multiple critical issues in tar-fs affecting Ubuntu 22.04 and 24.04 require immediate updates to ensure system security.. tar-fs vulnerabilities, Ubuntu 22.04 security, file extraction risk. . Severity: Important. LinuxSecurity.com Team
Jun 02, 2026
•Important
Ubuntu
89
security advisoryfedoraimportantFedora 43 scitokens-cpp Important Boundary Validation Update Found
Fix scope path boundary validation to deny sibling-prefix authorization bypasses Reject parent-directory traversal in scope paths, including encoded traversal forms Add regression tests covering sibling-prefix and traversal authorization checks. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-52c99ecf64 2026-03-23 01:07:08.010689+00:00 -------------------------------------------------------------------------------- Name : scitokens-cpp Product : Fedora 43 Version : 1.4.1 Release : 1.fc43 URL : https://github.com/scitokens/scitokens-cpp Summary : C++ Implementation of the SciTokens Library Description : C++ Implementation of the SciTokens Library -------------------------------------------------------------------------------- Update Information: Fix scope path boundary validation to deny sibling-prefix authorization bypasses Reject parent-directory traversal in scope paths, including encoded traversal forms Add regression tests covering sibling-prefix and traversal authorization checks -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 13 2026 Derek Weitzel - 1.4.1-1 - Fix scope path boundary validation to deny sibling-prefix authorization bypasses - Reject parent-directory traversal in scope paths, including encoded traversal forms - Add regression tests covering sibling-prefix and traversal authorization checks -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-52c99ecf64' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 23, 2026
•Important
Fedora
89
security advisoryfedoraauthorization bypassFedora 44 SciTokens-CPP Critical Path Validation Fix 2026-176625c3fc
Fix scope path boundary validation to deny sibling-prefix authorization bypasses Reject parent-directory traversal in scope paths, including encoded traversal forms Add regression tests covering sibling-prefix and traversal authorization checks. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-176625c3fc 2026-03-23 00:15:11.960107+00:00 -------------------------------------------------------------------------------- Name : scitokens-cpp Product : Fedora 44 Version : 1.4.1 Release : 1.fc44 URL : https://github.com/scitokens/scitokens-cpp Summary : C++ Implementation of the SciTokens Library Description : C++ Implementation of the SciTokens Library -------------------------------------------------------------------------------- Update Information: Fix scope path boundary validation to deny sibling-prefix authorization bypasses Reject parent-directory traversal in scope paths, including encoded traversal forms Add regression tests covering sibling-prefix and traversal authorization checks -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 13 2026 Derek Weitzel - 1.4.1-1 - Fix scope path boundary validation to deny sibling-prefix authorization bypasses - Reject parent-directory traversal in scope paths, including encoded traversal forms - Add regression tests covering sibling-prefix and traversal authorization checks -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-176625c3fc' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 23, 2026
Fedora
202
security advisorysoftware updatesecurity fixopenSUSE: 2021:0295-1 Important: librepo Path Issue Moderate Fix
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for librepo ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0295-1 Rating: important References: #1175475 Cross-References: CVE-2020-14352 CVSS scores: CVE-2020-14352 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2020-14352 (SUSE): 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for librepo fixes the following issues: - Upgrade to 1.12.1 + Validate path read from repomd.xml (bsc#1175475, CVE-2020-14352) - Changes from 1.12.0 + Prefer mirrorlist/metalink over baseurl (rh#1775184) + Decode package URL when using for local filename (rh#1817130) + Fix memory leak in lr_download_metadata() and lr_yum_download_remote() + Download sources work when at least one of specified is working (rh#1775184) This update was imported from the SUSE:SLE-15-SP2:Update update project. This update was imported from the openSUSE:Leap:15.2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2021-295=1 Package List: - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64): librepo-devel-1.12.1-bp152.2.6.1 librepo0-1.12.1-bp152.2.6.1 python3-librepo-1.12.1-bp152.2.6.1 References: https://www.suse.com/security/cve/CVE-2020-14352.html https://bugzilla.suse.com/1175475 . A crucial announcement for openSUSEaddresses a vulnerability in librepo through improved path validation to ensure stronger security.. openSUSE Security Update, librepo patch, software security advisory. . Severity: Important. LinuxSecurity.com Team
Feb 15, 2021
•Important
OpenSUSE
202
security advisoryupdateupdate informationopenSUSE Leap 15.2: openSUSE-SU-2021:0277-1 Important: Librepo Path Issue
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for librepo ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0277-1 Rating: important References: #1175475 Cross-References: CVE-2020-14352 CVSS scores: CVE-2020-14352 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2020-14352 (SUSE): 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for librepo fixes the following issues: - Upgrade to 1.12.1 + Validate path read from repomd.xml (bsc#1175475, CVE-2020-14352) - Changes from 1.12.0 + Prefer mirrorlist/metalink over baseurl (rh#1775184) + Decode package URL when using for local filename (rh#1817130) + Fix memory leak in lr_download_metadata() and lr_yum_download_remote() + Download sources work when at least one of specified is working (rh#1775184) This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-277=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): librepo-debuginfo-1.12.1-lp152.2.6.1 librepo-debugsource-1.12.1-lp152.2.6.1 librepo-devel-1.12.1-lp152.2.6.1 librepo0-1.12.1-lp152.2.6.1 librepo0-debuginfo-1.12.1-lp152.2.6.1 python3-librepo-1.12.1-lp152.2.6.1 python3-librepo-debuginfo-1.12.1-lp152.2.6.1 References: https://www.suse.com/security/cve/CVE-2020-14352.html https://bugzilla.suse.com/1175475 . An essential patch for librepo in openSUSE has been released to resolve CVE-2020-14352, with critical updates now accessible.. OpenSUSE Security Update, Librepo Fix, Important Update. . Severity: Important. LinuxSecurity.com Team
Feb 12, 2021
•Important
OpenSUSE
89
security advisoryupdateFedoraFedora 31: FEDORA-2020-7906a64449 Critical Directory Traversal Issue
- Update to 1.12.1 - Validate path read from repomd.xml (RhBug:1868639). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-7906a64449 2020-10-18 15:47:50.624333 --------------------------------------------------------------------------------Name : librepo Product : Fedora 31 Version : 1.12.1 Release : 1.fc31 URL : https://github.com/rpm-software-management/librepo Summary : Repodata downloading library Description : A library providing C and Python (libcURL like) API to downloading repository metadata. --------------------------------------------------------------------------------Update Information: - Update to 1.12.1 - Validate path read from repomd.xml (RhBug:1868639) --------------------------------------------------------------------------------ChangeLog: * Wed Oct 7 2020 Nicola Sella - 1.12.1-1 * Update to 1.12.1 - Validate path read from repomd.xml (RhBug:1868639) --------------------------------------------------------------------------------References: [ 1 ] Bug #1868639 - CVE-2020-14352 librepo: missing path validation in repomd.xml may lead to directory traversal [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1868639 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-7906a64449' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 18, 2020
•Critical
Fedora
87
security advisorydenial of servicecriticalDebian: DSA-4626-1 Critical Update for PHP7.3 Security Issues
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4626-1
Feb 17, 2020
•Critical
Debian
100
security advisorymoderateXSSSUSE: 2019:2743-1 Moderate: Python Path Validation and XSS Fix
An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2743-1 Rating: moderate References: #1130840 #1149955 #1153238 Cross-References: CVE-2019-16056 CVE-2019-16935 CVE-2019-9947 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-9947: Fixed an insufficient validation of URL paths with embedded whitespace or control characters that could allow HTTP header injections. (bsc#1130840) - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2019-2743=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patchSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2743=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2743=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2743=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2743=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2743=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2743=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.14-7.24.1 python-base-debugsource-2.7.14-7.24.1 python-curses-2.7.14-7.24.1 python-curses-debuginfo-2.7.14-7.24.1 python-debuginfo-2.7.14-7.24.1 python-debugsource-2.7.14-7.24.1 python-devel-2.7.14-7.24.1 python-gdbm-2.7.14-7.24.1 python-gdbm-debuginfo-2.7.14-7.24.1 python-xml-2.7.14-7.24.1 python-xml-debuginfo-2.7.14-7.24.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.24.1 python-debugsource-2.7.14-7.24.1 python-demo-2.7.14-7.24.1 python-idle-2.7.14-7.24.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libpython2_7-1_0-32bit-2.7.14-7.24.1 libpython2_7-1_0-32bit-debuginfo-2.7.14-7.24.1 python-32bit-2.7.14-7.24.1 python-32bit-debuginfo-2.7.14-7.24.1 python-base-32bit-2.7.14-7.24.1 python-base-32bit-debuginfo-2.7.14-7.24.1 python-base-debugsource-2.7.14-7.24.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python-doc-2.7.14-7.24.2 python-doc-pdf-2.7.14-7.24.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.24.1 python-debugsource-2.7.14-7.24.1 python-demo-2.7.14-7.24.1 python-idle-2.7.14-7.24.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python-doc-2.7.14-7.24.2 python-doc-pdf-2.7.14-7.24.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.24.1 python-debugsource-2.7.14-7.24.1 python-tk-2.7.14-7.24.1 python-tk-debuginfo-2.7.14-7.24.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.24.1 python-debugsource-2.7.14-7.24.1 python-tk-2.7.14-7.24.1 python-tk-debuginfo-2.7.14-7.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.14-7.24.1 libpython2_7-1_0-debuginfo-2.7.14-7.24.1 python-2.7.14-7.24.1 python-base-2.7.14-7.24.1 python-base-debuginfo-2.7.14-7.24.1 python-base-debugsource-2.7.14-7.24.1 python-debuginfo-2.7.14-7.24.1 python-debugsource-2.7.14-7.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.14-7.24.1 libpython2_7-1_0-debuginfo-2.7.14-7.24.1 python-2.7.14-7.24.1 python-base-2.7.14-7.24.1 python-base-debuginfo-2.7.14-7.24.1 python-base-debugsource-2.7.14-7.24.1 python-curses-2.7.14-7.24.1 python-curses-debuginfo-2.7.14-7.24.1 python-debuginfo-2.7.14-7.24.1 python-debugsource-2.7.14-7.24.1 python-devel-2.7.14-7.24.1 python-gdbm-2.7.14-7.24.1 python-gdbm-debuginfo-2.7.14-7.24.1 python-xml-2.7.14-7.24.1 python-xml-debuginfo-2.7.14-7.24.1 References: https://www.suse.com/security/cve/CVE-2019-16056.html https://www.suse.com/security/cve/CVE-2019-16935.html https://www.suse.com/security/cve/CVE-2019-9947.html https://bugzilla.suse.com/1130840 https://bugzilla.suse.com/1149955 https://bugzilla.suse.com/1153238 _______________________________________________ sle-security-updates mailing list
Oct 22, 2019
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!