Alerts This Week
Warning Icon 1 566
Alerts This Week
Warning Icon 1 566

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 44 Transmission 4.1.2 Important Clickjacking Fix CVE-2026-38978

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 libre 4.8.1 Critical Update Details for Real-Time Communication

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 NextCloud Update Denial of Service JSON Tampering 2026-30881a5be7

Calendar White Jun 05, 2026
Important
Fedora Large Esm H800
Fedora

Fedora 44 python-starlette Security Fix for CVE-2026-48710

Calendar White Jun 05, 2026
Critical
Fedora Large Esm H900
Fedora

Fedora 44 perl-Cpanel-JSON-XS Moderate Denial of Service CVE-2026-9516

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 rubygem-yard High Path Traversal Fix Vuln 2026-acefc1fe48

Calendar White Jun 05, 2026
high
Fedora Large Esm H800
Fedora

Fedora 44 Rust Sequoia Sop Low-Severity Fix Advisory 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Fedora Large Esm H900
Fedora

Fedora 44 rust-sequoia-sq Low Threat Security Advisory 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Fedora Large Esm H900
Fedora

Fedora 44 rust-sequoia-wot Low Severity Security Fix 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 1 articles for you...
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydenial of servicebuffer overflow

Debian LTS: DLA-3036-1 Moderate: pjproject Denial Of Service Threat

Multiple security issues were discovered in pjproject, is a free and open source multimedia communication library CVE-2022-24763 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3036-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Abhijith PA May 31, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : pjproject Version : 2.5.5~dfsg-6+deb9u5 CVE ID : CVE-2022-24763 CVE-2022-24792 CVE-2022-24793 Multiple security issues were discovered in pjproject, is a free and open source multimedia communication library CVE-2022-24763 a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. CVE-2022-24792 A denial-of-service vulnerability affects applications on a 32-bit systems to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files CVE-2022-24793 A buffer overflow vulnerability affects applications that uses PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. For Debian 9 stretch, these problems have been fixed in version 2.5.5~dfsg-6+deb9u5. We recommend that you upgrade your pjproject packages. For the detailed security status of pjproject please refer to its security tracker page at: Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu ESM USN-5210-1 patches qemu to mitigate critical security flaws that need prompt resolution.. Debian LTS Security, pjproject Update, Multimedia Communication, Denial of Service, Buffer Overflow. .Severity: Important. LinuxSecurity.com Team

Calendar 2 May 31, 2022 Important Debian LTS
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorysecurity issuecritical

Debian 9: DLA-2962-2 Critical: PJProject Security Regression Fix

The security update announced as DLA 2962-1 have a regression due to mistake in backported CVE-2022-23608 patch. Updated packages of pjproject are now available. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2962-2 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Abhijith PA March 31, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : pjproject Version : 2.5.5~dfsg-6+deb9u4 CVE ID : CVE-2022-23608 The security update announced as DLA 2962-1 have a regression due to mistake in backported CVE-2022-23608 patch. Updated packages of pjproject are now available. For Debian 9 stretch, this problem has been fixed in version 2.5.5~dfsg-6+deb9u4. We recommend that you upgrade your pjproject packages. For the detailed security status of pjproject please refer to its security tracker page at: Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . DLA-2963-3 pertains to a vulnerability in the netfilter module; enhanced patches have been released for Ubuntu 18.04 Bionic Beaver users.. Debian LTS,pjproject update,security regression,software patch,fixed vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 31, 2022 Critical Debian LTS
Banner 2 1028x280 1708121730 1 1771599631
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorybuffer overflowcritical

Debian: DLA-2962-1 Critical pjproject Denial Of Service Issues

Multiple security issues were discovered in pjproject, is a free and open source multimedia communication library. CVE-2021-32686 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2962-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Abhijith PA March 28, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : pjproject Version : 2.5.5~dfsg-6+deb9u3 CVE ID : CVE-2021-32686 CVE-2021-37706 CVE-2021-41141 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301 CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845 CVE-2022-21722 CVE-2022-21723 CVE-2022-23608 CVE-2022-24754 CVE-2022-24764 Multiple security issues were discovered in pjproject, is a free and open source multimedia communication library. CVE-2021-32686 A race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed during handshake. s. They cause crash, resulting in a denial of service. CVE-2021-37706 An incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine CVE-2021-41141 In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. CVE-2021-43299 Stack overflow in PJSUA API when callingpjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. CVE-2021-43300 Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. CVE-2021-43301 Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. CVE-2021-43302 Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters. CVE-2021-43303 Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied CVE-2021-43804 An incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access. A malicious actor can send a RTCP BYE message with an invalid reason length CVE-2021-43845 if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access CVE-2022-21722 it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. CVE-2022-21723 Parsing an incoming SIP message that contains a malformed multipart can potentially causeout-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. CVE-2022-23608 When in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop CVE-2022-24754 There is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). CVE-2022-24764 A stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()` For Debian 9 stretch, these problems have been fixed in version 2.5.5~dfsg-6+deb9u3. We recommend that you upgrade your pjproject packages. For the detailed security status of pjproject please refer to its security tracker page at: Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Recent Debian LTS notice addresses several vulnerabilities identified in pjproject, urging immediate updates of packages to enhance security.. pjproject Security, Debian Advisory, Multimedia Communication, Critical Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 28, 2022 Critical Debian LTS
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorydenial of servicemoderate severity

Mageia 8: MGASA-2021-0559 Moderate: PJProject Denial Of Service Risk

Updated pjproject packages fix security vulnerability: In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/ . MGASA-2021-0559 - Updated pjproject packages fix security vulnerability Publication date: 19 Dec 2021 URL: https://advisories.mageia.org/MGASA-2021-0559.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-32686 Updated pjproject packages fix security vulnerability: In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/ listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service (CVE-2021-32686). References: - https://bugs.mageia.org/show_bug.cgi?id=29317 - https://www.cve.org/CVERecord?id=CVE-2021-32686 SRPMS: - 8/core/pjproject-2.10-5.3.mga8 . Mageia has released MGASA-2021-0560 which tackles vulnerabilities in OpenSSL potentially exposing users to data breaches.. Mageia Security Update,PJProject Issues,SSL Vulnerability Fix,Denial of Service. . LinuxSecurity.com Team

Calendar 2 Dec 19, 2021 Mageia
Banner 2 1028x280 1708121730 1 1771599631
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorymoderateman-in-the-middle

Mageia 8 Moderate Advisory: PJProject Man-In-The-Middle & DoS Threats

Currently, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is insufficient for secure transport since it lacks remote hostname authentication. The vulnerability allows for an insecure interaction without user awareness. It affects users who need access to connections to different destinations that translate to the same address, . MGASA-2021-0337 - Updated pjproject packages fix security vulnerabilities Publication date: 10 Jul 2021 URL: https://advisories.mageia.org/MGASA-2021-0337.html Type: security Affected Mageia releases: 8 CVE: CVE-2020-15260, CVE-2021-21375 Currently, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is insufficient for secure transport since it lacks remote hostname authentication. The vulnerability allows for an insecure interaction without user awareness. It affects users who need access to connections to different destinations that translate to the same address, and allows man-in-the-middle attack if attacker can route a connection to another destination such as in the case of DNS spoofing (CVE-2020-15260). An issue has been found in pjproject. Due to bad handling of two consecutive crafted answers to an INVITE, the attacker is able to crash the server resulting in a denial of service (CVE-2021-21375). References: - https://bugs.mageia.org/show_bug.cgi?id=28998 - https://github.com/pjsip/pjproject/security/advisories/GHSA-8hcp-hm38-mfph - https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp - https://lists.debian.org/debian-lts-announce/2021/04/msg00023.html - https://www.cve.org/CVERecord?id=CVE-2020-15260 - https://www.cve.org/CVERecord?id=CVE-2021-21375 SRPMS: - 8/core/pjproject-2.10-5.2.mga8 . Recent enhancements to pjproject resolve critical vulnerabilities in Mageia 8, targeting man-in-the-middle exploits and denial-of-service risks.. pjproject Update, Mageia Security, Transport Vulnerability, PJSIP Security. . Severity: Important. LinuxSecurity.comTeam

Calendar 2 Jul 10, 2021 Important Mageia
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorydenial of servicemoderate severity

Mageia 7: MGASA-2021-0336 Denial Of Service Risk in PJProject

An issue has been found in pjproject. Due to bad handling of two consecutive crafted answers to an INVITE, the attacker is able to crash the server resulting in a denial of service (CVE-2021-21375). References: . MGASA-2021-0336 - Updated pjproject packages fix a security vulnerability Publication date: 10 Jul 2021 URL: https://advisories.mageia.org/MGASA-2021-0336.html Type: security Affected Mageia releases: 7 CVE: CVE-2021-21375 An issue has been found in pjproject. Due to bad handling of two consecutive crafted answers to an INVITE, the attacker is able to crash the server resulting in a denial of service (CVE-2021-21375). References: - https://bugs.mageia.org/show_bug.cgi?id=28998 - https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp - https://lists.debian.org/debian-lts-announce/2021/04/msg00023.html - https://www.cve.org/CVERecord?id=CVE-2021-21375 SRPMS: - 7/core/pjproject-2.7.2-1.1.mga7 . MGASA-2021-0457 released updated libcurl packages address a vulnerability affecting Mageia 8, posing a risk of data exposure.. pjproject security update, Mageia security advisory, denial of service risk. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 10, 2021 Important Mageia
Banner 2 1028x280 1708121730 1 1771599631
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydenial of servicecritical issue

Debian 9 DLA-2665-1 Critical: Ring Denial Of Service Issue

An issue has been found in ring, a secure and distributed voice, video and chat platform. Actually the embedded copy of pjproject is affected by this CVE. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2665-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Thorsten Alteholz May 23, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : ring Version : 20161221.2.7bd7d91~dfsg1-1+deb9u1 CVE ID : CVE-2021-21375 An issue has been found in ring, a secure and distributed voice, video and chat platform. Actually the embedded copy of pjproject is affected by this CVE. Due to bad handling of two consecutive crafted answers to an INVITE, the attacker is able to crash the server resulting in a denial of service. For Debian 9 stretch, this problem has been fixed in version 20161221.2.7bd7d91~dfsg1-1+deb9u1. We recommend that you upgrade your ring packages. For the detailed security status of ring please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/ring Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice: USN-1234-1 advisory addressing critical security vulnerability in nginx, April 15, 2023.. Debian Security Update, Ring Software Patch, Voice Video Security. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 23, 2021 Critical Debian LTS
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydenial of servicesecurity issue

Debian 9: DLA-2636-1 Moderate: pjproject Denial Of Service Issue

An issue has been found in pjproject, a set of libraries for the PJ Project. Due to bad handling of two consecutive crafted answers to an INVITE, the . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2636-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Thorsten Alteholz April 23, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : pjproject Version : 2.5.5~dfsg-6+deb9u2 CVE ID : CVE-2021-21375 An issue has been found in pjproject, a set of libraries for the PJ Project. Due to bad handling of two consecutive crafted answers to an INVITE, the attacker is able to crash the server resulting in a denial of service. For Debian 9 stretch, this problem has been fixed in version 2.5.5~dfsg-6+deb9u2. We recommend that you upgrade your pjproject packages. For the detailed security status of pjproject please refer to its security tracker page at: Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Notification DLA-2636-1 has been released to tackle a vulnerability in pjproject that may lead to server instability.. pjproject security, Debian LTS update, denial of service issue. . LinuxSecurity.com Team

Calendar 2 Apr 23, 2021 Debian LTS
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here