Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 11 articles for you...
172
security advisorydenial of serviceeximUbuntu 26.04 LTS Exim Major DoS Vulnerability Risk USN-8270-1
Exim could be made to crash or run programs if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-8270-1 May 12, 2026 exim4 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Exim could be made to crash or run programs if it received specially crafted network traffic. Software Description: - exim4: Exim is a mail transport agent Details: It was discovered that Exim incorrectly handled BDAT body parsing. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS exim4 4.99.1-1ubuntu1.2 exim4-base 4.99.1-1ubuntu1.2 eximon4 4.99.1-1ubuntu1.2 Ubuntu 25.10 exim4 4.98.2-1ubuntu2.2 exim4-base 4.98.2-1ubuntu2.2 eximon4 4.98.2-1ubuntu2.2 Ubuntu 24.04 LTS exim4 4.97-4ubuntu4.5 exim4-base 4.97-4ubuntu4.5 eximon4 4.97-4ubuntu4.5 Ubuntu 22.04 LTS exim4 4.95-4ubuntu2.8 exim4-base 4.95-4ubuntu2.8 eximon4 4.95-4ubuntu2.8 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8270-1 https://launchpad.net/bugs/2152202 Package Information: https://launchpad.net/ubuntu/+source/exim4/4.99.1-1ubuntu1.2 https://launchpad.net/ubuntu/+source/exim4/4.98.2-1ubuntu2.2 https://launchpad.net/ubuntu/+source/exim4/4.97-4ubuntu4.5 https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.8 . Exim in Ubuntu is vulnerable to DoS attacks from crafted traffic, updates recommended for systems affected.. Exim, Ubuntu, security issue, DoS, system update. . Severity: Important. LinuxSecurity.com Team
May 12, 2026
•Important
Ubuntu
172
security advisorysoftware updateUbuntuUbuntu 18.04 LTS, USN-6838-2: Critical Ruby Execution Risk
Ruby could be made to crash or run programs as your login if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-6838-2 February 10, 2025 ruby2.3, ruby2.5 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Ruby could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - ruby2.5: Object-oriented scripting language - ruby2.3: Object-oriented scripting language Details: USN-6838-1 fixed CVE-2024-27281 in Ruby 2.7, Ruby 3.0, Ruby 3.1, and Ruby 3.2. This update provides the corresponding updates for Ruby 2.3 and Ruby 2.5. Original advisory details: It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked into parsing a specially crafted .rdoc_options file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2024-27281) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libruby2.5 2.5.1-1ubuntu1.16+esm3 Available with Ubuntu Pro ruby2.5 2.5.1-1ubuntu1.16+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS libruby2.3 2.3.1-2~ubuntu16.04.16+esm9 Available with Ubuntu Pro ruby2.3 2.3.1-2~ubuntu16.04.16+esm9 Available with Ubuntu Pro In general, a standard system update will make all the necessarychanges. References: https://ubuntu.com/security/notices/USN-6838-2 https://ubuntu.com/security/notices/USN-6838-1 CVE-2024-27281 . Secure your Ubuntu Ruby packages against vulnerabilities that can lead to arbitrary code execution by following these essential steps for updating and verifying installations. ruby2.5 update,ruby2.3 advisory,Ubuntu security notice,execution flaw fix. . Severity: Critical. LinuxSecurity.com Team
Feb 10, 2025
•Critical
Ubuntu
99
security advisorycriticalsoftware updateSlackware 15.0: SSA:2023-320-01 Critical: Gimp Software Update
New gimp packages are available for Slackware 15.0 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gimp (SSA:2023-320-01) New gimp packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/gimp-2.10.36-i586-1_slack15.0.txz: Upgraded. This release fixes security issues: If a user loads a malicious DDS, PSD, or PSP file, this could result in a program crash or possibly the execution of arbitrary code. Please note that this package also requires the updated gegl package. Thanks to henca for the heads-up. For more information, see: https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/ https://www.zerodayinitiative.com/advisories/ZDI-23-1591/ https://www.zerodayinitiative.com/advisories/ZDI-23-1592/ https://www.zerodayinitiative.com/advisories/ZDI-23-1593/ https://www.zerodayinitiative.com/advisories/ZDI-23-1594/ https://www.cve.org/CVERecord?id=CVE-2023-44441 https://www.cve.org/CVERecord?id=CVE-2023-44442 https://www.cve.org/CVERecord?id=CVE-2023-44443 https://www.cve.org/CVERecord?id=CVE-2023-44444 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/gimp-2.10.36-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/gimp-2.10.36-x86_64-1_slack15.0.txz Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware15.0 package: 405c519ddcdd8b84299315dd567c014e gimp-2.10.36-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 03365737f0bfbe3bb2307b6b4670610b gimp-2.10.36-x86_64-1_slack15.0.txz Slackware -current package: 2e4fd2a98e7b7f5cb3fa70242accd547 xap/gimp-2.10.36-i586-1.txz Slackware x86_64 -current package: 1935e4ebc9980f687283785870ae3812 xap/gimp-2.10.36-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg gimp-2.10.36-i586-1_slack15.0.txz +-----+ . Gimp upgrade for Slackware 15.0 resolves significant vulnerabilities, enhancing user protection and program reliability.. Gimp Security Fix, Slackware Update, Software Patch. . Severity: Critical. LinuxSecurity.com Team
Nov 16, 2023
•Critical
Slackware
172
security advisoryremote code executionUbuntuUbuntu 23.04: 6268-1 Critical: GStreamer Base Plugins DoS Issue
GStreamer Base Plugins could be made to crash or run programs if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-6268-1 August 02, 2023 gst-plugins-base1.0 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: GStreamer Base Plugins could be made to crash or run programs if it opened a specially crafted file. Software Description: - gst-plugins-base1.0: GStreamer plugins Details: It was discovered that GStreamer Base Plugins incorrectly handled certain FLAC image tags. A remote attacker could use this issue to cause GStreamer Base Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-37327) It was discovered that GStreamer Base Plugins incorrectly handled certain subtitles. A remote attacker could use this issue to cause GStreamer Base Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-37328) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: gstreamer1.0-plugins-base 1.22.1-1ubuntu1.1 Ubuntu 22.04 LTS: gstreamer1.0-plugins-base 1.20.1-1ubuntu0.1 Ubuntu 20.04 LTS: gstreamer1.0-plugins-base 1.16.3-0ubuntu1.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6268-1 CVE-2023-37327, CVE-2023-37328 Package Information: https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.22.1-1ubuntu1.1 https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.20.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.16.3-0ubuntu1.2 . Enhance your Ubuntu security by applying updates for GStreamerBase Plugins to fix vulnerabilities that could lead to denial of service attacks or unauthorized code execution. GStreamer Base, Ubuntu Security, Denial Of Service, Update Instructions. . Severity: Critical. LinuxSecurity.com Team
Aug 02, 2023
•Critical
Ubuntu
172
security advisorycriticalremote code executionUbuntu: USN-6083-1 Critical: cups-filters Program Crash Risk
cups-filters could be made to crash or run programs if it received specially crafted network traffic.. =========================================================================Ubuntu Security Notice USN-6083-1 May 17, 2023 cups-filters vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: cups-filters could be made to crash or run programs if it received specially crafted network traffic. Software Description: - cups-filters: OpenPrinting CUPS Filters Details: It was discovered that cups-filters incorrectly handled the beh CUPS backend. A remote attacker could possibly use this issue to cause the backend to stop responding or to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: cups-filters 2.0~rc1-0ubuntu1.2 Ubuntu 22.10: cups-filters 1.28.16-1ubuntu0.2 Ubuntu 22.04 LTS: cups-filters 1.28.15-0ubuntu1.2 Ubuntu 20.04 LTS: cups-filters 1.27.4-1ubuntu0.2 Ubuntu 18.04 LTS: cups-filters 1.20.2-0ubuntu3.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6083-1 CVE-2023-24805 Package Information: https://launchpad.net/ubuntu/+source/cups-filters/2.0~rc1-0ubuntu1.2 https://launchpad.net/ubuntu/+source/cups-filters/1.28.16-1ubuntu0.2 https://launchpad.net/ubuntu/+source/cups-filters/1.28.15-0ubuntu1.2 https://launchpad.net/ubuntu/+source/cups-filters/1.27.4-1ubuntu0.2 https://launchpad.net/ubuntu/+source/cups-filters/1.20.2-0ubuntu3.3 . A vulnerability in the CUPS filters of Ubuntu might allow malicious network traffic to cause system crashesor execute arbitrary programs.. cups-filters, Remote Code Execution, Ubuntu Security. . Severity: Critical. LinuxSecurity.com Team
May 17, 2023
•Critical
Ubuntu
203
security advisorydenial of servicethreatMageia: MGASA-2022-0410 Moderate: libtiff Memory Issues and Threats
There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1. (CVE-2022-2519) A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when . MGASA-2022-0410 - Updated libtiff packages fix security vulnerability Publication date: 08 Nov 2022 URL: https://advisories.mageia.org/MGASA-2022-0410.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-3570, CVE-2022-3598 There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1. (CVE-2022-2519) A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input. (CVE-2022-2520) It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input. (CVE-2022-2521) Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact. (CVE-2022-3570) LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-3598) References: - https://bugs.mageia.org/show_bug.cgi?id=30999 - - https://ubuntu.com/security/notices/USN-5705-1 - https://www.cve.org/CVERecord?id=CVE-2022-2519 - https://www.cve.org/CVERecord?id=CVE-2022-2520 - https://www.cve.org/CVERecord?id=CVE-2022-2521 - https://www.cve.org/CVERecord?id=CVE-2022-3570 - https://www.cve.org/CVERecord?id=CVE-2022-3598 SRPMS: - 8/core/libtiff-4.2.0-1.9.mga8 . Mageia's recent libtiff updatetackles severe remote threats, averting system crashes and data breaches due to malicious inputs.. libtiff security,Mageia update,security vulnerability,memory corruption,program crash. . LinuxSecurity.com Team
Nov 08, 2022
Mageia
203
security advisorydenial of servicebuffer overflowMageia 7 MGASA-2021-0113 Moderate: JasPer Buffer Overflow Threat
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components (CVE-2021-3272). A flaw was found in jasper. An out of bounds read issue was found in jp2_decode . MGASA-2021-0113 - Updated jasper packages fix security vulnerability Publication date: 04 Mar 2021 URL: https://advisories.mageia.org/MGASA-2021-0113.html Type: security Affected Mageia releases: 7 CVE: CVE-2021-3272, CVE-2021-26926, CVE-2021-26927 jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components (CVE-2021-3272). A flaw was found in jasper. An out of bounds read issue was found in jp2_decode function which may lead to disclosure of information or program crash (CVE-2021-26926). A flaw was found in jasper. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service (CVE-2021-26927). References: - https://bugs.mageia.org/show_bug.cgi?id=28318 - https://lists.fedoraproject.org/archives/list/
Mar 04, 2021
Mageia
172
security advisorydenial of servicecriticalUbuntu 20.04 LTS USN-4747-1 Critical: Screen Denial of Service
GNU Screen could be made to crash or run programs if it processed specially crafted character sequences.. =========================================================================Ubuntu Security Notice USN-4747-1 February 24, 2021 screen vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: GNU Screen could be made to crash or run programs if it processed specially crafted character sequences. Software Description: - screen: terminal multiplexer with VT100/ANSI terminal emulation Details: Felix Weinmann discovered that GNU Screen incorrectly handled certain character sequences. A remote attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: screen 4.8.0-2ubuntu0.1 Ubuntu 20.04 LTS: screen 4.8.0-1ubuntu0.1 Ubuntu 18.04 LTS: screen 4.6.2-1ubuntu1.1 Ubuntu 16.04 LTS: screen 4.3.1-2ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4747-1 CVE-2021-26937 Package Information: https://launchpad.net/ubuntu/+source/screen/4.8.0-2ubuntu0.1 https://launchpad.net/ubuntu/+source/screen/4.8.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/screen/4.6.2-1ubuntu1.1 https://launchpad.net/ubuntu/+source/screen/4.3.1-2ubuntu0.1 . Exploit discovered in GNU Screen enables potential system crash or unauthorized execution in Ubuntu. A patch is essential for impacted versions.. GNU Screen Vulnerability, Ubuntu Security Update, Denial Of Service. . Severity: Critical.LinuxSecurity.com Team
Feb 24, 2021
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!