Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
89
security advisorydenial of servicefedoraFedora 44 Valkey 9.0.3 Critical RESP Injection and DoS Security Advisory
Valkey 9.0.3 - February 23, 2026 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. Security fixes (CVE-2025-67733) RESP Protocol Injection via Lua error_reply. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ca1077dd2e 2026-03-07 00:17:58.502085+00:00 -------------------------------------------------------------------------------- Name : valkey Product : Fedora 44 Version : 9.0.3 Release : 1.fc44 URL : https://valkey.io Summary : A persistent key-value database Description : Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache. You can use Valkey from most programming languages also. See https://valkey.io/topics/ -------------------------------------------------------------------------------- Update Information: Valkey 9.0.3 - February 23, 2026 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. Security fixes (CVE-2025-67733) RESP Protocol Injection via Luaerror_reply (CVE-2026-21863) Remote DoS with malformed Valkey Cluster bus message (CVE-2026-27623) Reset request type after handling empty requests Bug fixes Avoids crash during MODULE UNLOAD when ACL rules reference a module command and subcommand (#3160) Fix server assert on ACL LOAD when current user loses permission to channels (#3182) Fix bug causing no response flush sometimes when IO threads are busy (#3205) -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 24 2026 Remi Collet - 9.0.3-1 - Valkey 9.0.3 - February 23, 2026 - Upgrade urgency SECURITY: This release includes security fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #2442220 - CVE-2025-67733 valkey: Valkey: Data tampering and denial of service via improper null character handling in Lua scripts [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2442220 [ 2 ] Bug #2442222 - CVE-2026-27623 valkey: Valkey: Denial of Service via specially crafted network requests [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2442222 [ 3 ] Bug #2442231 - CVE-2026-21863 valkey: Valkey: Denial of Service via invalid clusterbus packet [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2442231 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ca1077dd2e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list--
Mar 07, 2026
•Critical
Fedora
87
security advisorycriticaldebianDebian: Jetty 12 Critical HTTP/2 Protocol Vulnerability DSA-6006-1
This update for Jetty, a Java servlet engine and web server, addresses a protocol-level vulnerability in HTTP/2 support also referred to as "MadeYouReset". . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6006-1
Sep 19, 2025
•Critical
Debian
202
security advisorysoftware patchmoderate severityopenSUSE 2024:0017-1 moderate: Fix for protocol attack in Grappelli
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for python-django-grappelli ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0017-1 Rating: moderate References: #1216481 Cross-References: CVE-2021-46898 CVSS scores: CVE-2021-46898 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-django-grappelli fixes the following issues: Update to 2.14.4: - CVE-2021-46898: Fixed views/switch.py vulnerable to protocol-relative URL attacks (boo#1216481) - Fixed: Redirect with switch user. - Improved: Remove extra filtering in AutocompleteLookup. - Improved: Added import statement with URLs for quickstart docs. - Improved: Added additional blocks with inlines to allow override. - Fixed: Compatibility with Django 3.1. - Fixed: Docs about adding Grappelli documentation URLS. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-17=1 Package List: - openSUSE Backports SLE-15-SP5 (noarch): python3-django-grappelli-2.14.4-bp155.3.3.1 References: https://www.suse.com/security/cve/CVE-2021-46898.html https://bugzilla.suse.com/1216481 . A fresh update for python-django-grappelli has been made available on openSUSE to tackle a security flaw associated with protocol integrity.. python-django-grappelli update, openSUSE security, protocol-relative attack, moderate severity, software patch. . LinuxSecurity.com Team
Jan 11, 2024
OpenSUSE
172
security advisoryremote accesssystem updateUbuntu 18.04 LTS USN-6560-2 critical: OpenSSH protocol attack mitigation
Several security issues were fixed in OpenSSH.. ========================================================================== Ubuntu Security Notice USN-6560-2 January 11, 2024 openssh vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in OpenSSH. Software Description: - openssh: secure shell (SSH) for secure access to remote machines Details: USN-6560-1 fixed several vulnerabilities in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue. (CVE-2023-48795) It was discovered that OpenSSH incorrectly handled user names or host names with shell metacharacters. An attacker could possibly use this issue to perform OS command injection. This only affected Ubuntu 18.04 LTS. (CVE-2023-51385) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): openssh-client 1:7.6p1-4ubuntu0.7+esm3 openssh-server 1:7.6p1-4ubuntu0.7+esm3 Ubuntu 16.04 LTS (Available with Ubuntu Pro): openssh-client 1:7.2p2-4ubuntu2.10+esm5 openssh-server 1:7.2p2-4ubuntu2.10+esm5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6560-2 https://ubuntu.com/security/notices/USN-6560-1 CVE-2023-48795, CVE-2023-51385 . Security Notice USN-6560-2 for Ubuntu highlights critical security issues in OpenSSH with necessary mitigation steps.. OpenSSH Security, Ubuntu Update, Security Advisory, Protocol Issues, OS Injection. . Severity: Critical. LinuxSecurity.com Team
Jan 11, 2024
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!