Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

Stay Secure with the Latest Linux Advisories

Ubuntu Large Esm H800
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H800
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 1 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedorasoftware update

Fedora 40: FEDORA-2024-a09456b7a9 moderate curl leak and disabled protocol

fix Usage of disabled protocol (CVE-2024-2004) fix HTTP/2 push headers memory-leak (CVE-2024-2398). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-a09456b7a9 2024-04-19 21:20:20.797945 -------------------------------------------------------------------------------- Name : curl Product : Fedora 40 Version : 8.6.0 Release : 8.fc40 URL : https://curl.se/ Summary : A utility for getting files from remote servers (FTP, HTTP, and others) Description : curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. -------------------------------------------------------------------------------- Update Information: fix Usage of disabled protocol (CVE-2024-2004) fix HTTP/2 push headers memory-leak (CVE-2024-2398) -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 3 2024 Jan Macku - 8.6.0-8 - fix Usage of disabled protocol (CVE-2024-2004) - fix HTTP/2 push headers memory-leak (CVE-2024-2398) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2270498 - CVE-2024-2398 curl: HTTP/2 push headers memory-leak https://bugzilla.redhat.com/show_bug.cgi?id=2270498 [ 2 ] Bug #2270500 - CVE-2024-2004 curl: Usage of disabled protocol https://bugzilla.redhat.com/show_bug.cgi?id=2270500 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-a09456b7a9' at thecommand line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Fedora's curl Upgrade Addresses Inactive Protocol Utilization and Memory Leak Problems Alongside Setup Directions.. Fedora Curl Update, Memory Leak, Protocol Fix, Security Advisory. . LinuxSecurity.com Team

Calendar 2 Apr 19, 2024 Fedora
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderate severitymemory leak

SUSE: 2024:1151-1 Moderate Curl Memory Leak And Protocol Fix

* bsc#1221665 * bsc#1221667 Cross-References: * CVE-2024-2004 . # Security update for curl Announcement ID: SUSE-SU-2024:1151-1 Rating: moderate References: * bsc#1221665 * bsc#1221667 Cross-References: * CVE-2024-2004 * CVE-2024-2398 CVSS scores: * CVE-2024-2004 ( SUSE ): 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N * CVE-2024-2398 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) * CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-1151=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2024-1151=1 * openSUSE Leap Micro 5.4 zypper in -t patchopenSUSE-Leap-Micro-5.4-2024-1151=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1151=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2024-1151=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2024-1151=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2024-1151=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2024-1151=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2024-1151=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2024-1151=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2024-1151=1 * SUSE Linux Enterprise High Performance Computing 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2024-1151=1 * SUSE Linux Enterprise Server 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2024-1151=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2024-1151=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2024-1151=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-1151=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-1151=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-1151=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-1151=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-1151=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1151=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libcurl4-debuginfo-8.0.1-150400.5.44.1 *curl-8.0.1-150400.5.44.1 * libcurl4-8.0.1-150400.5.44.1 * libcurl-devel-8.0.1-150400.5.44.1 * curl-debugsource-8.0.1-150400.5.44.1 * curl-debuginfo-8.0.1-150400.5.44.1 * openSUSE Leap 15.4 (x86_64) * libcurl-devel-32bit-8.0.1-150400.5.44.1 * libcurl4-32bit-8.0.1-150400.5.44.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.44.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libcurl-devel-64bit-8.0.1-150400.5.44.1 * libcurl4-64bit-8.0.1-150400.5.44.1 * libcurl4-64bit-debuginfo-8.0.1-150400.5.44.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libcurl4-debuginfo-8.0.1-150400.5.44.1 * curl-8.0.1-150400.5.44.1 * libcurl4-8.0.1-150400.5.44.1 * curl-debugsource-8.0.1-150400.5.44.1 * curl-debuginfo-8.0.1-150400.5.44.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libcurl4-debuginfo-8.0.1-150400.5.44.1 * curl-8.0.1-150400.5.44.1 * libcurl4-8.0.1-150400.5.44.1 * curl-debugsource-8.0.1-150400.5.44.1 * curl-debuginfo-8.0.1-150400.5.44.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libcurl4-debuginfo-8.0.1-150400.5.44.1 * curl-8.0.1-150400.5.44.1 * libcurl4-8.0.1-150400.5.44.1 * libcurl-devel-8.0.1-150400.5.44.1 * curl-debugsource-8.0.1-150400.5.44.1 * curl-debuginfo-8.0.1-150400.5.44.1 * openSUSE Leap 15.5 (x86_64) * libcurl-devel-32bit-8.0.1-150400.5.44.1 * libcurl4-32bit-8.0.1-150400.5.44.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.44.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * libcurl4-8.0.1-150400.5.44.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * libcurl4-8.0.1-150400.5.44.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libcurl4-8.0.1-150400.5.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libcurl4-8.0.1-150400.5.44.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * libcurl4-8.0.1-150400.5.44.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) *libcurl4-8.0.1-150400.5.44.1 * SUSE Manager Proxy 4.3 (x86_64) * libcurl4-8.0.1-150400.5.44.1 * SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64) * libcurl4-8.0.1-150400.5.44.1 * SUSE Linux Enterprise Server 15 SP5 (aarch64 ppc64le s390x x86_64) * libcurl4-8.0.1-150400.5.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libcurl4-8.0.1-150400.5.44.1 * SUSE Linux Enterprise Desktop 15 SP5 (x86_64) * libcurl4-8.0.1-150400.5.44.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libcurl4-debuginfo-8.0.1-150400.5.44.1 * curl-8.0.1-150400.5.44.1 * libcurl4-8.0.1-150400.5.44.1 * curl-debugsource-8.0.1-150400.5.44.1 * curl-debuginfo-8.0.1-150400.5.44.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libcurl4-debuginfo-8.0.1-150400.5.44.1 * curl-8.0.1-150400.5.44.1 * libcurl4-8.0.1-150400.5.44.1 * curl-debugsource-8.0.1-150400.5.44.1 * curl-debuginfo-8.0.1-150400.5.44.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libcurl4-debuginfo-8.0.1-150400.5.44.1 * curl-8.0.1-150400.5.44.1 * libcurl4-8.0.1-150400.5.44.1 * curl-debugsource-8.0.1-150400.5.44.1 * curl-debuginfo-8.0.1-150400.5.44.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libcurl4-debuginfo-8.0.1-150400.5.44.1 * curl-8.0.1-150400.5.44.1 * libcurl4-8.0.1-150400.5.44.1 * curl-debugsource-8.0.1-150400.5.44.1 * curl-debuginfo-8.0.1-150400.5.44.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libcurl4-debuginfo-8.0.1-150400.5.44.1 * curl-8.0.1-150400.5.44.1 * libcurl4-8.0.1-150400.5.44.1 * curl-debugsource-8.0.1-150400.5.44.1 * curl-debuginfo-8.0.1-150400.5.44.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libcurl4-debuginfo-8.0.1-150400.5.44.1 * curl-8.0.1-150400.5.44.1 * libcurl4-8.0.1-150400.5.44.1 * libcurl-devel-8.0.1-150400.5.44.1 *curl-debugsource-8.0.1-150400.5.44.1 * curl-debuginfo-8.0.1-150400.5.44.1 * Basesystem Module 15-SP5 (x86_64) * libcurl4-32bit-8.0.1-150400.5.44.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.44.1 ## References: * https://www.suse.com/security/cve/CVE-2024-2004.html * https://www.suse.com/security/cve/CVE-2024-2398.html * https://bugzilla.suse.com/show_bug.cgi?id=1221665 * https://bugzilla.suse.com/show_bug.cgi?id=1221667 . The recent curl update fixes two significant problems: one related to protocol logic management and the other tackling potential memory leak vulnerabilities, both deemed moderately severe. SUSE Security Update, Curl Memory Leak, Protocol Logic Fix. . LinuxSecurity.com Team

Calendar 2 Apr 08, 2024 SuSE
Banner 4 1028x280 1708121825 1771600306
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorycriticalopenssh

Ubuntu 23.10 OpenSSH USN-6560-1 Critical: Protocol Attack Mitigation

Several security issues were fixed in OpenSSH.. ========================================================================== Ubuntu Security Notice USN-6560-1 December 19, 2023 openssh vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in OpenSSH. Software Description: - openssh: secure shell (SSH) for secure access to remote machines Details: Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue. (CVE-2023-48795) Luci Stanescu discovered that OpenSSH incorrectly added destination constraints when smartcard keys were added to ssh-agent, contrary to expectations. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-28531) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: openssh-client 1:9.3p1-1ubuntu3.1 openssh-server 1:9.3p1-1ubuntu3.1 Ubuntu 23.04: openssh-client 1:9.0p1-1ubuntu8.6 openssh-server 1:9.0p1-1ubuntu8.6 Ubuntu 22.04 LTS: openssh-client 1:8.9p1-3ubuntu0.5 openssh-server 1:8.9p1-3ubuntu0.5 Ubuntu 20.04 LTS: openssh-client 1:8.2p1-4ubuntu0.10 openssh-server 1:8.2p1-4ubuntu0.10 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6560-1 CVE-2023-28531, CVE-2023-48795 Package Information: https://launchpad.net/ubuntu/+source/openssh/1:9.3p1-1ubuntu3.1 https://launchpad.net/ubuntu/+source/openssh/1:9.0p1-1ubuntu8.6 https://launchpad.net/ubuntu/+source/openssh/1:8.9p1-3ubuntu0.5 https://launchpad.net/ubuntu/+source/openssh/1:8.2p1-4ubuntu0.10 . Debian Security Notice DSN-3445-1 underscores vital OpenSSL updates correcting vulnerabilities in multiple releases.. OpenSSH Fix, Remote Access Security, Protocol Mitigation, System Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Dec 19, 2023 Critical Ubuntu
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoramoderate threat

Fedora 35: FEDORA-2022-39688a779d Moderate: Curl HSTS Bypass Fix

- url: use IDN decoded names for HSTS checks (CVE-2022-42916) - http_proxy: restore the protocol pointer on error (CVE-2022-42915) - netrc: replace fgets with Curl_get_line (CVE-2022-35260) - fix POST following PUT confusion (CVE-2022-32221). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-39688a779d 2022-11-10 16:21:24.293504 --------------------------------------------------------------------------------Name : curl Product : Fedora 35 Version : 7.79.1 Release : 7.fc35 URL : https://curl.se/ Summary : A utility for getting files from remote servers (FTP, HTTP, and others) Description : curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. --------------------------------------------------------------------------------Update Information: - url: use IDN decoded names for HSTS checks (CVE-2022-42916) - http_proxy: restore the protocol pointer on error (CVE-2022-42915) - netrc: replace fgets with Curl_get_line (CVE-2022-35260) - fix POST following PUT confusion (CVE-2022-32221) --------------------------------------------------------------------------------ChangeLog: * Wed Oct 26 2022 Kamil Dudka - 7.79.1-7 - url: use IDN decoded names for HSTS checks (CVE-2022-42916) - http_proxy: restore the protocol pointer on error (CVE-2022-42915) - netrc: replace fgets with Curl_get_line (CVE-2022-35260) - fix POST following PUT confusion (CVE-2022-32221) --------------------------------------------------------------------------------References: [ 1 ] Bug #2137769 - CVE-2022-42916 curl: HSTS bypass viaIDN [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2137769 [ 2 ] Bug #2137780 - CVE-2022-32221 curl: POST following PUT confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2137780 [ 3 ] Bug #2138111 - CVE-2022-42915 curl: HTTP proxy double-free [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2138111 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-39688a779d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . The recent curl update for Fedora 35 enhances performance and security, focusing on improved IDN checks to handle non-ASCII domain names and fix HTTP proxy handling issues. curl update, Fedora security, HTTP proxy, HSTS checks, protocol issues. . LinuxSecurity.com Team

Calendar 2 Nov 10, 2022 Fedora
Banner 4 1028x280 1708121825 1771600306
217
Ls Advisories Oracle Esm H240
Price Tag 1security advisorysoftware patchmoderate severity

Moderate Security Advisory ELSA-2021-4059 for Curl in Oracle Linux 8

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2021-4059 https://linux.oracle.com/errata/ELSA-2021-4059.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: curl-7.61.1-18.el8_4.2.x86_64.rpm libcurl-7.61.1-18.el8_4.2.i686.rpm libcurl-7.61.1-18.el8_4.2.x86_64.rpm libcurl-devel-7.61.1-18.el8_4.2.i686.rpm libcurl-devel-7.61.1-18.el8_4.2.x86_64.rpm libcurl-minimal-7.61.1-18.el8_4.2.i686.rpm libcurl-minimal-7.61.1-18.el8_4.2.x86_64.rpm aarch64: curl-7.61.1-18.el8_4.2.aarch64.rpm libcurl-7.61.1-18.el8_4.2.aarch64.rpm libcurl-devel-7.61.1-18.el8_4.2.aarch64.rpm libcurl-minimal-7.61.1-18.el8_4.2.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates/curl-7.61.1-18.el8_4.2.src.rpm Related CVEs: CVE-2021-22946 CVE-2021-22947 Description of changes: [7.61.1-18.el8_4.2] - fix STARTTLS protocol injection via MITM (CVE-2021-22947) - fix protocol downgrade required TLS bypass (CVE-2021-22946) _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux Security Bulletin ELSA-2021-4059 presents curl patches addressing significant vulnerabilities and improvements to overall system security stability.. Oracle Linux Updates, Curl Security, Software Update Advisory, Oracle Security Fixes, Open Source Update. . LinuxSecurity.com Team

Calendar 2 Nov 02, 2021 Oracle
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderateupdate

SUSE: 2021:399-1 Moderate: Curl Protocol Security Issues

The container suse/sle15 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:399-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.513 Container Release : 6.2.513 Severity : moderate Type : security References : 1190373 1190374 CVE-2021-22946 CVE-2021-22947 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3297-1 Released: Wed Oct 6 16:53:29 2021 Summary: Security update for curl Type: security Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). . SUSE Container Refresh for suse/sle15 features updates for vim that tackle significant security vulnerabilities.. SUSE/sle15, Container Update, Curl Security Patch. . LinuxSecurity.com Team

Calendar 2 Oct 13, 2021 SuSE
Banner 4 1028x280 1708121825 1771600306
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorymoderate severityTLS

openSUSE: 2021:3298-1 Moderate: Curl Protocol Fixes - Threat Mitigated

An update that fixes two vulnerabilities is now available. . openSUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:3298-1 Rating: moderate References: #1190373 #1190374 Cross-References: CVE-2021-22946 CVE-2021-22947 CVSS scores: CVE-2021-22946 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-22947 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3298=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): curl-7.66.0-4.27.1 curl-debuginfo-7.66.0-4.27.1 curl-debugsource-7.66.0-4.27.1 libcurl-devel-7.66.0-4.27.1 libcurl4-7.66.0-4.27.1 libcurl4-debuginfo-7.66.0-4.27.1 - openSUSE Leap 15.3 (x86_64): libcurl-devel-32bit-7.66.0-4.27.1 libcurl4-32bit-7.66.0-4.27.1 libcurl4-32bit-debuginfo-7.66.0-4.27.1 References: https://www.suse.com/security/cve/CVE-2021-22946.html https://www.suse.com/security/cve/CVE-2021-22947.html https://bugzilla.suse.com/1190373 https://bugzilla.suse.com/1190374 . A Fedora security patch for wget resolves low-impact vulnerabilities related to SSL and protocol fallbackattacks.. openSUSE Curl Update, Security Patch, Protocol Security Fix. . LinuxSecurity.com Team

Calendar 2 Oct 06, 2021 OpenSUSE
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorycriticalFedora

Fedora 11: 2009-7359 Critical: Pidgin Protocol Fixes for DoS

Several important bug fixes: - More fixes for Yahoo protocol 16 - MSN, MySpace, XMPP - CVE-2009-1889. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-7359 2009-07-03 18:38:40 -------------------------------------------------------------------------------- Name : pidgin Product : Fedora 11 Version : 2.5.8 Release : 1.fc11 URL : http://pidgin.im/ Summary : A Gtk+ based multiprotocol instant messaging client Description : Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. -------------------------------------------------------------------------------- Update Information: Several important bug fixes: - More fixes for Yahoo protocol 16 - MSN, MySpace, XMPP - CVE-2009-1889 -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 28 2009 Warren Togami 2.5.8-1 - 2.5.8 with several important bug fixes * Mon Jun 22 2009 Warren Togami 2.5.7-2 - glib2 compat with RHEL-4 * Sat Jun 20 2009 Warren Togami 2.5.7-1 - 2.5.7 with Yahoo Protocol 16 support * Wed May 20 2009 Stu Tomlinson 2.5.6-1 - 2.5.6 * Mon Apr 20 2009 Warren Togami 2.5.5-3 - F12+ removed krb4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #508738 - CVE-2009-1889 pidgin: DoS via specially-crafted ICQWebMessage https://bugzilla.redhat.com/show_bug.cgi?id=508738 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update pidgin' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Pidgin version 2.7.0 on Fedora 11 has been patched for notable bugs affecting key messaging protocols such as Yahoo and MSN. This update is vital for maintaining security.. Pidgin Update,Fedora 11,Instant Messaging Security,Protocol Fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 03, 2009 Critical Fedora
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here