Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -7 articles for you...
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydebianrequest smuggling

Debian 11: DLA-3947-1 critical: puma request smuggling and proxy issue

Two vulnerabilities have been fixed in puma, a threaded HTTP server for Ruby/Rack applications. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3947-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Abhijith PA November 06, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : puma Version : 4.3.8-1+deb11u3 CVE ID : CVE-2024-21647 CVE-2024-45614 Two vulnerabilities have been fixed in puma, a threaded HTTP server for Ruby/Rack applications. CVE-2024-21647 Incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. CVE-2024-45614 Clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For). Any users relying on proxy set variables is affected. For Debian 11 bullseye, these problems have been fixed in version 4.3.8-1+deb11u3. We recommend that you upgrade your puma packages. For the detailed security status of puma please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/puma Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The latest security update DLA-3948-1 concerns critical flaws in the Apache web server within Debian, urging users to promptly update for enhanced protection.. Debian Security, Puma Server, HTTP Vulnerabilities, Request Smuggling. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 06, 2024 Critical Debian LTS
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hat Enterprise Linuxhttpd

Red Hat Enterprise Linux RHSA-2016:1421-01 Important: Httpd Proxy Issue

An update for httpd is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2016:1421-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1421 Issue date: 2016-07-18 CVE Names: CVE-2016-5387 ==================================================================== 1. Summary: An update for httpd is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGIscripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5387) Note: After this update, httpd will no longer pass the value of the Proxy request header to scripts via the HTTP_PROXY environment variable. Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1353755 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: httpd-2.2.3-92.el5_11.src.rpm i386: httpd-2.2.3-92.el5_11.i386.rpm httpd-debuginfo-2.2.3-92.el5_11.i386.rpm mod_ssl-2.2.3-92.el5_11.i386.rpm x86_64: httpd-2.2.3-92.el5_11.x86_64.rpm httpd-debuginfo-2.2.3-92.el5_11.x86_64.rpm mod_ssl-2.2.3-92.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop Workstation (v. 5 client): Source: httpd-2.2.3-92.el5_11.src.rpm i386: httpd-debuginfo-2.2.3-92.el5_11.i386.rpm httpd-devel-2.2.3-92.el5_11.i386.rpm httpd-manual-2.2.3-92.el5_11.i386.rpm x86_64: httpd-debuginfo-2.2.3-92.el5_11.i386.rpm httpd-debuginfo-2.2.3-92.el5_11.x86_64.rpm httpd-devel-2.2.3-92.el5_11.i386.rpm httpd-devel-2.2.3-92.el5_11.x86_64.rpm httpd-manual-2.2.3-92.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: httpd-2.2.3-92.el5_11.src.rpm i386: httpd-2.2.3-92.el5_11.i386.rpm httpd-debuginfo-2.2.3-92.el5_11.i386.rpm httpd-devel-2.2.3-92.el5_11.i386.rpm httpd-manual-2.2.3-92.el5_11.i386.rpm mod_ssl-2.2.3-92.el5_11.i386.rpm ia64: httpd-2.2.3-92.el5_11.ia64.rpm httpd-debuginfo-2.2.3-92.el5_11.ia64.rpm httpd-devel-2.2.3-92.el5_11.ia64.rpm httpd-manual-2.2.3-92.el5_11.ia64.rpm mod_ssl-2.2.3-92.el5_11.ia64.rpm ppc: httpd-2.2.3-92.el5_11.ppc.rpm httpd-debuginfo-2.2.3-92.el5_11.ppc.rpm httpd-debuginfo-2.2.3-92.el5_11.ppc64.rpm httpd-devel-2.2.3-92.el5_11.ppc.rpm httpd-devel-2.2.3-92.el5_11.ppc64.rpm httpd-manual-2.2.3-92.el5_11.ppc.rpm mod_ssl-2.2.3-92.el5_11.ppc.rpm s390x: httpd-2.2.3-92.el5_11.s390x.rpm httpd-debuginfo-2.2.3-92.el5_11.s390.rpm httpd-debuginfo-2.2.3-92.el5_11.s390x.rpm httpd-devel-2.2.3-92.el5_11.s390.rpm httpd-devel-2.2.3-92.el5_11.s390x.rpm httpd-manual-2.2.3-92.el5_11.s390x.rpm mod_ssl-2.2.3-92.el5_11.s390x.rpm x86_64: httpd-2.2.3-92.el5_11.x86_64.rpm httpd-debuginfo-2.2.3-92.el5_11.i386.rpm httpd-debuginfo-2.2.3-92.el5_11.x86_64.rpm httpd-devel-2.2.3-92.el5_11.i386.rpm httpd-devel-2.2.3-92.el5_11.x86_64.rpm httpd-manual-2.2.3-92.el5_11.x86_64.rpm mod_ssl-2.2.3-92.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: httpd-2.2.15-54.el6_8.src.rpm i386: httpd-2.2.15-54.el6_8.i686.rpm httpd-debuginfo-2.2.15-54.el6_8.i686.rpm httpd-tools-2.2.15-54.el6_8.i686.rpm x86_64: httpd-2.2.15-54.el6_8.x86_64.rpm httpd-debuginfo-2.2.15-54.el6_8.x86_64.rpm httpd-tools-2.2.15-54.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: httpd-debuginfo-2.2.15-54.el6_8.i686.rpm httpd-devel-2.2.15-54.el6_8.i686.rpm mod_ssl-2.2.15-54.el6_8.i686.rpm noarch: httpd-manual-2.2.15-54.el6_8.noarch.rpm x86_64: httpd-debuginfo-2.2.15-54.el6_8.i686.rpm httpd-debuginfo-2.2.15-54.el6_8.x86_64.rpm httpd-devel-2.2.15-54.el6_8.i686.rpm httpd-devel-2.2.15-54.el6_8.x86_64.rpm mod_ssl-2.2.15-54.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v.6): Source: httpd-2.2.15-54.el6_8.src.rpm x86_64: httpd-2.2.15-54.el6_8.x86_64.rpm httpd-debuginfo-2.2.15-54.el6_8.x86_64.rpm httpd-tools-2.2.15-54.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: httpd-manual-2.2.15-54.el6_8.noarch.rpm x86_64: httpd-debuginfo-2.2.15-54.el6_8.i686.rpm httpd-debuginfo-2.2.15-54.el6_8.x86_64.rpm httpd-devel-2.2.15-54.el6_8.i686.rpm httpd-devel-2.2.15-54.el6_8.x86_64.rpm mod_ssl-2.2.15-54.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: httpd-2.2.15-54.el6_8.src.rpm i386: httpd-2.2.15-54.el6_8.i686.rpm httpd-debuginfo-2.2.15-54.el6_8.i686.rpm httpd-devel-2.2.15-54.el6_8.i686.rpm httpd-tools-2.2.15-54.el6_8.i686.rpm mod_ssl-2.2.15-54.el6_8.i686.rpm noarch: httpd-manual-2.2.15-54.el6_8.noarch.rpm ppc64: httpd-2.2.15-54.el6_8.ppc64.rpm httpd-debuginfo-2.2.15-54.el6_8.ppc.rpm httpd-debuginfo-2.2.15-54.el6_8.ppc64.rpm httpd-devel-2.2.15-54.el6_8.ppc.rpm httpd-devel-2.2.15-54.el6_8.ppc64.rpm httpd-tools-2.2.15-54.el6_8.ppc64.rpm mod_ssl-2.2.15-54.el6_8.ppc64.rpm s390x: httpd-2.2.15-54.el6_8.s390x.rpm httpd-debuginfo-2.2.15-54.el6_8.s390.rpm httpd-debuginfo-2.2.15-54.el6_8.s390x.rpm httpd-devel-2.2.15-54.el6_8.s390.rpm httpd-devel-2.2.15-54.el6_8.s390x.rpm httpd-tools-2.2.15-54.el6_8.s390x.rpm mod_ssl-2.2.15-54.el6_8.s390x.rpm x86_64: httpd-2.2.15-54.el6_8.x86_64.rpm httpd-debuginfo-2.2.15-54.el6_8.i686.rpm httpd-debuginfo-2.2.15-54.el6_8.x86_64.rpm httpd-devel-2.2.15-54.el6_8.i686.rpm httpd-devel-2.2.15-54.el6_8.x86_64.rpm httpd-tools-2.2.15-54.el6_8.x86_64.rpm mod_ssl-2.2.15-54.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: httpd-2.2.15-54.el6_8.src.rpm i386: httpd-2.2.15-54.el6_8.i686.rpm httpd-debuginfo-2.2.15-54.el6_8.i686.rpm httpd-devel-2.2.15-54.el6_8.i686.rpm httpd-tools-2.2.15-54.el6_8.i686.rpm mod_ssl-2.2.15-54.el6_8.i686.rpm noarch: httpd-manual-2.2.15-54.el6_8.noarch.rpm x86_64: httpd-2.2.15-54.el6_8.x86_64.rpm httpd-debuginfo-2.2.15-54.el6_8.i686.rpm httpd-debuginfo-2.2.15-54.el6_8.x86_64.rpm httpd-devel-2.2.15-54.el6_8.i686.rpm httpd-devel-2.2.15-54.el6_8.x86_64.rpm httpd-tools-2.2.15-54.el6_8.x86_64.rpm mod_ssl-2.2.15-54.el6_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2016-5387 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/security/vulnerabilities/httpoxy https://access.redhat.com/solutions/2435501 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXjRKWXlSAg2UNWIIRAuYFAKCbMane2A8RGeMttlhWN5oOqEalVACfcpO0 mucqLyROq2uEzvYACbvy2Pg=6fzs -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Important notice regarding httpd in Red Hat Enterprise Linux concerning possible vulnerabilities with proxy headers that could be exploited.. Red Hat Enterprise Linux,httpd security,proxy header exploit,Apache patch,critical update. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 18, 2016 Important Red Hat
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here