Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -2 articles for you...
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydebianrequest smuggling

Debian 11: DLA-3947-1 critical: puma request smuggling and proxy issue

Two vulnerabilities have been fixed in puma, a threaded HTTP server for Ruby/Rack applications. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3947-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Abhijith PA November 06, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : puma Version : 4.3.8-1+deb11u3 CVE ID : CVE-2024-21647 CVE-2024-45614 Two vulnerabilities have been fixed in puma, a threaded HTTP server for Ruby/Rack applications. CVE-2024-21647 Incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. CVE-2024-45614 Clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For). Any users relying on proxy set variables is affected. For Debian 11 bullseye, these problems have been fixed in version 4.3.8-1+deb11u3. We recommend that you upgrade your puma packages. For the detailed security status of puma please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/puma Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The latest security update DLA-3948-1 concerns critical flaws in the Apache web server within Debian, urging users to promptly update for enhanced protection.. Debian Security, Puma Server, HTTP Vulnerabilities, Request Smuggling. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 06, 2024 Critical Debian LTS
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorycriticalremote attack

Ubuntu 23.04 USN-6399-1 Critical: Puma HTTP Request Smuggling

Puma could allow HTTP Request Smuggling attacks.. ========================================================================== Ubuntu Security Notice USN-6399-1 September 27, 2023 puma vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 Summary: Puma could allow HTTP Request Smuggling attacks. Software Description: - puma: threaded HTTP 1.1 server for Ruby/Rack applications Details: It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP request Smuggling attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: puma 5.6.5-3ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6399-1 CVE-2023-40175 Package Information: https://launchpad.net/ubuntu/+source/puma/5.6.5-3ubuntu1.1 . The Apache web server on Ubuntu 23.04 is exposed to HTTP request smuggling threats. Please upgrade to rectify potential security issues.. HTTP Smuggling Attack, Ubuntu Puma Update, Server Security Threats. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 27, 2023 Critical Ubuntu
Banner 2 1028x280 1708121730 1 1771599631
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydenial of servicecritical

Debian 10: DLA-3083-1 Critical: Puma DoS and Request Smuggling Threats

Multiple security issues have been found in puma, a web server for ruby/rack applications. CVE-2021-29509 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3083-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Abhijith PA August 28, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : puma Version : 3.12.0-2+deb10u3 CVE ID : CVE-2021-29509 CVE-2021-41136 CVE-2022-23634 CVE-2022-24790 Multiple security issues have been found in puma, a web server for ruby/rack applications. CVE-2021-29509 Keepalive Connections Causing Denial Of Service in puma. CVE-2021-41136 puma with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. CVE-2022-23634 puma may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. CVE-2022-24790 using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma For Debian 10 buster, these problems have been fixed in version 3.12.0-2+deb10u3. We recommend that you upgrade your puma packages. For the detailed security status of puma please refer to its security tracker pageat: https://security-tracker.debian.org/tracker/source-package/puma Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Several vulnerabilities identified in Puma impacting web server functionality, notably including denial of service conditions and request smuggling exploits.. Puma Security, Debian LTS, Web Server Threats, Security Updates. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 27, 2022 Critical Debian LTS
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorydenial of servicegentoo

Gentoo: GLSA-202208-28 Low Severity: Puma Denial Of Service Issues

Multiple vulnerabilities have been discovered in Puma, the worst of which could result in denial of service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Puma: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #794034, #817893, #833155, #836431 ID: 202208-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Puma, the worst of which could result in denial of service. Background ========= Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/puma < 5.6.4 > = 5.6.4 Description ========== Multiple vulnerabilities have been discovered in Puma. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Puma users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-servers/puma-5.6.4" References ========= [ 1 ] CVE-2021-29509 https://nvd.nist.gov/vuln/detail/CVE-2021-29509 [ 2 ] CVE-2021-41136 https://nvd.nist.gov/vuln/detail/CVE-2021-41136 [ 3 ] CVE-2022-23634 https://nvd.nist.gov/vuln/detail/CVE-2022-23634 [ 4 ] CVE-2022-24790 https://nvd.nist.gov/vuln/detail/CVE-2022-24790 Availability =========== ThisGLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-28 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . A security advisory for Gentoo users outlines low-severity Puma vulnerabilities that may cause denial of service issues.. Gentoo Security Advisory,Puma Threats,Service Disruption. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Aug 14, 2022 Low Gentoo
Banner 2 1028x280 1708121730 1 1771599631
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydenial of serviceinformation leak

Debian 9: DLA-3023-1 Important: Puma HTTP Splitting and DoS Threats

Several security vulnerabilities have been discovered in puma, a web server for Ruby/Rack applications. These flaws may lead to information leakage due to not always closing response bodies, allowing untrusted input in a response header (HTTP Response Splitting) and thus potentially facilitating several other . -------------------------------------------------------------------------Debian LTS Advisory DLA-3023-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany May 26, 2022 https://wiki.debian.org/LTS -------------------------------------------------------------------------Package : puma Version : 3.6.0-1+deb9u2 CVE ID : CVE-2019-16770 CVE-2020-5247 CVE-2022-23634 Debian Bug : 946312 952766 1005391 Several security vulnerabilities have been discovered in puma, a web server for Ruby/Rack applications. These flaws may lead to information leakage due to not always closing response bodies, allowing untrusted input in a response header (HTTP Response Splitting) and thus potentially facilitating several other attacks like cross-site scripting. A poorly-behaved client could also use keepalive requests to monopolize Puma's reactor and create a denial of service attack. For Debian 9 stretch, these problems have been fixed in version 3.6.0-1+deb9u2. We recommend that you upgrade your puma packages. For the detailed security status of puma please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/puma Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice USN-4557-1 tackles vulnerabilities in the libcurl library that could allow remote attackers to execute arbitrary code and cause service disruptions. Update advised.. Puma Security Update, Debian LTS Advisory, SecurityVulnerabilities Tracking. . Severity: Important. LinuxSecurity.com Team

Calendar 2 May 25, 2022 Important Debian LTS
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticaldebian

Debian 11: DSA-5146-1 Critical: Puma Information Disclosure Issue

Multiple security vulnerabilities were discovered in Puma, a HTTP server for Ruby/Rack applications, which could result in HTTP request smuggling or information disclosure. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5146-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : puma CVE ID : CVE-2021-41136 CVE-2022-23634 CVE-2022-24790 Multiple security vulnerabilities were discovered in Puma, a HTTP server for Ruby/Rack applications, which could result in HTTP request smuggling or information disclosure. For the stable distribution (bullseye), this problem has been fixed in version 4.3.8-1+deb11u2. We recommend that you upgrade your puma packages. For the detailed security status of puma please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/puma Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Apache HTTP Server patches on Ubuntu address vulnerabilities related to request forgery and information leakage.. Puma Update, Debian Security, HTTP Server Fixes, Ruby Rack Security, Software Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 24, 2022 Critical Debian
Banner 2 1028x280 1708121730 1 1771599631
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycriticaldebian

Debian: DLA-2398-1 Critical: Puma HTTP Smuggling Issues

Several security vulnerabilities have been discovered in puma, highly concurrent HTTP server for Ruby/Rack applications. CVE-2020-11076 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2398-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Abhijith PA October 07, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : puma Version : 3.6.0-1+deb9u1 CVE ID : CVE-2020-11076 CVE-2020-11077 Several security vulnerabilities have been discovered in puma, highly concurrent HTTP server for Ruby/Rack applications. CVE-2020-11076 By using an invalid transfer-encoding header, an attacker could smuggle an HTTP response. CVE-2020-11077 client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. For Debian 9 stretch, this problem has been fixed in version 3.6.0-1+deb9u1. We recommend that you upgrade your puma packages. For the detailed security status of puma please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/puma Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-2400-1 tackles significant concerns within puma, highlightingrisks associated with HTTP smuggling exploits.. Debian LTS,puma http server,security update,HTTP smuggling,security vulnerability. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 07, 2020 Critical Debian LTS
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here