Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

Stay Secure with the Latest Linux Advisories

Ubuntu Large Esm H800
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H800
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 25 articles for you...
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisoryremote accessimportant

Significant security update for Putty now available in openSUSE Leap 16-0

An update that solves various issues can now be installed.. openSUSE security update: security update for putty ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20851-1 Rating: important Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves various issues can now be installed. Description: This update for putty fixes the following issues: Changes in putty: - Update to release 0.84 * Fixed a remotely triggerable double-free in RSA key exchange. * Fixed a remotely triggerable crash (assertion failure - program termination) in NIST ECDSA signature verification. * Fixed marking of Telnet and Rlogin session data with a trust sigil after you authenticated to a proxy (possibly allowing a server to spoof a repeat proxy password prompt). * New ability to run a specified command before starting the connection, e.g. to perform wake-on-LAN or a port knock. * Display 'pre-edit text', showing the progress of using multiple keystrokes to compose a single Unicode character. * Improved support for to running the GUI tools on Wayland (fixed startup issues and tuned performance). * Configuring a SSH certificate authority used to fail unless you manually made a config directory, now fixed. * Fixed a spurious "Network error: Socket is not connected" when authenticating to some HTTP proxies. Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-281=1 Package List: - openSUSE Leap 16.0: putty-0.84-bp160.1.1 . OpenSUSE security update fixes critical putty issues, enhancing remote access functionality with patch installation instructions.. openSUSE putty security update, important software fixes, remoteaccess vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jun 01, 2026 Important OpenSUSE
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisoryimportantremote crash

openSUSE Leap 16.0 putty Important Remote Crash Fix 2026-20851-1

An update that solves various issues can now be installed.. openSUSE security update: security update for putty ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20851-1 Rating: important Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves various issues can now be installed. Description: This update for putty fixes the following issues: Changes in putty: - Update to release 0.84 * Fixed a remotely triggerable double-free in RSA key exchange. * Fixed a remotely triggerable crash (assertion failure - program termination) in NIST ECDSA signature verification. * Fixed marking of Telnet and Rlogin session data with a trust sigil after you authenticated to a proxy (possibly allowing a server to spoof a repeat proxy password prompt). * New ability to run a specified command before starting the connection, e.g. to perform wake-on-LAN or a port knock. * Display 'pre-edit text', showing the progress of using multiple keystrokes to compose a single Unicode character. * Improved support for to running the GUI tools on Wayland (fixed startup issues and tuned performance). * Configuring a SSH certificate authority used to fail unless you manually made a config directory, now fixed. * Fixed a spurious "Network error: Socket is not connected" when authenticating to some HTTP proxies. Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-281=1 Package List: - openSUSE Leap 16.0: putty-0.84-bp160.1.1 . This important advisory details a security update for openSUSE's putty fixing critical issues like remote crashes and authentication bugs.. openSUSE putty update important issues remote crash. .Severity: Important. LinuxSecurity.com Team

Calendar 2 Jun 01, 2026 Important OpenSUSE
Banner 2 1028x280 1708121730 1 1771599631
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycriticaldebian

Debian LTS DLA-3839-1 Critical: Putty ECDSA Key Compromise Risk

A biased ECDSA nonce generation allowed an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. In other words, an adversary may already have enough signature information to compromise a victim's . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3839-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Bastien Roucariès June 20, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : putty Version : 0.74-1+deb11u1~deb10u2 CVE ID : CVE-2024-31497 A biased ECDSA nonce generation allowed an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. This allowed an attacker to (for instance) log in to any servers the victim uses that key for. To obtain these signatures, an attacker need only briefly compromise any server the victim uses the key to authenticate to. Therefore, if you have any NIST-P521 ECDSA key, we strongly recommend you to replace it with a freshly new created with a fixed version of putty. Then, to revoke the old public key and remove it from any machine where you use it to login into, so that a signature from the compromised key has no value any more. The only affected key type is 521-bit ECDSA. That is, a key that appears in Windows PuTTYgen with ecdsa-sha2-nistp521 at the start of the 'Key fingerprint' box, or is described as 'NIST p521', or has an id starting ecdsa-sha2-nistp521 in the SSH protocol or the key file. Other sizes of ECDSA, and other key algorithms, are unaffected. In particular, Ed25519 is not affected. For Debian 10 buster, this problem has been fixed in version 0.74-1+deb11u1~deb10u2. Werecommend that you upgrade your putty packages. For the detailed security status of putty please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/putty Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice USN-1234-1 addresses vulnerabilities in OpenSSH that jeopardize RSA key integrity under specific conditions.. Putty Security, Debian LTS Advisory, ECDSA Attack, NIST P-521 Security. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 20, 2024 Critical Debian LTS
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydebiancritical threat

Debian LTS DLA-3794-1 Critical: Putty SSH Threat Remediation

Putty, a Telnet/SSH client for X, was vulnerable. CVE-2019-17069 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3794-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Bastien Roucariès April 25, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : putty Version : 0.74-1+deb11u1~deb10u1 CVE ID : CVE-2019-17069 CVE-2020-14002 CVE-2021-36367 CVE-2023-48795 Debian Bug : 990901 Putty, a Telnet/SSH client for X, was vulnerable. CVE-2019-17069 PuTTY allowed remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. CVE-2020-14002 PuTTY had an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allowed man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). CVE-2021-36367 PuTTY proceeded with establishing an SSH session even if it has never sent a substantive authentication response. This made it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user). CVE-2023-48795 PuTTY was vulnerable to Terrapin attack. The SSH transport protocol with certain OpenSSH extensions, allowed remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. Forexample, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305 and (if CBC is used) the -etm MAC algorithms. For Debian 10 buster, this problem has been fixed in version 0.74-1+deb11u1~deb10u1. We recommend that you upgrade your putty packages. For the detailed security status of putty please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/putty Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-3794-1 addresses critical security vulnerabilities in PuTTY, urging users to upgrade promptly to safeguard their data integrity. putty updates, debian security, SSH client, remote access, Linux security. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 25, 2024 Critical Debian LTS
Banner 2 1028x280 1708121730 1 1771599631
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisoryupdatevulnerability

openSUSE: 2024:0111-2 Critical: Putty Vulnerability Fix

An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for putty ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0111-1 Rating: important References: Cross-References: CVE-2024-31497 Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for putty fixes the following issues: Update to release 0.81 * Fix CVE-2024-31497: NIST P521 / ecdsa-sha2-nistp521 signatures are no longer generated with biased values of k. The previous bias compromises private keys. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-111=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64): putty-0.81-bp155.2.6.1 References: https://www.suse.com/security/cve/CVE-2024-31497.html . This crucial software patch for WinSCP tackles vulnerabilities and guarantees enhanced protection for your system. Update today!. openSUSE Security Update, Putty Advisory, Important Security Fix. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Apr 19, 2024 Important OpenSUSE
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisoryrisk managementinformation disclosure

openSUSE 2024:0005-1 critical: putty vulnerability exposure alert

An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for putty ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0005-1 Rating: important References: #1218128 Cross-References: CVE-2023-48795 CVSS scores: CVE-2023-48795 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2023-48795 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for putty fixes the following issues: putty was updated to to release 0.80: * Fix CVE-2023-48795 [boo#1218128] - Update to release 0.79 * Terminal mouse tracking: support for mouse movements which are not drags, and support for horizontal scroll events (e.g. generated by trackpads). * Fixed: PuTTY could fail an assertion if a resize control sequence was sent by the server while the window was docked to one half of the screen in KDE. * Fixed: PuTTY could fail an assertion if you tried to change the font size while the window was maximised. - Update to release 0.78 * Support for OpenSSH certificates, for both user authentication keys and host keys. * New SSH proxy modes, for running a custom shell command or subsystem on the proxy server instead of forwarding a port through it. * New plugin system to allow a helper program to provide responses in keyboard-interactive authentication, intended to automate one-time password systems. * Support for NTRU Prime post-quantum key exchange, * Support for AES-GCM (in the OpenSSH style rather than RFCÂ 5647). * Support for more forms of Diffie-Hellman key exchange: new larger integer groups (such as group16 and group18), and support for using those and ECDH with GSSAPI. * Bug fix: server-controlled window title setting now works again even if the character set is ISO 8859 (or a few other Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2024-5=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): putty-0.80-bp154.2.3.1 References: https://www.suse.com/security/cve/CVE-2023-48795.html https://bugzilla.suse.com/1218128 . A critical update for PuTTY has been released for CVE-2023-48795, providing essential security fixes for openSUSE users.. openSUSE Security Update, putty information disclosure, important Linux patch, security risk management. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jan 03, 2024 Important OpenSUSE
Banner 2 1028x280 1708121730 1 1771599631
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycritical updateSSH protocol

Debian bullseye: DSA-5588-1 critical: putty prefix truncation attack

Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5588-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso December 24, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : putty CVE ID : CVE-2021-36367 CVE-2023-48795 Debian Bug : 990901 Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts. Details can be found at https://terrapin-attack.com/ For the oldstable distribution (bullseye), these problems have been fixed in version 0.74-1+deb11u1. This update includes a fix for CVE-2021-36367. For the stable distribution (bookworm), these problems have been fixed in version 0.78-2+deb12u1. We recommend that you upgrade your putty packages. For the detailed security status of putty please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/putty Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The Debian Security Advisory DSA-5588-1 addresses critical ssh issues in putty packages related to prefix truncationattacks.. Debian Security Advisory, Putty Update, SSH Protocol Security. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Dec 24, 2023 Critical Debian
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorysecurity issuecritical update

openSUSE Backports SLE-15-SP5: 2023:0411-1 critical: putty security fix

An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for putty ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0411-1 Rating: important References: #1218128 Cross-References: CVE-2023-48795 CVSS scores: CVE-2023-48795 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for putty fixes the following issues: putty is updated to release 0.80 * Fix CVE-2023-48795 [boo#1218128] - Update to release 0.79 * Terminal mouse tracking: support for mouse movements which are not drags, and support for horizontal scroll events (e.g. generated by trackpads). * Fixed: PuTTY could fail an assertion if a resize control sequence was sent by the server while the window was docked to one half of the screen in KDE. * Fixed: PuTTY could fail an assertion if you tried to change the font size while the window was maximised. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2023-411=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64): putty-0.80-bp155.2.3.1 References: https://www.suse.com/security/cve/CVE-2023-48795.html https://bugzilla.suse.com/1218128 . openSUSE released a critical patch for putty addressing a serious vulnerability. Update now to maintain security.. openSUSE Security Update, putty fix, software maintenance. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Dec 20, 2023 Important OpenSUSE
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here