Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":50,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -2 articles for you...
87

Debian Bookworm DSA-6259-1 PyJWT Important Authentication Flaw

It was discovered that PyJWT, a Python implementation of JSON web tokens insufficiently validated the "crit" header parameter, which could result in incomplete enforcement of authentication settings. For the oldstable distribution (bookworm), this problem has been fixed in version 2.6.0-1+deb12u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6259-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pyjwt CVE ID : CVE-2026-32597 It was discovered that PyJWT, a Python implementation of JSON web tokens insufficiently validated the "crit" header parameter, which could result in incomplete enforcement of authentication settings. For the oldstable distribution (bookworm), this problem has been fixed in version 2.6.0-1+deb12u1. For the stable distribution (trixie), this problem has been fixed in version 2.10.1-2+deb13u1. We recommend that you upgrade your pyjwt packages. For the detailed security status of pyjwt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pyjwt Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . PyJWT vulnerability DSA-6259-1 requires packages update to prevent security issues stemming from insufficient validation.. Debian Security Advisory, PyJWT Update, Authentication Vulnerability. . LinuxSecurity.com Team

Calendar%202 May 09, 2026 Debian
197

Debian 11 PyJWT Critical Header Parameter Issue DLA-4564-1 CVE-2026-32597

It was discovered that PyJWT, a Python implementation of JSON Web Token did not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4564-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Jochen Sprickerhof May 05, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : pyjwt Version : 1.7.1-2+deb11u1 CVE ID : CVE-2026-32597 It was discovered that PyJWT, a Python implementation of JSON Web Token did not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. For Debian 11 bullseye, this problem has been fixed in version 1.7.1-2+deb11u1. We recommend that you upgrade your pyjwt packages. For the detailed security status of pyjwt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pyjwt Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Upgrade PyJWT in Debian due to critical RFC violation in header validation. Fix CVE-2026-32597 for security.. debian security advisory, pyjwt update, json web token critical. . LinuxSecurity.com Team

Calendar%202 May 05, 2026 Debian LTS
172

Ubuntu 25.10 PyJWT Important Access Check Flaw USN-8133-1

PyJWT could allow unintended access to network services.. ========================================================================== Ubuntu Security Notice USN-8133-1 March 30, 2026 pyjwt vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: PyJWT could allow unintended access to network services. Software Description: - pyjwt: Python 3 implementation of JSON Web Token Details: It was discovered that PyJWT did not validate the critical header parameter, contrary to the RFC specification expectations. A remote attacker could possibly use this issue to bypass certain authentication checks and restrictions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 python3-jwt 2.10.1-2ubuntu0.1 Ubuntu 24.04 LTS python3-jwt 2.7.0-1ubuntu0.1 Ubuntu 22.04 LTS python3-jwt 2.3.0-1ubuntu0.3 Ubuntu 20.04 LTS python3-jwt 1.7.1-2ubuntu2.1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS python-jwt 1.5.3+ds1-1ubuntu0.1+esm1 Available with Ubuntu Pro python3-jwt 1.5.3+ds1-1ubuntu0.1+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS python-jwt 1.3.0-1ubuntu0.1+esm1 Available with Ubuntu Pro python3-jwt 1.3.0-1ubuntu0.1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8133-1 CVE-2026-32597 Package Information: https://launchpad.net/ubuntu/+source/pyjwt/2.10.1-2ubuntu0.1 https://launchpad.net/ubuntu/+source/pyjwt/2.7.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/pyjwt/2.3.0-1ubuntu0.3 . PyJWT allows unintended access to network services on Ubuntu. Update to secure versions to protect systems.. PyJWT update, Ubuntu security, authentication vulnerability. . LinuxSecurity.com Team

Calendar%202 Mar 30, 2026 Ubuntu
172

Ubuntu 22.04 LTS USN-5526-2 Moderate PyJWT Regression Fix

USN-5526-1 introduced a regression in PyJWT.. =========================================================================Ubuntu Security Notice USN-5526-2 August 17, 2022 pyjwt regression ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: USN-5526-1 introduced a regression in PyJWT. Software Description: - pyjwt: Python 3 implementation of JSON Web Token Details: USN-5526-1 fixed vulnerabilities in PyJWT. Unfortunately this caused a regression by incrementing the internal package version number on Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Aapo Oksman discovered that PyJWT incorrectly handled signatures constructed from SSH public keys. A remote attacker could use this to forge a JWT signature. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: python3-jwt 2.3.0-1ubuntu0.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5526-2 https://ubuntu.com/security/notices/USN-5526-1 https://bugs.launchpad.net/ubuntu/+source/pyjwt/+bug/1986487 Package Information: https://launchpad.net/ubuntu/+source/pyjwt/2.3.0-1ubuntu0.2 . Ubuntu Security Advisory USN-5526-2 resolves an issue in PyJWT impacting Ubuntu 22.04 LTS.. Ubuntu Security Update, PyJWT Regression, Advisory Details. . LinuxSecurity.com Team

Calendar%202 Aug 17, 2022 Ubuntu
172

Ubuntu 22.04 LTS: 5526-1 Critical: PyJWT Signature Forgery Issue

PyJWT could allow signature forgery.. =========================================================================Ubuntu Security Notice USN-5526-1 July 20, 2022 pyjwt vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: PyJWT could allow signature forgery. Software Description: - pyjwt: Python 3 implementation of JSON Web Token Details: Aapo Oksman discovered that PyJWT incorrectly handled signatures constructed from SSH public keys. A remote attacker could use this to forge a JWT signature. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: python3-jwt 2.3.0-1ubuntu0.1 Ubuntu 20.04 LTS: python3-jwt 1.7.1-2ubuntu2.1 Ubuntu 18.04 LTS: python-jwt 1.5.3+ds1-1ubuntu0.1 python3-jwt 1.5.3+ds1-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5526-1 CVE-2022-29217 Package Information: https://launchpad.net/ubuntu/+source/pyjwt/2.3.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/pyjwt/1.7.1-2ubuntu2.1 https://launchpad.net/ubuntu/+source/pyjwt/1.5.3+ds1-1ubuntu0.1 . Secure your Ubuntu installation by applying updates to fix the recent PyJWT signature forgery vulnerability across multiple versions and enhance protection.. PyJWT Security, Signature Forgery Fix, Ubuntu Update. . LinuxSecurity.com Team

Calendar%202 Jul 20, 2022 Ubuntu
87

Debian DSA-3979-1 Critical: PyJWT Insufficient Validation Threat

It was discovered that PyJWT, a Python implementation of JSON Web Token performed insufficient validation of some public key types, which could allow a remote attacker to craft JWTs from scratch. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3979-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff September 19, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pyjwt CVE ID : CVE-2017-11424 It was discovered that PyJWT, a Python implementation of JSON Web Token performed insufficient validation of some public key types, which could allow a remote attacker to craft JWTs from scratch. For the oldstable distribution (jessie), this problem has been fixed in version 0.2.1-1+deb8u2. For the stable distribution (stretch), this problem has been fixed in version 1.4.2-1+deb9u1. We recommend that you upgrade your pyjwt packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . An alert regarding a PyJWT security flaw that enables malicious entities to fabricate tokens. Ensure immediate upgrade for safeguarding.. PyJWT Security, Debian Update, JWT Attack Protection. . LinuxSecurity.com Team

Calendar%202 Sep 19, 2017 Debian
87

Debian DSA-3293-1 Urgent: HMAC Signature Vulnerability in Pyjwt

Tim McLean discovered that pyjwt, a Python implementation of JSON Web Token, would try to verify an HMAC signature using an RSA or ECDSA public key as secret. This could allow remote attackers to trick applications expecting tokens signed with asymmetric keys, into accepting arbitrary . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3293-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Alessandro Ghedini June 20, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pyjwt Debian Bug : 781640 Tim McLean discovered that pyjwt, a Python implementation of JSON Web Token, would try to verify an HMAC signature using an RSA or ECDSA public key as secret. This could allow remote attackers to trick applications expecting tokens signed with asymmetric keys, into accepting arbitrary tokens. For more information see: For the stable distribution (jessie), this problem has been fixed in version 0.2.1-1+deb8u1. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your pyjwt packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The Debian Advisory DSA-3294-1 pertains to a vulnerability in the libxml2 parsing library, reported on July 15, 2018.. pyjwt, HMAC misconfiguration, Debian advisory. . LinuxSecurity.com Team

Calendar%202 Jun 20, 2015 Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":50,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200