Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H800
openSUSE

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Calendar White Jun 08, 2026
moderate
Ubuntu Large Esm H900
Ubuntu

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

Calendar White Jun 08, 2026
Critical
Opensuse Large Esm H800
openSUSE

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Calendar White Jun 08, 2026
Critical
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":549,"type":"x","order":1,"pct":78.54,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.29,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.86,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.3,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -6 articles for you...
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydebianurlparse issue

Debian LTS: DLA-3575-1 Critical Python Update Over Multiple Issues

This update fixes multiple vulnerabilities concerning the urlparse module as well as vulnerabilities concerning the heapq, hmac, plistlib and ssl modules. CVE-2021-23336 . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3575-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Helmut Grohne September 20, 2023 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : python2.7 Version : 2.7.16-2+deb10u3 CVE ID : CVE-2021-23336 CVE-2022-0391 CVE-2022-48560 CVE-2022-48565 CVE-2022-48566 CVE-2023-24329 CVE-2023-40217 This update fixes multiple vulnerabilities concerning the urlparse module as well as vulnerabilities concerning the heapq, hmac, plistlib and ssl modules. CVE-2021-23336 Python was vulnerable to Web Cache Poisoning via urlparse.parse_qsl and urlparse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. CVE-2022-0391 The urlparse module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. CVE-2022-48560 A use-after-free exists in Python via heappushpop in heapq. CVE-2022-48565 An XML External Entity (XXE) issue was discovered in Python. The plistlib module no longer acceptsentity declarations in XML plist files to avoid XML vulnerabilities. CVE-2022-48566 An issue was discovered in compare_digest in Lib/hmac.py in Python. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. CVE-2023-24329 An issue in the urlparse component of Python allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. CVE-2023-40217 The issue primarily affects servers written in Python (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) For Debian 10 buster, these problems have been fixed in version 2.7.16-2+deb10u3. We recommend that you upgrade your python2.7 packages. For the detailed security status of python2.7 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/python2.7 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Tackling various security weaknesses in Python 2.7 concerning the urlparse and heapq libraries within the scope of Debian LTS.. Debian Security, Python Module Issues, Python Updates. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 20, 2023 Critical Debian LTS
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorylocal attackubuntu

Ubuntu 18.04/16.04: USN-4552-3 Moderate: Pam-Python Regression

USN-4552-1 and USN-4552-2 introduced a regression in Pam-python. =========================================================================Ubuntu Security Notice USN-4552-3 October 28, 2020 pam-python regression ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: USN-4552-1 and USN-4552-2 introduced a regression in Pam-python Software Description: - pam-python: Enables PAM modules to be written in Python Details: USN-4552-1 and USN-4552-2 fixed a vulnerability in Pam-python. The update introduced a regression which prevented PAM modules written in Python from importing python modules from site-specific directories. We apologize for the inconvenience. Original advisory details: Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libpam-python 1.0.6-1.1+deb10u1ubuntu0.1 Ubuntu 16.04 LTS: libpam-python 1.0.4-1.1+deb8u1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4552-3 https://ubuntu.com/security/notices/USN-4552-1 CVE-2019-16729 Package Information: https://launchpad.net/ubuntu/+source/pam-python/1.0.6-1.1+deb10u1ubuntu0.1 https://launchpad.net/ubuntu/+source/pam-python/1.0.4-1.1+deb8u1ubuntu0.1 . Critical updates affecting Python libraries on Ubuntu 18.04 LTS and 16.04 LTS have surfaced. Users are advised to install the latest upgrades promptly.. Pam-python, Ubuntu Security Notice, Security Vulnerability. . LinuxSecurity.com Team

Calendar 2 Oct 28, 2020 Ubuntu
Banner 3 1028x280 1708121785 1771599793
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisoryupdatedebian

Debian: DLA-1717-1 Critical: Python-Rdflib CLI Tools Issue

The CLI tools in python-rdflib-tools can load python modules found in the current directory. This happens because "python -m" appends the current directory in the python path. . Package : rdflib Version : 4.1.2-3+deb8u1 CVE ID : CVE-2019-7653 Debian Bug : #921751 The CLI tools in python-rdflib-tools can load python modules found in the current directory. This happens because "python -m" appends the current directory in the python path. For Debian 8 "Jessie", this problem has been fixed in version 4.1.2-3+deb8u1. We recommend that you upgrade your rdflib packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . An important patch for the rdflib library in Debian LTS resolves a problem with module loading in Python. Users are advised to update promptly.. Debian LTS Security Update, Python rdflib Tools, CLI Tools Security, Package Upgrade. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 18, 2019 Critical Debian LTS
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":549,"type":"x","order":1,"pct":78.54,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.29,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.86,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.3,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here