Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisoryfedoraimportantFedora 44 perl-Crypt-PasswdMD5 Significant Cryptographic Salt Update
This update uses a cryptographically strong random number source rather than perl's rand() function to generate random salt values when required (CVE-2026-6659). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-30d86fe986 2026-06-01 00:48:39.785062+00:00 -------------------------------------------------------------------------------- Name : perl-Crypt-PasswdMD5 Product : Fedora 44 Version : 1.4.3 Release : 1.fc44 URL : https://metacpan.org/release/Crypt-PasswdMD5 Summary : Provides interoperable MD5-based crypt() functions Description : This package provides MD5-based crypt() functions. -------------------------------------------------------------------------------- Update Information: This update uses a cryptographically strong random number source rather than perl's rand() function to generate random salt values when required (CVE-2026-6659) -------------------------------------------------------------------------------- ChangeLog: * Sat May 23 2026 Paul Howarth - 1.4.3-1 - Update to 1.43 - Replace use of the cryptographically weak rand() function with the much stronger Crypt::URandom::urandom() (GH#3, CVE-2026-6659, rhbz#2479575) - Add Encode, Exporter, ExtUtils::MakeMaker to Makefile.PL - Add files AI_POLICY.md and SECURITY.md -------------------------------------------------------------------------------- References: [ 1 ] Bug #2479575 - CVE-2026-6659 perl: Crypt::PasswdMD5: Weak cryptographic salts due to predictable random number generation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2479575 [ 2 ] Bug #2480988 - perl-Crypt-PasswdMD5-1.43 is available https://bugzilla.redhat.com/show_bug.cgi?id=2480988 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-30d86fe986' at thecommand line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 01, 2026
•Important
Fedora
89
security advisoryfedoracriticalFedora 42: Important Fix for perl-Catalyst-Plugin-Session Random ID
This update upgrade the package to version 0.44. This version fixes CVE-2025-40924 by using Crypt::SysRandom to generate properly random session IDs.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-90d5989bee 2025-09-16 01:14:45.503759+00:00 -------------------------------------------------------------------------------- Name : perl-Catalyst-Plugin-Session Product : Fedora 42 Version : 0.44 Release : 1.fc42 URL : https://metacpan.org/release/Catalyst-Plugin-Session Summary : Catalyst generic session plugin Description : This plugin is the base of two related parts of functionality required for session management in web applications. The first part, the State, is getting the browser to repeat back a session key, so that the web application can identify the client and logically string several requests together into a session. The second part, the Store, deals with the actual storage of information about the client. This data is stored so that the it may be revived for every request made by the same client. This plugin links the two pieces together. -------------------------------------------------------------------------------- Update Information: This update upgrade the package to version 0.44. This version fixes CVE-2025-40924 by using Crypt::SysRandom to generate properly random session IDs. -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 31 2025 Emmanuel Seyman - 0.44-1 - Update to 0.44 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2381744 - CVE-2025-40924 perl-Catalyst-Plugin-Session: Catalyst::Plugin::Session generates session ids insecurely [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2381744 -------------------------------------------------------------------------------- This update can be installed with the "dnf"update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-90d5989bee' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Sep 16, 2025
•Important
Fedora
172
security advisorydenial of serviceexploitUbuntu 18.04 LTS USN-5660-1 Critical: Kernel Denial of Service Risks
Several security issues were fixed in the Linux kernel.. =========================================================================Ubuntu Security Notice USN-5660-1 October 06, 2022 linux-gcp-5.4 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems Details: It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information. (CVE-2022-1012, CVE-2022-32296) Norbert Slusarek discovered that a race condition existed in the perf subsystem in the Linux kernel, resulting in a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1729) It was discovered that the device-mapper verity (dm-verity) driver in the Linux kernel did not properly verify targets being loaded into the device-mapper table. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2503) Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service (system crash).(CVE-2022-36946) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-5.4.0-1089-gcp 5.4.0-1089.97~18.04.1 linux-image-gcp 5.4.0.1089.68 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5660-1 CVE-2021-33655, CVE-2022-1012, CVE-2022-1729, CVE-2022-2503, CVE-2022-32296, CVE-2022-36946 Package Information: https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1089.97~18.04.1 . Several security weaknesses in the Linux kernel for Ubuntu on Google Cloud Platform have been discovered. Update your kernel to address these vulnerabilities.. Ubuntu Updates, Kernel Security, Linux Vulnerabilities, GCP Security. . Severity: Critical. LinuxSecurity.com Team
Oct 05, 2022
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!