Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 402 articles for you...
217

Oracle Linux 9 mod_http2 Important Remote DoS Advisory ELSA-2026-25057

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-25057 http://linux.oracle.com/errata/ELSA-2026-25057.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: mod_http2-2.0.26-6.el9_8.1.x86_64.rpm aarch64: mod_http2-2.0.26-6.el9_8.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/mod_http2-2.0.26-6.el9_8.1.src.rpm Related CVEs: CVE-2026-49975 Description of changes: [2.0.26-6.1] - Resolves: RHEL-182417 - mod_http2: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack (CVE-2026-49975) [2.0.26-6] - Resolves: RHEL-166293 - httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase (CVE-2025-53020) _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 9 advisory highlights updated mod_http2 packages to mitigate remote denial of service threats based on CVE-2026-49975.. Oracle Linux Mod_HTTP2 Security Denial of Service. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 25, 2026 Important Oracle
197

Debian corosync DoS Advisory DLA-4608-1 CVE-2026-35091 CVE-2026-35092

Two vulnerabilities have been found in corosync, a cluster engine daemon and utilities, that allow a remote, unauthenticated attacker to cause a denial of service. CVE-2026-35091 A remote unauthenticated attacker can exploit a wrong return value. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4608-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Emmanuel Arias May 30, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : corosync Version : 3.1.2-2+deb11u2 CVE ID : CVE-2026-35091 CVE-2026-35092 Debian Bug : 1133837 1133838 Two vulnerabilities have been found in corosync, a cluster engine daemon and utilities, that allow a remote, unauthenticated attacker to cause a denial of service. CVE-2026-35091 A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents. CVE-2026-35092 An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. For Debian 11 bullseye, these problems have been fixed in version 3.1.2-2+deb11u2. We recommend that you upgrade your corosync packages. For the detailed security status of corosync please refer to its security tracker page at: https://security-tracker.debian.org/tracker/corosync Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Criticalupdates for corosync in Debian due to remote attackers causing Denial of Service via UDP packets. Upgrade recommended.. corosync security update, Debian LTS advisory, UDP denial of service. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 30, 2026 Critical Debian LTS
202

openSUSE: GIMP Important RCE Patch CVE-2025-2760 Advisory 2025:03075-1

An update that solves one vulnerability can now be installed.. # Security update for gimp Announcement ID: SUSE-SU-2025:03075-1 Release Date: 2025-09-04T10:48:32Z Rating: important References: * bsc#1241690 Cross-References: * CVE-2025-2760 CVSS scores: * CVE-2025-2760 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2025-2760 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-2760 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for gimp fixes the following issues: * CVE-2025-2760: lack of proper validation of user-supplied data in DDS parser can lead to integer overflow and remote code execution (bsc#1241690). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3075=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3075=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3075=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3075=1 * SUSE Linux Enterprise Workstation Extension15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-3075=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2025-3075=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gimp-plugin-aa-2.10.30-150400.3.26.1 * libgimpui-2_0-0-2.10.30-150400.3.26.1 * gimp-2.10.30-150400.3.26.1 * gimp-devel-2.10.30-150400.3.26.1 * libgimp-2_0-0-2.10.30-150400.3.26.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.26.1 * gimp-devel-debuginfo-2.10.30-150400.3.26.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.26.1 * gimp-debuginfo-2.10.30-150400.3.26.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.26.1 * gimp-debugsource-2.10.30-150400.3.26.1 * openSUSE Leap 15.4 (noarch) * gimp-lang-2.10.30-150400.3.26.1 * openSUSE Leap 15.4 (x86_64) * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.26.1 * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.26.1 * libgimpui-2_0-0-32bit-2.10.30-150400.3.26.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.26.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgimp-2_0-0-64bit-2.10.30-150400.3.26.1 * libgimp-2_0-0-64bit-debuginfo-2.10.30-150400.3.26.1 * libgimpui-2_0-0-64bit-debuginfo-2.10.30-150400.3.26.1 * libgimpui-2_0-0-64bit-2.10.30-150400.3.26.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * gimp-plugin-aa-2.10.30-150400.3.26.1 * libgimpui-2_0-0-2.10.30-150400.3.26.1 * gimp-2.10.30-150400.3.26.1 * gimp-devel-2.10.30-150400.3.26.1 * libgimp-2_0-0-2.10.30-150400.3.26.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.26.1 * gimp-devel-debuginfo-2.10.30-150400.3.26.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.26.1 * gimp-debuginfo-2.10.30-150400.3.26.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.26.1 * gimp-debugsource-2.10.30-150400.3.26.1 * openSUSE Leap 15.6 (noarch) * gimp-lang-2.10.30-150400.3.26.1 * openSUSE Leap 15.6 (x86_64) *libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.26.1 * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.26.1 * libgimpui-2_0-0-32bit-2.10.30-150400.3.26.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.26.1 * SUSE Package Hub 15 15-SP6 (aarch64) * gimp-plugin-aa-2.10.30-150400.3.26.1 * gimp-2.10.30-150400.3.26.1 * gimp-devel-2.10.30-150400.3.26.1 * gimp-devel-debuginfo-2.10.30-150400.3.26.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.26.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x) * libgimpui-2_0-0-2.10.30-150400.3.26.1 * libgimp-2_0-0-2.10.30-150400.3.26.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.26.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.26.1 * gimp-debuginfo-2.10.30-150400.3.26.1 * gimp-debugsource-2.10.30-150400.3.26.1 * SUSE Package Hub 15 15-SP6 (noarch) * gimp-lang-2.10.30-150400.3.26.1 * SUSE Package Hub 15 15-SP7 (aarch64) * gimp-plugin-aa-2.10.30-150400.3.26.1 * gimp-2.10.30-150400.3.26.1 * gimp-devel-2.10.30-150400.3.26.1 * gimp-devel-debuginfo-2.10.30-150400.3.26.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.26.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * libgimpui-2_0-0-2.10.30-150400.3.26.1 * libgimp-2_0-0-2.10.30-150400.3.26.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.26.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.26.1 * gimp-debuginfo-2.10.30-150400.3.26.1 * gimp-debugsource-2.10.30-150400.3.26.1 * SUSE Package Hub 15 15-SP7 (noarch) * gimp-lang-2.10.30-150400.3.26.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * libgimpui-2_0-0-2.10.30-150400.3.26.1 * gimp-2.10.30-150400.3.26.1 * gimp-devel-2.10.30-150400.3.26.1 * libgimp-2_0-0-2.10.30-150400.3.26.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.26.1 * gimp-devel-debuginfo-2.10.30-150400.3.26.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.26.1 * gimp-debuginfo-2.10.30-150400.3.26.1 * gimp-debugsource-2.10.30-150400.3.26.1 * SUSE Linux EnterpriseWorkstation Extension 15 SP6 (noarch) * gimp-lang-2.10.30-150400.3.26.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * libgimpui-2_0-0-2.10.30-150400.3.26.1 * gimp-2.10.30-150400.3.26.1 * gimp-devel-2.10.30-150400.3.26.1 * libgimp-2_0-0-2.10.30-150400.3.26.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.26.1 * gimp-devel-debuginfo-2.10.30-150400.3.26.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.26.1 * gimp-debuginfo-2.10.30-150400.3.26.1 * gimp-debugsource-2.10.30-150400.3.26.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * gimp-lang-2.10.30-150400.3.26.1 ## References: * https://www.suse.com/security/cve/CVE-2025-2760.html * https://bugzilla.suse.com/show_bug.cgi?id=1241690 . Crucial GIMP update issued for openSUSE tackling a critical vulnerability that allows remote code execution. Find out the impacted versions along with detailed installation guidelines.. remote code execution, openSUSE 15, GIMP important patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Sep 04, 2025 Important OpenSUSE
100

SUSE: Docker Moderate Access Fix CVE-2025-54388 Advisory 2025:02913-1

* bsc#1246556 * bsc#1247367 Cross-References: * CVE-2025-54388 . # Security update for docker Announcement ID: SUSE-SU-2025:02913-1 Release Date: 2025-08-19T12:52:47Z Rating: moderate References: * bsc#1246556 * bsc#1247367 Cross-References: * CVE-2025-54388 CVSS scores: * CVE-2025-54388 ( SUSE ): 5.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2025-54388 ( SUSE ): 5.2 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-54388 ( NVD ): 5.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for docker fixes the following issues: * Update to Docker 28.3.3-ce. * CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote hosts. (bsc#1247367) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-2913=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2913=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * docker-28.3.3_ce-98.137.1 * docker-debuginfo-28.3.3_ce-98.137.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) *docker-bash-completion-28.3.3_ce-98.137.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * docker-28.3.3_ce-98.137.1 * docker-debuginfo-28.3.3_ce-98.137.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * docker-bash-completion-28.3.3_ce-98.137.1 ## References: * https://www.suse.com/security/cve/CVE-2025-54388.html * https://bugzilla.suse.com/show_bug.cgi?id=1246556 * https://bugzilla.suse.com/show_bug.cgi?id=1247367 . SUSE has rolled out a patch that mitigates a significant security vulnerability in Docker, specifically targeting access control deficiencies associated with CVE-2025-54388.. SUSE Linux, Docker update, security access control, CVE-2025-54388, package management. . LinuxSecurity.com Team

Calendar%202 Aug 19, 2025 SuSE
172

Ubuntu 22.04 LTS USN-5376-3: Git Regression Critical Fix

UNS-5376-1 was missing patches to properly fix the addressed issues.. =========================================================================Ubuntu Security Notice USN-5376-3 April 26, 2022 git regression ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: UNS-5376-1 was missing patches to properly fix the addressed issues. Software Description: - git: fast, scalable, distributed revision control system Details: USN-5376-1 fixed vulnerabilities in Git, some patches were missing to properly fix the issue. This update fixes the problem. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run arbitrary commands. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: git 1:2.34.1-1ubuntu1.2 Ubuntu 21.10: git 1:2.32.0-1ubuntu1.2 Ubuntu 20.04 LTS: git 1:2.25.1-1ubuntu3.4 Ubuntu 18.04 LTS: git 1:2.17.1-1ubuntu0.11 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5376-3 https://ubuntu.com/security/notices/USN-5376-1 https://bugs.launchpad.net/ubuntu/+source/git/+bug/1970260 Package Information: https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.2 https://launchpad.net/ubuntu/+source/git/1:2.32.0-1ubuntu1.2 https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.4 https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.11 . Follow these steps on Ubuntu to fix absent Git patches regarding security issues identified as of April 26, 2022, forenhanced security and compliance. Git Regression, Ubuntu Security Notice, 2022 Patches. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 26, 2022 Critical Ubuntu
198

Arch Linux: ASA-202103-19 High: Vivaldi Remote Exploitation Risk

The package vivaldi before version 3.7.2218.45-1 is vulnerable to multiple issues including arbitrary code execution, insufficient validation, access restriction bypass, content spoofing, incorrect calculation and information disclosure. . Arch Linux Security Advisory ASA-202103-19 ========================================= Severity: High Date : 2021-03-25 CVE-ID : CVE-2020-27844 CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162 CVE-2021-21163 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-2021-21171 CVE-2021-21172 CVE-2021-21173 CVE-2021-21174 CVE-2021-21175 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178 CVE-2021-21179 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183 CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187 CVE-2021-21188 CVE-2021-21189 CVE-2021-21190 CVE-2021-21191 CVE-2021-21192 CVE-2021-21193 Package : vivaldi Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1633 Summary ====== The package vivaldi before version 3.7.2218.45-1 is vulnerable to multiple issues including arbitrary code execution, insufficient validation, access restriction bypass, content spoofing, incorrect calculation and information disclosure. Resolution ========= Upgrade to 3.7.2218.45-1. # pacman -Syu "vivaldi> =3.7.2218.45-1" The problems have been fixed upstream in version 3.7.2218.45. Workaround ========= None. Description ========== - CVE-2020-27844 (arbitrary code execution) A heap-based buffer overflow was discovered in lib/openjp2/t2.c:973 in the current master (commit 18b1138fbe3bb0ae4aa2bf1369f9430a8ec6fa00) of OpenJPEG. - CVE-2021-21159 (arbitrary code execution) A heap buffer overflow security issue was found in the TabStrip component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21160 (arbitrary code execution) A heap buffer overflow security issue was found in the WebAudio component of theChromium browser before version 89.0.4389.72. - CVE-2021-21161 (arbitrary code execution) A heap buffer overflow security issue was found in the TabStrip component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21162 (arbitrary code execution) A use after free security issue was found in the WebRTC component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21163 (insufficient validation) An insufficient data validation security issue was found in the Reader Mode component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21165 (arbitrary code execution) An object lifecycle security issue was found in the audio component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21166 (arbitrary code execution) An object lifecycle security issue was found in the audio component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21167 (arbitrary code execution) A use after free security issue was found in the bookmarks component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21168 (access restriction bypass) An insufficient policy enforcement security issue was found in the appcache component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21169 (information disclosure) An out of bounds memory access security issue was found in the V8 component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21170 (content spoofing) An incorrect security UI security issue was found in the Loader component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21171 (content spoofing) An incorrect security UI security issue was found in the TabStrip and Navigation components of the Chromium browser before version 89.0.4389.72. - CVE-2021-21172 (access restriction bypass) An insufficient policy enforcement security issue was found in the File System API component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21173 (information disclosure) A side-channel informationleakage security issue was found in the Network Internals component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21174 (incorrect calculation) An inappropriate implementation security issue was found in the Referrer component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21175 (incorrect calculation) An inappropriate implementation security issue was found in the Site isolation component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21176 (incorrect calculation) An inappropriate implementation security issue was found in the full screen mode component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21177 (access restriction bypass) An insufficient policy enforcement security issue was found in the Autofill component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21178 (incorrect calculation) An inappropriate implementation security issue was found in the Compositing component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21179 (arbitrary code execution) A use after free security issue was found in the Network Internals component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21180 (arbitrary code execution) A use after free security issue was found in the tab search component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21181 (information disclosure) A side-channel information leakage security issue was found in the autofill component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21182 (access restriction bypass) An insufficient policy enforcement security issue was found in the navigations component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21183 (incorrect calculation) An inappropriate implementation security issue was found in the performance APIs component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21184 (incorrect calculation) An inappropriate implementation security issue was found inthe performance APIs component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21185 (access restriction bypass) An insufficient policy enforcement security issue was found in the extensions component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21186 (access restriction bypass) An insufficient policy enforcement security issue was found in the QR scanning component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21187 (insufficient validation) An insufficient data validation security issue was found in the URL formatting component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21188 (arbitrary code execution) A use after free security issue was found in the Blink component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21189 (access restriction bypass) An insufficient policy enforcement security issue was found in the payments component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21190 (arbitrary code execution) An uninitialized use security issue was found in the PDFium component of the Chromium browser before version 89.0.4389.72. - CVE-2021-21191 (arbitrary code execution) A use after free security issue was found in the WebRTC component of the Chromium browser before version 89.0.4389.90. - CVE-2021-21192 (arbitrary code execution) A heap buffer overflow security issue was found in the tab groups component of the Chromium browser before version 89.0.4389.90. - CVE-2021-21193 (arbitrary code execution) A use after free security issue was found in the Blink component of the Chromium browser before version 89.0.4389.90. Google is aware of reports that an exploit for this issue exists in the wild. Impact ===== A remote attacker might be able to bypass security measures, trick the user into performing unwanted actions or execute arbitrarycode. References ========= https://vivaldi.com/blog/desktop/minor-update-2-for-vivaldi-desktop-3-6/ https://vivaldi.com/blog/vivaldi-fires-up-performance-2/ https://github.com/uclouvain/openjpeg/issues/1299 https://github.com/uclouvain/openjpeg/pull/1301 https://github.com/uclouvain/openjpeg/commit/73fdf28342e4594019af26eb6a347a34eceb6296 https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html https://security.archlinux.org/CVE-2020-27844 https://security.archlinux.org/CVE-2021-21159 https://security.archlinux.org/CVE-2021-21160 https://security.archlinux.org/CVE-2021-21161 https://security.archlinux.org/CVE-2021-21162 https://security.archlinux.org/CVE-2021-21163 https://security.archlinux.org/CVE-2021-21165 https://security.archlinux.org/CVE-2021-21166 https://security.archlinux.org/CVE-2021-21167 https://security.archlinux.org/CVE-2021-21168 https://security.archlinux.org/CVE-2021-21169 https://security.archlinux.org/CVE-2021-21170 https://security.archlinux.org/CVE-2021-21171 https://security.archlinux.org/CVE-2021-21172 https://security.archlinux.org/CVE-2021-21173 https://security.archlinux.org/CVE-2021-21174 https://security.archlinux.org/CVE-2021-21175 https://security.archlinux.org/CVE-2021-21176 https://security.archlinux.org/CVE-2021-21177 https://security.archlinux.org/CVE-2021-21178 https://security.archlinux.org/CVE-2021-21179 https://security.archlinux.org/CVE-2021-21180 https://security.archlinux.org/CVE-2021-21181 https://security.archlinux.org/CVE-2021-21182 https://security.archlinux.org/CVE-2021-21183 https://security.archlinux.org/CVE-2021-21184 https://security.archlinux.org/CVE-2021-21185 https://security.archlinux.org/CVE-2021-21186 https://security.archlinux.org/CVE-2021-21187 https://security.archlinux.org/CVE-2021-21188 https://security.archlinux.org/CVE-2021-21189 https://security.archlinux.org/CVE-2021-21190 https://security.archlinux.org/CVE-2021-21191 https://security.archlinux.org/CVE-2021-21192 https://security.archlinux.org/CVE-2021-21193 . Critical security flaws in the Vivaldi software on Arch Linux have been identified. Update without delay to thwart potential attacks.. ArchLinux Vivaldi Remote Exploitation Security HighSeverity. . LinuxSecurity.com Team

Calendar%202 Mar 26, 2021 ArchLinux
198

Arch Linux 2021-03-13 ASA-202103-1 Low Severity GnuTLS Code Issue

The package gnutls before version 3.7.1-1 is vulnerable to arbitrary code execution. . Arch Linux Security Advisory ASA-202103-1 ======================================== Severity: Low Date : 2021-03-13 CVE-ID : CVE-2021-20231 CVE-2021-20232 Package : gnutls Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1674 Summary ====== The package gnutls before version 3.7.1-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 3.7.1-1. # pacman -Syu "gnutls> =3.7.1-1" The problems have been fixed upstream in version 3.7.1. Workaround ========= None. Description ========== - CVE-2021-20231 (arbitrary code execution) A security issue was found in GnuTLS before version 3.7.1. It was found that the client sending a "key_share" extension may result in dereferencing a pointer no longer valid after realloc(). This only happens in TLS 1.3 and only when the client sends a large Client Hello message, e.g., when HRR is sent in a resumed session previously negotiated large FFDHE parameters, because the initial allocation of the buffer is large enough without having to call realloc(). - CVE-2021-20232 (arbitrary code execution) A security issue was found in GnuTLS before version 3.7.1. It was found that the client sending a "pre_share_key" extension may result in dereferencing a pointer no longer valid after realloc(). This only happens in TLS 1.3 and only when the client sends a large Client Hello message, e.g., when HRR is sent in a resumed session previously negotiated large FFDHE parameters, because the initial allocation of the buffer is large enough without having to call realloc(). Impact ===== A remote attacker might be able to cause a denial of service or possibly execute arbitrary code when a TLS client is resuming a TLS1.3 session. References ========= https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10 https://gitlab.com/gnutls/gnutls/-/issues/1151 https://gitlab.com/gnutls/gnutls/-/merge_requests/1399 https://gitlab.com/gnutls/gnutls/-/commit/15beb4b193b2714d88107e7dffca781798684e7e https://gitlab.com/gnutls/gnutls/-/commit/75a937d97f4fefc6f9b08e3791f151445f551cb3 https://security.archlinux.org/CVE-2021-20231 https://security.archlinux.org/CVE-2021-20232 . Arch Linux Security Advisory ASA-202103-1 details gnutls arbitrary code execution issue and provides resolution steps.. Arch Linux, GnuTLS, Code Execution, Security Advisory, Remote Threat. . Severity: Low. LinuxSecurity.com Team

Calendar%202 Mar 20, 2021 Low ArchLinux
198

Arch Linux ASA-202102-15 Medium Severity PHP Denial Of Service Alert

The package php before version 8.0.2-1 is vulnerable to denial of service. . Arch Linux Security Advisory ASA-202102-15 ========================================= Severity: Medium Date : 2021-02-07 CVE-ID : CVE-2021-21702 Package : php Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1531 Summary ====== The package php before version 8.0.2-1 is vulnerable to denial of service. Resolution ========= Upgrade to 8.0.2-1. # pacman -Syu "php> =8.0.2-1" The problem has been fixed upstream in version 8.0.2. Workaround ========= None. Description ========== A security issue was found in PHP before versions 8.0.2, 7.4.15 and 7.3.27. PHP will crash with a SIGSEGV via null-pointer dereference whenever an XML is provided to the SoapClient query() function without an existing field. The issue is fixed in versions 8.0.2, 7.4.15 and 7.3.27. Impact ===== A remote attacker might be able to crash PHP via a specially crafted XML payload. References ========= https://bugs.php.net/bug.php?id=80672 ;a=commitdiff;h=f733ee195462201b2cbd1d17df2f752ee88771ba ;a=commitdiff;h=91655b45ea0a81f2d3003a7e6604e5f419d84df4 ;a=commitdiff;h=3c939e3f69955d087e0bb671868f7267dfb2a502 https://security.archlinux.org/CVE-2021-21702 . The Arch Linux Security Advisory warns of critical PHP vulnerabilities that may allow Denial of Service attacks. Users must update PHP packages to protect against these threats.. Arch Linux, PHP Update, Denial of Service, Medium Severity. . Severity: Medium. LinuxSecurity.com Team

Calendar%202 Feb 12, 2021 Medium ArchLinux
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200