Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 9 articles for you...
172
security advisoryunauthorized accessUbuntuUbuntu 25.10 Rack Session Important Cookie Access Flaw CVE-2026-39324
Rack::Session could allow unintended access to network services.. ========================================================================== Ubuntu Security Notice USN-8190-1 April 20, 2026 ruby-rack-session vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 Summary: Rack::Session could allow unintended access to network services. Software Description: - ruby-rack-session: Session management implementation for Rack Details: SeungMyung Lee discovered that Rack::Session did not properly reject cookies upon decryption failure. A remote attacker could use this issue to manipulate session contents and possibly gain unauthorized access. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 ruby-rack-session 2.1.1-0.1ubuntu0.1 After a standard system update you need to restart ruby-rack-session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8190-1 CVE-2026-39324 Package Information: https://launchpad.net/ubuntu/+source/ruby-rack-session/2.1.1-0.1ubuntu0.1 . Ubuntu Security Notice USN-8190-1 addresses a flaw in Rack::Session allowing unauthorized access via manipulated cookies.. Ubuntu Security Advisory, rack-session vulnerability, unauthorized access, session management, remote access issue. . Severity: Important. LinuxSecurity.com Team
Apr 23, 2026
•Important
Ubuntu
172
security advisorydenial of serviceUbuntuUbuntu 24.04 LTS USN-7278-1 moderate: OpenSSL Remote Code Execution
Several security issues were fixed in OpenSSL.. ========================================================================== Ubuntu Security Notice USN-7278-1 February 20, 2025 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in OpenSSL. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: George Pantelakis and Alicja Kario discovered that OpenSSL had a timing side-channel when performing ECDSA signature computations. A remote attacker could possibly use this issue to recover private data. (CVE-2024-13176) It was discovered that OpenSSL incorrectly handled certain memory operations when using low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial. When being used in this uncommon fashion, a remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2024-9143) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libssl3t64 3.0.13-0ubuntu3.5 openssl 3.0.13-0ubuntu3.5 Ubuntu 22.04 LTS libssl3 3.0.2-0ubuntu1.19 openssl 3.0.2-0ubuntu1.19 Ubuntu 20.04 LTS libssl1.1 1.1.1f-1ubuntu2.24 openssl 1.1.1f-1ubuntu2.24 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7278-1 CVE-2024-13176, CVE-2024-9143 Package Information: https://launchpad.net/ubuntu/+source/openssl/3.0.13-0ubuntu3.5 https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.19 https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.24 . Critical OpenSSL vulnerabilities addressed in advisory USN-7378-1, affecting various Ubuntu editions with important patches.. OpenSSL issues, Ubuntu security update, remote execution, denial of service. . LinuxSecurity.com Team
Feb 20, 2025
Ubuntu
172
security advisorymoderatedenial of serviceUbuntu 18.04 LTS: USN-6237-3 Moderate Curl Security Threats
Several security issues were fixed in curl.. ========================================================================== Ubuntu Security Notice USN-6237-3 September 11, 2023 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in curl. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: USN-6237-1 fixed several vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. (CVE-2023-28321) Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain options are set by applications. This could cause applications using curl to misbehave, resulting in information disclosure, or a denial of service. (CVE-2023-28322) It was discovered that curl incorrectly handled saving cookies to files. A local attacker could possibly use this issue to create or overwrite files. This issue only affected Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-32001) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): curl 7.58.0-2ubuntu3.24+esm1 libcurl3-gnutls 7.58.0-2ubuntu3.24+esm1 libcurl3-nss 7.58.0-2ubuntu3.24+esm1 libcurl4 7.58.0-2ubuntu3.24+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): curl 7.47.0-1ubuntu2.19+esm9 libcurl3 7.47.0-1ubuntu2.19+esm9 libcurl3-gnutls 7.47.0-1ubuntu2.19+esm9 libcurl3-nss 7.47.0-1ubuntu2.19+esm9 Ubuntu 14.04 LTS (Available with Ubuntu Pro): curl 7.35.0-1ubuntu2.20+esm16 libcurl3 7.35.0-1ubuntu2.20+esm16 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm16 libcurl3-nss 7.35.0-1ubuntu2.20+esm16 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6237-3 https://ubuntu.com/security/notices/USN-6237-1 CVE-2023-28321, CVE-2023-28322 . Recently addressed several curl-related vulnerabilities in Ubuntu notifications. Please find below the update instructions and detailed information regarding the latest security discoveries.. Ubuntu Curl Issues, Security Notices, Update Instructions, Curl Security. . Severity: Important. LinuxSecurity.com Team
Sep 11, 2023
•Important
Ubuntu
203
security advisorycriticalremote attackerMageia 8 MGASA-2022-0289 Critical Apache-WSGI Header Issue
It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations (CVE-2022-2255). . MGASA-2022-0289 - Updated apache-mod_wsgi packages fix security vulnerability Publication date: 20 Aug 2022 URL: https://advisories.mageia.org/MGASA-2022-0289.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-2255 It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations (CVE-2022-2255). References: - https://bugs.mageia.org/show_bug.cgi?id=30711 - https://ubuntu.com/security/notices/USN-5551-1 - https://www.cve.org/CVERecord?id=CVE-2022-2255 SRPMS: - 8/core/apache-mod_wsgi-4.6.8-4.1.mga8 . A recent patch for apache-mod_wsgi addresses vulnerabilities that could allow remote adversaries to leverage header flaws in Mageia 8.. apache-mod_wsgi,mageia,security update,header issue,remote access. . Severity: Critical. LinuxSecurity.com Team
Aug 20, 2022
•Critical
Mageia
172
security advisorymoderateUbuntuUbuntu 21.10: 6472-3 High: Apache HTTP Request Tunneling
Several security issues were fixed in nginx.. =========================================================================Ubuntu Security Notice USN-5371-1 April 13, 2022 nginx vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: Several security issues were fixed in nginx. Software Description: - nginx: small, powerful, scalable web/proxy server Details: It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11724) It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to disclose sensitive information. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-36309) It was discovered that nginx mishandled the use of compatible certificates among multiple encryption protocols. If a remote attacker were able to intercept the communication, this issue could be used to redirect traffic between subdomains. (CVE-2021-3618) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: nginx-core 1.18.0-6ubuntu11.1 nginx-extras 1.18.0-6ubuntu11.1 nginx-light 1.18.0-6ubuntu11.1 Ubuntu 20.04 LTS: libnginx-mod-http-lua 1.18.0-0ubuntu1.3 nginx-core 1.18.0-0ubuntu1.3 nginx-extras 1.18.0-0ubuntu1.3 nginx-full 1.18.0-0ubuntu1.3 nginx-light 1.18.0-0ubuntu1.3 Ubuntu 18.04 LTS: libnginx-mod-http-lua 1.14.0-0ubuntu1.10 nginx-core 1.14.0-0ubuntu1.10 nginx-extras 1.14.0-0ubuntu1.10 nginx-full 1.14.0-0ubuntu1.10 nginx-light 1.14.0-0ubuntu1.10 Ubuntu 16.04 ESM: nginx-core 1.10.3-0ubuntu0.16.04.5+esm3 nginx-extras 1.10.3-0ubuntu0.16.04.5+esm3 nginx-light 1.10.3-0ubuntu0.16.04.5+esm3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5371-1 CVE-2020-11724, CVE-2020-36309, CVE-2021-3618 Package Information: https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu11.1 https://launchpad.net/ubuntu/+source/nginx/1.18.0-0ubuntu1.3 https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.10 . Multiple nginx vulnerabilities have been addressed in Ubuntu updates. Apply the provided fixes for improved security.. nginx vulnerabilities, Ubuntu updates, HTTP security fixes, web server updates. . LinuxSecurity.com Team
Apr 13, 2022
Ubuntu
203
security advisorydenial of servicecriticalMageia 2021-0194 Critical Advisory: ClamAV Denial Of Service Risk
The updated packages fix a security vulnerability: A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition . MGASA-2021-0194 - Updated clamav packages fix security vulnerability Publication date: 18 Apr 2021 URL: https://advisories.mageia.org/MGASA-2021-0194.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-1405 The updated packages fix a security vulnerability: A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition (CVE-2021-1405). Advisory text to describe the update. Wrap lines at ~75 chars. References: - https://bugs.mageia.org/show_bug.cgi?id=28786 - https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html - https://www.cve.org/CVERecord?id=CVE-2021-1405 SRPMS: - 8/core/clamav-0.103.2-1.mga8 - 7/core/clamav-0.103.2-1.mga7 . A security update has been rolled out for ClamAV addressing a flaw that might enable denial of service through problems in email analysis.. ClamAV Update, Mageia Security, Remote Exploit, Email Vulnerability, Denial of Service. . Severity: Critical. LinuxSecurity.com Team
Apr 18, 2021
•Critical
Mageia
172
security advisoryexposureubuntuUbuntu 16.04 ESM: USN-4910-1 Moderate: wget Sensitive Data Exposure
curl could be made to expose sensitive information over the network.. =========================================================================Ubuntu Security Notice USN-4903-1 April 07, 2021 curl vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM Summary: curl could be made to expose sensitive information over the network. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm7 libcurl3 7.35.0-1ubuntu2.20+esm7 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm7 libcurl3-nss 7.35.0-1ubuntu2.20+esm7 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4903-1 CVE-2021-22876 . Debian Security Alert DSA-4823-1 uncovers a wget flaw that risks disclosing confidential data across network channels.. curl security, sensitive data, ubuntu updates, network security, advisory. . Severity: Important. LinuxSecurity.com Team
Apr 07, 2021
•Important
Ubuntu
91
security advisoryGentoogentooGentoo: GLSA-202101-21 Normal: Flatpak Sandbox Escape Analysis
A vulnerability was discovered in Flatpak which could allow a remote attacker to execute arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202101-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Flatpak: Sandbox escape Date: January 25, 2021 Bugs: #765457 ID: 202101-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability was discovered in Flatpak which could allow a remote attacker to execute arbitrary code. Background ========= Flatpak is a Linux application sandboxing and distribution framework. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-apps/flatpak < 1.10.0 > = 1.10.0 Description ========== A bug was discovered in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). Impact ===== A remote attacker could entice a user to open a specially crafted Flatpak app possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround ========= As a workaround, this vulnerability can be mitigated by preventing the flatpak-portal service from starting, but that mitigation will prevent many Flatpak apps from working correctly. It is highly recommended to upgrade. Resolution ========= All Flatpak users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-apps/flatpak-1.10.0" References ========= [ 1 ] CVE-2021-21261 https://nvd.nist.gov/vuln/detail/CVE-2021-21261 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202101-21 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jan 24, 2021
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!