Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 97 articles for you...
217

Oracle Linux 9 mod_http2 Moderate DoS Vulnerability ELSA-2026-22551

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-22551 http://linux.oracle.com/errata/ELSA-2026-22551.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: mod_http2-2.0.26-6.el9_8.1.x86_64.rpm aarch64: mod_http2-2.0.26-6.el9_8.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/mod_http2-2.0.26-6.el9_8.1.src.rpm Related CVEs: CVE-2025-53020 Description of changes: [2.0.26-6.1] - Resolves: RHEL-182417 - mod_http2: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack (CVE-2026-49975) [2.0.26-6] - Resolves: RHEL-166293 - httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase (CVE-2025-53020) _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux Security Advisory ELSA-2026-22551 addresses HTTP/2 remote denial of service issues with mod_http2.. Oracle Linux, mod_http2, remote denial of service. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jun 26, 2026 moderate Oracle
89

Fedora 43 Cowlib 2.16.1 Security Advisory CVE-2026-43968 CRLF Injection

Cowlib 2.16.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ce0a56ca97 2026-05-21 01:26:51.960452+00:00 -------------------------------------------------------------------------------- Name : erlang-cowlib Product : Fedora 43 Version : 2.16.1 Release : 1.fc43 URL : https://github.com/ninenines/cowlib Summary : Support library for manipulating Web protocols Description : Support library for manipulating Web protocols. -------------------------------------------------------------------------------- Update Information: Cowlib 2.16.1 -------------------------------------------------------------------------------- ChangeLog: * Tue May 12 2026 Peter Lemenkov - 2.16.1-1 - Cowlib ver. 2.16.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2476458 - erlang-cowlib-2.16.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2476458 [ 2 ] Bug #2479579 - CVE-2026-43968 erlang-cowlib: cowlib: CRLF Injection leads to client-side logic manipulation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2479579 [ 3 ] Bug #2479811 - CVE-2026-43970 erlang-cowlib: cowlib: Remote denial of service via data amplification in SPDY frame processing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2479811 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ce0a56ca97' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update on Cowlib 2.16.1 in Fedora 43—addresses CRLF Injection and Denial of Service issues.. Fedora Cowlib Update, Denial of Service, CRLF Injection, Security Patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 21, 2026 Important Fedora
89

Fedora 44 erlang-cowlib Critical CRLF Issues Lead to DoS Vulnerability

Cowlib 2.16.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-84270bbc49 2026-05-21 00:54:04.884688+00:00 -------------------------------------------------------------------------------- Name : erlang-cowlib Product : Fedora 44 Version : 2.16.1 Release : 1.fc44 URL : https://github.com/ninenines/cowlib Summary : Support library for manipulating Web protocols Description : Support library for manipulating Web protocols. -------------------------------------------------------------------------------- Update Information: Cowlib 2.16.1 -------------------------------------------------------------------------------- ChangeLog: * Tue May 12 2026 Peter Lemenkov - 2.16.1-1 - Cowlib ver. 2.16.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2476458 - erlang-cowlib-2.16.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2476458 [ 2 ] Bug #2479579 - CVE-2026-43968 erlang-cowlib: cowlib: CRLF Injection leads to client-side logic manipulation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2479579 [ 3 ] Bug #2479811 - CVE-2026-43970 erlang-cowlib: cowlib: Remote denial of service via data amplification in SPDY frame processing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2479811 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-84270bbc49' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical advisory for erlang-cowlib on Fedora ensuring secure protocol manipulation against threats.. cowlib Fedora denial of service security updates. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 21, 2026 Important Fedora
100

SUSE: ruby2.5 Moderate Denial of Service Rpc 2025:02814-1 CVE-2024-35221

* bsc#1225905 Cross-References: * CVE-2024-35221 . # Security update for ruby2.5 Announcement ID: SUSE-SU-2025:02814-1 Release Date: 2025-08-15T12:53:30Z Rating: moderate References: * bsc#1225905 Cross-References: * CVE-2024-35221 CVSS scores: * CVE-2024-35221 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for ruby2.5 fixes the following issues: * CVE-2024-35221: Fixed remote denial of service via YAML manifest (bsc#1225905) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-2814=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2814=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1 * libruby2_5-2_5-2.5.9-150000.4.49.1 * ruby2.5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-debugsource-2.5.9-150000.4.49.1 * ruby2.5-stdlib-2.5.9-150000.4.49.1 * ruby2.5-doc-2.5.9-150000.4.49.1 * ruby2.5-devel-2.5.9-150000.4.49.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-2.5.9-150000.4.49.1 * ruby2.5-devel-extra-2.5.9-150000.4.49.1 * openSUSE Leap 15.6 (noarch) * ruby2.5-doc-ri-2.5.9-150000.4.49.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1 * libruby2_5-2_5-2.5.9-150000.4.49.1 * ruby2.5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-debugsource-2.5.9-150000.4.49.1 * ruby2.5-stdlib-2.5.9-150000.4.49.1 * ruby2.5-devel-2.5.9-150000.4.49.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-2.5.9-150000.4.49.1 * ruby2.5-devel-extra-2.5.9-150000.4.49.1 ## References: * https://www.suse.com/security/cve/CVE-2024-35221.html * https://bugzilla.suse.com/show_bug.cgi?id=1225905 . Python 3.10 update resolves CVE-2024-15321, mitigating remote security vulnerabilities. Apply recommended updates to enhance system protection.. ruby2.5 security update,SUSE Linux advisory,remote denial of service fix. . LinuxSecurity.com Team

Calendar%202 Aug 15, 2025 SuSE
100

SUSE: 2024:3184-1 Critical: Remote Exploit Vulnerability in Python-3_8_0

* bsc#1228046 * bsc#1228047 * bsc#1228048 * bsc#1228050 * bsc#1228051 . # Security update for java-1_8_0-ibm Announcement ID: SUSE-SU-2024:3183-1 Rating: important References: * bsc#1228046 * bsc#1228047 * bsc#1228048 * bsc#1228050 * bsc#1228051 * bsc#1228052 * bsc#1228346 * bsc#1229224 Cross-References: * CVE-2024-21131 * CVE-2024-21138 * CVE-2024-21140 * CVE-2024-21144 * CVE-2024-21145 * CVE-2024-21147 * CVE-2024-27267 CVSS scores: * CVE-2024-21131 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21138 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21140 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2024-21144 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2024-21147 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2024-27267 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves seven vulnerabilities and has one security fix can now be installed. ## Description: This update for java-1_8_0-ibm fixes the following issues: * Update to Java 8.0 Service Refresh 8 Fix Pack 30 (bsc#1228346) * CVE-2024-21147: Fixed an array index overflow in RangeCheckElimination. (bsc#1228052) * CVE-2024-21145: Fixed an out-of-bounds access in 2D image handling. (bsc#1228051) * CVE-2024-21140: Fixed a range check elimination pre-loop limit overflow. (bsc#1228048) * CVE-2024-21144: Pack200 increase loading time due to improper header validation. (bsc#1228050) * CVE-2024-21138: Fixed an issue where excessive symbol length can lead to infinite loop. (bsc#1228047) * CVE-2024-21131: Fixed apotential UTF8 size overflow. (bsc#1228046) * CVE-2024-27267: Fixed an Object Request Broker (ORB) remote denial of service. (bsc#1229224) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-3183=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3183=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3183=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3183=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (nosrc) * java-1_8_0-ibm-1.8.0_sr8.30-30.126.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.30-30.126.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.30-30.126.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.30-30.126.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.30-30.126.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.30-30.126.1 * SUSE Linux Enterprise Server 12 SP5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.30-30.126.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.30-30.126.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.30-30.126.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.30-30.126.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.30-30.126.1 * SUSE Linux Enterprise High Performance Computing 12 SP5(x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.30-30.126.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.30-30.126.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.30-30.126.1 ## References: * https://www.suse.com/security/cve/CVE-2024-21131.html * https://www.suse.com/security/cve/CVE-2024-21138.html * https://www.suse.com/security/cve/CVE-2024-21140.html * https://www.suse.com/security/cve/CVE-2024-21144.html * https://www.suse.com/security/cve/CVE-2024-21145.html * https://www.suse.com/security/cve/CVE-2024-21147.html * https://www.suse.com/security/cve/CVE-2024-27267.html * https://bugzilla.suse.com/show_bug.cgi?id=1228046 * https://bugzilla.suse.com/show_bug.cgi?id=1228047 * https://bugzilla.suse.com/show_bug.cgi?id=1228048 * https://bugzilla.suse.com/show_bug.cgi?id=1228050 * https://bugzilla.suse.com/show_bug.cgi?id=1228051 * https://bugzilla.suse.com/show_bug.cgi?id=1228052 * https://bugzilla.suse.com/show_bug.cgi?id=1228346 * https://bugzilla.suse.com/show_bug.cgi?id=1229224 . A critical security patch has been released by SUSE for java-1_8_0-ibm, which resolves several vulnerabilities and provides essential enhancements for the latest service updates.. SUSE Linux Enterprise, Java Security, Software Update, Remote Attack. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Sep 10, 2024 Important SuSE
98

Red Hat: RHSA-2023-1008-01 Important: kpatch-patch Security Update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kpatch-patch security update Advisory ID: RHSA-2023:1008-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1008 Issue date: 2023-02-28 CVE Names: CVE-2022-3564 CVE-2022-4378 CVE-2022-4379 CVE-2023-0179 ==================================================================== 1. Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 9) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564) * kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378) * kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack (CVE-2022-4379) * kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan (CVE-2023-0179) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to theCVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c 2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces 2152807 - CVE-2022-4379 kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack 2161713 - CVE-2023-0179 kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan 6. Package List: Red Hat Enterprise Linux BaseOS (v. 9): Source: kpatch-patch-5_14_0-162_12_1-1-1.el9_1.src.rpm kpatch-patch-5_14_0-162_6_1-1-2.el9_1.src.rpm ppc64le: kpatch-patch-5_14_0-162_12_1-1-1.el9_1.ppc64le.rpm kpatch-patch-5_14_0-162_12_1-debuginfo-1-1.el9_1.ppc64le.rpm kpatch-patch-5_14_0-162_12_1-debugsource-1-1.el9_1.ppc64le.rpm kpatch-patch-5_14_0-162_6_1-1-2.el9_1.ppc64le.rpm kpatch-patch-5_14_0-162_6_1-debuginfo-1-2.el9_1.ppc64le.rpm kpatch-patch-5_14_0-162_6_1-debugsource-1-2.el9_1.ppc64le.rpm x86_64: kpatch-patch-5_14_0-162_12_1-1-1.el9_1.x86_64.rpm kpatch-patch-5_14_0-162_12_1-debuginfo-1-1.el9_1.x86_64.rpm kpatch-patch-5_14_0-162_12_1-debugsource-1-1.el9_1.x86_64.rpm kpatch-patch-5_14_0-162_6_1-1-2.el9_1.x86_64.rpm kpatch-patch-5_14_0-162_6_1-debuginfo-1-2.el9_1.x86_64.rpm kpatch-patch-5_14_0-162_6_1-debugsource-1-2.el9_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-3564 https://access.redhat.com/security/cve/CVE-2022-4378 https://access.redhat.com/security/cve/CVE-2022-4379 https://access.redhat.com/security/cve/CVE-2023-0179 https://access.redhat.com/security/updates/classification/#important 8. Contact: The RedHat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY/5H89zjgjWX9erEAQj68A/8CPn8dCtYtKo+AOdfJQvxFDs2NWHpj4dg Ais0vh62HgQnDlU2t1PYw64eJqShOnE2G0Ms7ldkxlOX7DVgd486cWz+QcUrpjQv sWYuhD3tPCXZh26WxEd7F/Cfa0f99B4Lz5lZv8qMI0HK94Qo5qZS6xquINbfrQkz pg/MITz0lecz69rjGXRqbh+Oq05jfQjHgdotWUt7xZL3KfPw1ouNEHlb3fthnoyV jVmPZHfJJrnfE5r6O+8BOJnb42rTep2nlSbuu33Xcl8RS7zelcwatyRlx6MxdoaL eYZ9skT1iD8tcDCTy7ojPUvbzL93m3WRq6K6q83jul5h3Ad3o0/nK8jVUja22gYC yfN2Uk27NyaNvkT3INwruYKg8yOH5ho+xnlSxyoA/pGpbD/6rEYB7w25R7Czuqus 0V/WAMEtuyJYvZ6y5DApR6ImuVg/94+Lcm2A6CjiiPby1egzMNnTyh4eBYGws4k0 XKca2pZh2tAW2DM9y9+pf07DxVaf9ywAfSNULgJi9U5beagojx12I63FUer4ibHG fRymkj12GGXrMBZOa9k+OIGbE/V9nCrh+ZBxChHp3UyEV7SXa3otI6l3PPeLOMWt HapPvs4WDK0F9JCjun68aomcFZkLLY9Umjfxv/pIBK3shiU+pZ51z4Iz+G8AB5Di pCzIqbRcd7U=3b/w -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Important revision for kpatch-patch on Red Hat Enterprise Linux 9 resolves security vulnerabilities and introduces improvements.. Red Hat Enterprise Linux,kpatch-patch,security update,integrity flaws,system vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 28, 2023 Important Red Hat
197

Debian 10 Buster: DLA-3247-1 Critical: Node-Trim-Newlines Remote DoS

It was discovered that there was a potential remote denial of service vulnerability in node-trim-newlines, a Javascript module to strip newlines from the start and/or end of a string. . - -------------------------------------------------------------------------Debian LTS Advisory DLA-3247-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Chris Lamb December 23, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------Package : node-trim-newlines Version : 1.0.0-1+deb10u1 CVE ID : CVE-2021-33623 It was discovered that there was a potential remote denial of service vulnerability in node-trim-newlines, a Javascript module to strip newlines from the start and/or end of a string. This regular expression Denial of Service (ReDoS) attack exploited the fact that most Regular Expression implementations can reach extreme situations that cause them to work very slowly in a way that is exponentially related to the input size. An attacker can then cause a program using node-trim-newlines (and thus the offending regex) to enter one of these extreme situations and then hang for a very long time. For Debian 10 buster, this problem has been fixed in version 1.0.0-1+deb10u1. We recommend that you upgrade your node-trim-newlines packages. For the detailed security status of node-trim-newlines please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/node-trim-newlines Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice USN-5098-1 resolves a critical security vulnerability in libxml2. Immediate upgrade is advised to safeguard systems.. Node-Trim-Newlines, Remote Denial Of Service, Debian Advisory. . Severity: Critical. LinuxSecurity.comTeam

Calendar%202 Dec 23, 2022 Critical Debian LTS
100

SUSE: 2022:2473-1 Critical: Remote DoS Security Fix for Cyrus-SASL

The container suse/sle15 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2473-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.204 Container Release : 9.5.204 Severity : important Type : security References : 1159635 CVE-2019-19906 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3549-1 Released: Fri Oct 7 14:39:40 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1159635,CVE-2019-19906 This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write that could lead to unauthenticated remote denial of service in OpenLDAP via a malformed LDAP packet (bsc#1159635). The following package changes have been done: - libsasl2-3-2.1.26-150000.5.13.1 updated . Critical security updates for SUSE Linux Enterprise 15 are now available, targeting vulnerabilities in Cyrus-SASL and addressing remote denial of service threats. Security Update,SUSE Container,cyrus-sasl,DoS Fix,suse/sle15. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Oct 08, 2022 Important SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200