Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H800
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 5 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryupdateFedora

Fedora 29: rssh Security Advisory FEDORA-2019-bfb407659e Moderate Risk

Fix CVE-2019-3463, CVE-2019-3464 and CVE-2019-1000018.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-bfb407659e 2019-11-10 01:06:02.434352 --------------------------------------------------------------------------------Name : rssh Product : Fedora 29 Version : 2.3.4 Release : 15.fc29 URL : Summary : Restricted shell for use with OpenSSH, allowing only scp and/or sftp Description : rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that. It is a alternative to scponly. --------------------------------------------------------------------------------Update Information: Fix CVE-2019-3463, CVE-2019-3464 and CVE-2019-1000018. --------------------------------------------------------------------------------ChangeLog: * Wed Oct 30 2019 Xavier Bachelot - 2.3.4-15 - Clean up specfile. - Add patches for CVE-2019-3463, CVE-2019-3464 and CVE-2019-1000018. * Fri Jul 26 2019 Fedora Release Engineering - 2.3.4-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Sat Feb 2 2019 Fedora Release Engineering - 2.3.4-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1672381 - CVE-2019-3463 rssh: rsync bypass resulting in arbitrary code execution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1672381 [ 2 ] Bug #1672383 - CVE-2019-3464 rssh: rsync bypass resulting in arbitrary code execution when built with popt [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1672383 [ 3 ] Bug #1672380 - CVE-2019-3463 rssh: rsync bypass resulting in arbitrary code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1672380 [ 4 ] Bug #1671295 - CVE-2019-1000018 rssh: Possible allowscp bypass resulting in arbitrary code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1671295 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-bfb407659e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . The latest patch for rssh addresses vulnerabilities in Fedora 29, helping safeguard users from any potential threats.. rssh, Fedora Update, security advisory, arbitrary code execution, shell access. . LinuxSecurity.com Team

Calendar 2 Nov 09, 2019 Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoraarbitrary code execution

Fedora 30: FEDORA-2019-d1487c13ac Critical: rssh Code Execution Risk

Fix CVE-2019-3463, CVE-2019-3464 and CVE-2019-1000018.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-d1487c13ac 2019-11-09 22:37:54.008990 --------------------------------------------------------------------------------Name : rssh Product : Fedora 30 Version : 2.3.4 Release : 15.fc30 URL : Summary : Restricted shell for use with OpenSSH, allowing only scp and/or sftp Description : rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that. It is a alternative to scponly. --------------------------------------------------------------------------------Update Information: Fix CVE-2019-3463, CVE-2019-3464 and CVE-2019-1000018. --------------------------------------------------------------------------------ChangeLog: * Wed Oct 30 2019 Xavier Bachelot - 2.3.4-15 - Clean up specfile. - Add patches for CVE-2019-3463, CVE-2019-3464 and CVE-2019-1000018. * Fri Jul 26 2019 Fedora Release Engineering - 2.3.4-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1672381 - CVE-2019-3463 rssh: rsync bypass resulting in arbitrary code execution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1672381 [ 2 ] Bug #1672383 - CVE-2019-3464 rssh: rsync bypass resulting in arbitrary code execution when built with popt [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1672383 [ 3 ] Bug #1672380 - CVE-2019-3463 rssh: rsync bypass resulting in arbitrary code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1672380 [ 4 ] Bug #1671295 - CVE-2019-1000018 rssh: Possible allowscp bypass resulting in arbitrary code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1671295 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-d1487c13ac' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Bolster the security of Fedora 30 by implementing crucial updates that tackle rssh vulnerabilities and their corresponding resolutions.. Fedora Security, rssh Update, Code Execution Risk, OpenSSH Shell. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 09, 2019 Critical Fedora
Banner 2 1028x280 1708121730 1 1771599631
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoraarbitrary code execution

Fedora 31: FEDORA-2019-e47add6b2b critical: rssh execution bypass

Fix CVE-2019-3463, CVE-2019-3464 and CVE-2019-1000018.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-e47add6b2b 2019-11-09 21:19:32.241960 --------------------------------------------------------------------------------Name : rssh Product : Fedora 31 Version : 2.3.4 Release : 15.fc31 URL : Summary : Restricted shell for use with OpenSSH, allowing only scp and/or sftp Description : rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that. It is a alternative to scponly. --------------------------------------------------------------------------------Update Information: Fix CVE-2019-3463, CVE-2019-3464 and CVE-2019-1000018. --------------------------------------------------------------------------------ChangeLog: * Wed Oct 30 2019 Xavier Bachelot - 2.3.4-15 - Clean up specfile. - Add patches for CVE-2019-3463, CVE-2019-3464 and CVE-2019-1000018. --------------------------------------------------------------------------------References: [ 1 ] Bug #1672381 - CVE-2019-3463 rssh: rsync bypass resulting in arbitrary code execution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1672381 [ 2 ] Bug #1672383 - CVE-2019-3464 rssh: rsync bypass resulting in arbitrary code execution when built with popt [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1672383 [ 3 ] Bug #1672380 - CVE-2019-3463 rssh: rsync bypass resulting in arbitrary code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1672380 [ 4 ] Bug #1671295 - CVE-2019-1000018 rssh: Possible allowscp bypass resulting in arbitrary code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1671295 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-e47add6b2b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Critical updates for rssh in Fedora 31 address execution bypass vulnerabilities across multiple CVEs. Act now!. cve-2019-3463, cve-2019-3464, cve-2019-1000018, ---------------------------------------------. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 09, 2019 Critical Fedora
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorycriticalrssh

Ubuntu 18.10: USN-3946-1 Critical Rssh Arbitrary Command Execution

rssh could be made to run arbitrary commands if it received specially crafted input.. =========================================================================Ubuntu Security Notice USN-3946-1 April 11, 2019 rssh vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: rssh could be made to run arbitrary commands if it received specially crafted input. Software Description: - rssh: Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist Details: It was discovered that rssh incorrectly handled certain command-line arguments and environment variables. An authenticated user could bypass rssh's command restrictions, allowing an attacker to run arbitrary commands. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: rssh 2.3.4-8ubuntu0.2 Ubuntu 18.04 LTS: rssh 2.3.4-7ubuntu0.1 Ubuntu 16.04 LTS: rssh 2.3.4-4+deb8u2ubuntu0.16.04.2 Ubuntu 14.04 LTS: rssh 2.3.4-4+deb8u2ubuntu0.14.04.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3946-1 CVE-2019-1000018, CVE-2019-3463, CVE-2019-3464 Package Information: https://launchpad.net/ubuntu/+source/rssh/2.3.4-8ubuntu0.2 https://launchpad.net/ubuntu/+source/rssh/2.3.4-7ubuntu0.1 https://launchpad.net/ubuntu/+source/rssh/2.3.4-4+deb8u2ubuntu0.16.04.2 https://launchpad.net/ubuntu/+source/rssh/2.3.4-4+deb8u2ubuntu0.14.04.2 . An urgent notice concerning rssh flaws influencing various Ubuntu releases, guaranteeing that command limitations are maintained.. Rssh Vulnerabilities, Arbitrary Command Execution, Ubuntu Security Advisory. . Severity:Critical. LinuxSecurity.com Team

Calendar 2 Apr 11, 2019 Critical Ubuntu
Banner 2 1028x280 1708121730 1 1771599631
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryupdateDebian

Debian: DSA-4377-3 Moderate: rssh Security Fix for CVE-2019-1000018

The restrictions introduced in the security fix to address CVE-2019-1000018 also disallowed the -pf and -pt options which are used by the scp support in libssh2. This update restores support for those. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4377-3 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff February 22, 2019 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : rssh CVE ID : CVE-2019-1000018 Debian Bug : 919623 The restrictions introduced in the security fix to address CVE-2019-1000018 also disallowed the -pf and -pt options which are used by the scp support in libssh2. This update restores support for those. For the stable distribution (stretch), this problem has been fixed in version 2.3.4-5+deb9u4. We recommend that you upgrade your rssh packages. For the detailed security status of rssh please refer to its security tracker page at: Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------. restrictions, introduced, security, address, cve-2019-1000018, disallowed. . LinuxSecurity.com Team

Calendar 2 Feb 22, 2019 Debian
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryupdateDebian

Debian Security Advisory DSA-4377-2: Urgent Update for Rssh Scp Problem

The update for rssh issued as DSA 4377-1 introduced a regression that blocked scp of multiple files from a server using rssh. Updated packages are now available to correct this issue. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4377-2 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso February 11, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rssh Debian Bug : 921655 The update for rssh issued as DSA 4377-1 introduced a regression that blocked scp of multiple files from a server using rssh. Updated packages are now available to correct this issue. For the stable distribution (stretch), this problem has been fixed in version 2.3.4-5+deb9u3. We recommend that you upgrade your rssh packages. For the detailed security status of rssh please refer to its security tracker page at: Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Advisory DSA-4377-3 outlines enhancements for rssh to address various file exchange vulnerabilities.. Debian Security Advisory,rssh update,regression issue,software upgrade. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Feb 11, 2019 Important Debian
Banner 2 1028x280 1708121730 1 1771599631
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianrssh

Debian: DSA-4383-1 Moderate: Ansible Command Injection Flaw

Nick Cleaton discovered two vulnerabilities in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the rsync support could result in the bypass of this restriction, allowing the execution . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4382-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff February 02, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rssh CVE ID : CVE-2019-3463 CVE-2019-3464 Nick Cleaton discovered two vulnerabilities in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the rsync support could result in the bypass of this restriction, allowing the execution of arbitrary shell commands. For the stable distribution (stretch), these problems have been fixed in version 2.3.4-5+deb9u2. We recommend that you upgrade your rssh packages. For the detailed security status of rssh please refer to its security tracker page at: Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --------------------------------------------------. cleaton, vulnerabilities, restricted, shell, allows, users, perform. . LinuxSecurity.com Team

Calendar 2 Feb 02, 2019 Debian
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryupdatedebian

Debian: DSA-4377-1 Critical: Rssh Arbitrary Command Execution Threat

The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4377-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff January 30, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rssh CVE ID : CVE-2019-1000018 Debian Bug : 919623 The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of arbitrary shell commands. Please note that with the update applied, the "-3" option of scp can no longer be used. For the stable distribution (stretch), this problem has been fixed in version 2.3.4-5+deb9u1. We recommend that you upgrade your rssh packages. For the detailed security status of rssh please refer to its security tracker page at: Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Hash: SHA512 Debian Security Advisory DSA-4377-1 https://www.debian.org/security/ Moritz Muehlenhoff. esnet, security, vulnerability, restricted, shell, allows, users. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 30, 2019 Critical Debian
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here