Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H800
openSUSE

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Calendar White Jun 08, 2026
moderate
Ubuntu Large Esm H900
Ubuntu

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

Calendar White Jun 08, 2026
Critical
Opensuse Large Esm H800
openSUSE

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Calendar White Jun 08, 2026
Critical
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorysecurity updatedebian

Debian 11: DLA-3866-1 Critical Path Traversal Fix for ruby-tzinfo

Path traversal that allowed TZInfo::Timezone.get to load arbitrary files has been fixed in ruby-tzinfo, a Ruby library for working with time zone information. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3866-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Adrian Bunk September 03, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : ruby-tzinfo Version : 1.2.6-1+deb11u1 CVE ID : CVE-2022-31163 Path traversal that allowed TZInfo::Timezone.get to load arbitrary files has been fixed in ruby-tzinfo, a Ruby library for working with time zone information. For Debian 11 bullseye, this problem has been fixed in version 1.2.6-1+deb11u1. We recommend that you upgrade your ruby-tzinfo packages. For the detailed security status of ruby-tzinfo please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/ruby-tzinfo Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice USN-5131-1 addresses critical vulnerability in python-requests, reinforcing secure HTTP communication protocols.. ruby-tzinfo, path traversal, security advisory, ruby library, Debian LTS. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 03, 2024 Critical Debian LTS
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorysecurity issuesoftware update

Debian 10: DLA-3565-1 Critical: Ruby-Loofah XSS and DoS

Multiple vulnerabilities were discovered in Loofah, a Ruby library for HTML/XML transformation and sanitization. An attacker could launch cross-site scripting (XSS) and denial-of-service (DoS) attacks through crafted HTML/XML documents. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3565-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Sylvain Beucler September 13, 2023 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : ruby-loofah Version : 2.2.3-1+deb10u2 CVE ID : CVE-2022-23514 CVE-2022-23515 CVE-2022-23516 Debian Bug : 1026083 Multiple vulnerabilities were discovered in Loofah, a Ruby library for HTML/XML transformation and sanitization. An attacker could launch cross-site scripting (XSS) and denial-of-service (DoS) attacks through crafted HTML/XML documents. CVE-2022-23514 Inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. CVE-2022-23515 Cross-site scripting via the image/svg+xml media type in data URIs. CVE-2022-23516 Loofah uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of service through CPU resource consumption. For Debian 10 buster, these problems have been fixed in version 2.2.3-1+deb10u2. We recommend that you upgrade your ruby-loofah packages. For the detailed security status of ruby-loofah please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/ruby-loofah Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at:https://wiki.debian.org/LTS . Debian LTS advisory DLA-3566-1 resolves several vulnerabilities in ruby-rails that could lead to XSS and DoS threats. Update is advised.. Debian Ruby Loofah XSS DoS. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 13, 2023 Critical Debian LTS
Banner 2 1028x280 1708121730 1 1771599631
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycriticalsoftware update

Debian 9: DLA-2561-1 Critical Command Injection in Ruby Mechanize

Mechanize is an open-source Ruby library that makes automated web interaction easy. In Mechanize, from v2.0.0 until v2.7.7, there is a command injection vulnerability. . - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2561-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Utkarsh Gupta February 17, 2021 https://wiki.debian.org/LTS - ----------------------------------------------------------------------- Package : ruby-mechanize Version : 2.7.5-1+deb9u1 CVE ID : CVE-2021-21289 Mechanize is an open-source Ruby library that makes automated web interaction easy. In Mechanize, from v2.0.0 until v2.7.7, there is a command injection vulnerability. Affected versions of Mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernel#open method. For Debian 9 stretch, this problem has been fixed in version 2.7.5-1+deb9u1. We recommend that you upgrade your ruby-mechanize packages. For the detailed security status of ruby-mechanize please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/ruby-mechanize Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . A security flaw pertaining to command injection is present in ruby-mechanize for versions 2.0.0 through 2.7.7, addressed in 2.7.5-1+deb9u1.. ruby Mechanize, command injection, Debian LTS, security advisory, software update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 16, 2021 Critical Debian LTS
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorysoftware updatecross-site scripting

Ubuntu 18.04 LTS: USN-4560-1 Critical: Gon Gem XSS Threat

Gon gem could be made to run programs if it received specially crafted network traffic.. =========================================================================Ubuntu Security Notice USN-4560-1 September 30, 2020 ruby-gon vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Gon gem could be made to run programs if it received specially crafted network traffic. Software Description: - ruby-gon: Ruby library to send data to JavaScript from a Ruby application Details: It was discovered that Gon gem did not properly escape certain input. An attacker could use this vulnerability to execute a cross-site scripting (XSS) attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: ruby-gon 6.1.0-1+deb9u1build0.18.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4560-1 CVE-2020-25739 Package Information: https://launchpad.net/ubuntu/+source/ruby-gon/6.1.0-1+deb9u1build0.18.04.1 -- ubuntu-security-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . A significant vulnerability in the Gon gem permits the execution of scripts through specially designed network messages. Apply an update to protect against CSRF attacks.. gon gem security, ruby library vulnerabilities, ubuntu software advisory, xss attack prevention. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 30, 2020 Critical Ubuntu
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here