Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":1,"type":"x","order":1,"pct":33.33,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":66.67,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 6 articles for you...
100

SUSE: 2025:20254-1 important: python-Jinja2 sandbox issue fix

* bsc#1234808 * bsc#1234809 * bsc#1238879 Cross-References: . # Security update for python-Jinja2 Announcement ID: SUSE-SU-2025:20254-1 Release Date: 2025-03-28T13:55:44Z Rating: important References: * bsc#1234808 * bsc#1234809 * bsc#1238879 Cross-References: * CVE-2024-56201 * CVE-2024-56326 * CVE-2025-27516 CVSS scores: * CVE-2024-56201 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56201 ( NVD ): 5.4 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-56201 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56326 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56326 ( NVD ): 5.4 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-56326 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-27516 ( SUSE ): 5.4 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-27516 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H * CVE-2025-27516 ( NVD ): 5.4 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Micro 6.1 An update that solves three vulnerabilities can now be installed. ## Description: This update for python-Jinja2 fixes the following issues: * CVE-2025-27516: Fixed Jinja sandbox breakout through attr filter selecting format method (bsc#1238879) * CVE-2024-56201: Fixed sandbox breakout through malicious content and filename of a template (bsc#1234808) * CVE-2024-56326:Fixed sandbox breakout through indirect reference to format method (bsc#1234809) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-52=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * python311-Jinja2-3.1.4-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-56201.html * https://www.suse.com/security/cve/CVE-2024-56326.html * https://www.suse.com/security/cve/CVE-2025-27516.html * https://bugzilla.suse.com/show_bug.cgi?id=1234808 * https://bugzilla.suse.com/show_bug.cgi?id=1234809 * https://bugzilla.suse.com/show_bug.cgi?id=1238879 . Crucial update for python-Jinja2 in SUSE Linux Micro 6.1 addresses various sandbox vulnerabilities and bolsters protective protocols.. SUSE Linux Micro, python-Jinja2, security patch, sandbox issues. . LinuxSecurity.com Team

Calendar%202 Jun 04, 2025 SuSE
89

Fedora 41: FEDORA-2025-7b6e208ef2 moderate: python-jinja2 sandbox issue

Update to 3.1.5 Security fix for CVE-2024-56201. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-7b6e208ef2 2025-01-12 01:37:12.378777+00:00 -------------------------------------------------------------------------------- Name : python-jinja2 Product : Fedora 41 Version : 3.1.5 Release : 1.fc41 URL : https://palletsprojects.com/projects/jinja/ Summary : General purpose template engine Description : Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with Jinja2. It's both designer and developer friendly by sticking to Python's principles and adding functionality useful for templating environments. -------------------------------------------------------------------------------- Update Information: Update to 3.1.5 Security fix for CVE-2024-56201 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 8 2025 Miro Hrončok - 3.1.5-1 - Update to 3.1.5 - Security fix for CVE-2024-56201 - Fixes: rhzb#2333688 - Fixes: rhzb#2336377 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2333854 - CVE-2024-56201 jinja2: Jinja has a sandbox breakout through malicious filenames https://bugzilla.redhat.com/show_bug.cgi?id=2333854 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-7b6e208ef2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys usedby the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . Patch released for python-jinja2 on Fedora 41 targeting a sandbox escape vulnerability. Upgrade to version 3.1.5 is now accessible.. Fedora Updates, python-jinja2 security, template engine fix, sandbox breakout, security advisory. . LinuxSecurity.com Team

Calendar%202 Jan 12, 2025 Fedora
87

Debian Bookworm DSA-5771-1: Critical Php-Twig Sandbox Bypass Fix

Fabien Potencier discovered that under some conditions the sandbox mechanism of Twig, a template engine for PHP, could by bypassed. For the stable distribution (bookworm), this problem has been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5771-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff September 17, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php-twig CVE ID : CVE-2024-45411 Fabien Potencier discovered that under some conditions the sandbox mechanism of Twig, a template engine for PHP, could by bypassed. For the stable distribution (bookworm), this problem has been fixed in version 3.5.1-1+deb12u1. We recommend that you upgrade your php-twig packages. For the detailed security status of php-twig please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/php-twig Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . A critical PHP-Twig vulnerability prior to version 3.3.0 allows sandbox bypass, risking unauthorized data access and remote code execution threats. php-twig security,debian updates,sandbox issue,template engine security. . LinuxSecurity.com Team

Calendar%202 Sep 17, 2024 Debian
87

Debian 11: DSA-5669-1 Moderate: Guix Sandbox Bypass Issue

It was discovered that insufficient restriction of unix daemon sockets in the GNU Guix functional package manager could result in sandbox bypass. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5669-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff April 22, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : guix CVE ID : CVE-2024-27297 It was discovered that insufficient restriction of unix daemon sockets in the GNU Guix functional package manager could result in sandbox bypass. For the oldstable distribution (bullseye), this problem has been fixed in version 1.2.0-4+deb11u2. For the stable distribution (bookworm), this problem has been fixed in version 1.4.0-3+deb12u1. We recommend that you upgrade your guix packages. For the detailed security status of guix please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/guix Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Inadequate controls in Guix permit sandbox evasion. Recommended upgrades. Further information is available in Debian Security Notice DSA-5669-1.. Debian Security, Guix Update, Sandbox Protection, Daemon Security, System Upgrade. . LinuxSecurity.com Team

Calendar%202 Apr 22, 2024 Debian
87

Debian 11: DSA-5246-1 Critical: php-twig Sandbox Code Execution

Marlon Starkloff discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This would allow a malicious user to execute arbitrary code. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5246-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Sebastien Delafond October 04, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php-twig CVE ID : CVE-2022-39261 Debian Bug : 1020991 Marlon Starkloff discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This would allow a malicious user to execute arbitrary code. For the stable distribution (bullseye), this problem has been fixed in version 2.14.3-1+deb11u2. We recommend that you upgrade your php-twig packages. For the detailed security status of php-twig please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/php-twig Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Notice DSA-5247-2 highlights a vulnerability in php-symfony, which may lead to unauthorized access.. php-twig update, Debian security advisory, arbitrary code execution, sandboxing issue. . LinuxSecurity.com Team

Calendar%202 Oct 05, 2022 Debian
203

Mageia 8: MGASA-2022-0097 Moderate: Thunderbird Use-After-Free

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash (CVE-2022-26381). When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification (CVE-2022-26383). . MGASA-2022-0097 - Updated thunderbird packages fix security vulnerabilities Publication date: 11 Mar 2022 URL: https://advisories.mageia.org/MGASA-2022-0097.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-26381, CVE-2022-26383, CVE-2022-26384, CVE-2022-26386, CVE-2022-26387 An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash (CVE-2022-26381). When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification (CVE-2022-26383). If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox (CVE-2022-26384). Previously Thunderbird for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior was reverted to the original, user-specific directory (CVE-2022-26386). When installing an add-on, Thunderbird verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Thunderbird would not have noticed (CVE-2022-26387). References: - https://bugs.mageia.org/show_bug.cgi?id=30144 - https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/ - https://www.thunderbird.net/en-US/thunderbird/91.7.0/releasenotes/ - https://www.cve.org/CVERecord?id=CVE-2022-26381 - https://www.cve.org/CVERecord?id=CVE-2022-26383 - https://www.cve.org/CVERecord?id=CVE-2022-26384 -https://www.cve.org/CVERecord?id=CVE-2022-26386 - https://www.cve.org/CVERecord?id=CVE-2022-26387 SRPMS: - 8/core/thunderbird-91.7.0-1.mga8 - 8/core/thunderbird-l10n-91.7.0-1.mga8 . Revised Thunderbird distributions tackle security concerns encompassing use-after-free and sandboxing weaknesses within Mageia.. Thunderbird Update, Mageia Security, Use-After-Free Fix. . LinuxSecurity.com Team

Calendar%202 Mar 11, 2022 Mageia
89

Fedora 35: Advisory 2022-7d871d7583 Moderate: Php-Twig3 Sandbox Risk

**Version 3.3.8** (2022-02-04) * Fix a security issue when in a sandbox: the `sort` filter must require a Closure for the `arrow` parameter * Fix deprecation notice on `round` * Fix call to deprecated `convertToHtml` method. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-7d871d7583 2022-02-13 01:14:18.017042 --------------------------------------------------------------------------------Name : php-twig3 Product : Fedora 35 Version : 3.3.8 Release : 1.fc35 URL : https://twig.symfony.com Summary : The flexible, fast, and secure template engine for PHP Description : The flexible, fast, and secure template engine for PHP. * Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. * Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a template language for applications where users may modify the template design. * Flexible: Twig is powered by a flexible lexer and parser. This allows the developer to define its own custom tags and filters, and create its own DSL. Autoloader: /usr/share/php/Twig3/autoload.php --------------------------------------------------------------------------------Update Information: **Version 3.3.8** (2022-02-04) * Fix a security issue when in a sandbox: the `sort` filter must require a Closure for the `arrow` parameter * Fix deprecation notice on `round` * Fix call to deprecated `convertToHtml` method --------------------------------------------------------------------------------ChangeLog: * Fri Feb 4 2022 Remi Collet - 3.3.8-1 - update to 3.3.8 --------------------------------------------------------------------------------References: [ 1 ] Bug #2051361 - CVE-2022-23614 twig: Disallow non closures in `sort` filter when the sandbox mode is enabled https://bugzilla.redhat.com/show_bug.cgi?id=2051361 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-7d871d7583' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . An upgrade concerning php-twig3 resolves a sandbox vulnerability affecting Fedora 35, introducing significant improvements in both resilience and adaptability.. Fedora php-twig3 security update, PHP sandbox improvements, Twig template engine. . LinuxSecurity.com Team

Calendar%202 Feb 12, 2022 Fedora
89

Fedora 35: 2022-58abb323f0 Moderate: Php-Twig2 Sandbox Issue

**Version 2.14.11** (2022-02-04) * Fix a security issue when in a sandbox: the `sort` filter must require a Closure for the `arrow` parameter * Fix deprecation notice on `round` * Fix call to deprecated `convertToHtml` method. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-58abb323f0 2022-02-13 01:14:18.017032 --------------------------------------------------------------------------------Name : php-twig2 Product : Fedora 35 Version : 2.14.11 Release : 1.fc35 URL : https://twig.symfony.com Summary : The flexible, fast, and secure template engine for PHP Description : The flexible, fast, and secure template engine for PHP. * Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. * Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a template language for applications where users may modify the template design. * Flexible: Twig is powered by a flexible lexer and parser. This allows the developer to define its own custom tags and filters, and create its own DSL. Autoloader: /usr/share/php/Twig2/autoload.php --------------------------------------------------------------------------------Update Information: **Version 2.14.11** (2022-02-04) * Fix a security issue when in a sandbox: the `sort` filter must require a Closure for the `arrow` parameter * Fix deprecation notice on `round` * Fix call to deprecated `convertToHtml` method --------------------------------------------------------------------------------ChangeLog: * Fri Feb 4 2022 Remi Collet - 2.14.11-1 - update to 2.14.11 --------------------------------------------------------------------------------References: [ 1 ] Bug #2051361 - CVE-2022-23614 twig: Disallow non closures in `sort` filter when the sandbox mode is enabled https://bugzilla.redhat.com/show_bug.cgi?id=2051361 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-58abb323f0' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Fedora Security Alert: An update for php-twig2 has been released, addressing vulnerabilities related to sandbox functionality and filtering mechanisms.. php-twig2 Security Fix,Fedora Template Engine Update,Sandbox Vulnerability. . LinuxSecurity.com Team

Calendar%202 Feb 12, 2022 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":1,"type":"x","order":1,"pct":33.33,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":66.67,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Your message here