Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 183 articles for you...
172

Ubuntu 26.04 LTS NTFS-3G Important Heap Buffer Overflows Vuln USN-8554-1

Several security issues were fixed in NTFS-3G.. ========================================================================== Ubuntu Security Notice USN-8554-1 July 16, 2026 ntfs-3g vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in NTFS-3G. Software Description: - ntfs-3g: read/write NTFS driver for FUSE Details: It was discovered that NTFS-3G had a heap buffer overflow when reading certain NTFS images. A local attacker could possibly use this issue to execute arbitrary code. (CVE-2026-42616) It was discovered that NTFS-3G had multiple heap buffer overflows when processing certain NTFS images. A local attacker could possibly use these issues to execute arbitrary code. (CVE-2026-42617, CVE-2026-42618, CVE-2026-46569, CVE-2026-46570, CVE-2026-46572, CVE-2026-56135) It was discovered that NTFS-3G had out-of-bounds reads when processing certain NTFS images. A local attacker could possibly use these issues to obtain sensitive information. (CVE-2026-46571, CVE-2026-56136) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libntfs-3g89t64 1:2022.10.3-5ubuntu1.1 ntfs-3g 1:2022.10.3-5ubuntu1.1 Ubuntu 24.04 LTS libntfs-3g89t64 1:2022.10.3-1.2ubuntu3.2 ntfs-3g 1:2022.10.3-1.2ubuntu3.2 Ubuntu 22.04 LTS libntfs-3g89 1:2021.8.22-3ubuntu1.4 ntfs-3g 1:2021.8.22-3ubuntu1.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8554-1 CVE-2026-42616, CVE-2026-42617, CVE-2026-42618, CVE-2026-46569, CVE-2026-46570, CVE-2026-46571, CVE-2026-46572, CVE-2026-56135, CVE-2026-56136 Package Information: https://launchpad.net/ubuntu/+source/ntfs-3g/1:2022.10.3-5ubuntu1.1 https://launchpad.net/ubuntu/+source/ntfs-3g/1:2022.10.3-1.2ubuntu3.2 https://launchpad.net/ubuntu/+source/ntfs-3g/1:2021.8.22-3ubuntu1.4 . Ensure your Ubuntu system is secure by addressing the critical issues in NTFS-3G with the latest updates.. NTFS-3G update, Ubuntu security, buffer overflow, code execution, system security. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 16, 2026 Important Ubuntu
172

Ubuntu 26.04 LTS libheif Major Denial of Service Vulnerabilities USN-8526-1

Several security issues were fixed in libheif.. ========================================================================== Ubuntu Security Notice USN-8526-1 July 09, 2026 libheif vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 Summary: Several security issues were fixed in libheif. Software Description: - libheif: An ISO/IEC 23008-12:2017 HEIF and AVIF file format decoder and encoder Details: Xianrui Dong discovered that libheif had an out-of-bounds read in its HEIF sequence track parser. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-47254) Junyi Liu discovered that libheif had a null pointer dereference in its image tiling interface. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-47709) Calvin Young and Enoch Chow discovered that libheif had an integer overflow in its inline mask size calculation. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-47714) Ariel Koren discovered that libheif had an integer underflow in its grid image tile coordinate transform. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-48029) It was discovered that libheif had a missing bound check in its HEIF sequence parser, allowing unbounded heap allocation. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-50142) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS heif-gdk-pixbuf 1.21.2-3ubuntu0.3 heif-thumbnailer 1.21.2-3ubuntu0.3 heif-view 1.21.2-3ubuntu0.3 libheif-dev 1.21.2-3ubuntu0.3 libheif-examples 1.21.2-3ubuntu0.3 libheif-plugin-aomdec 1.21.2-3ubuntu0.3 libheif-plugin-aomenc 1.21.2-3ubuntu0.3 libheif-plugin-dav1d 1.21.2-3ubuntu0.3 libheif-plugin-ffmpegdec 1.21.2-3ubuntu0.3 libheif-plugin-j2kdec 1.21.2-3ubuntu0.3 libheif-plugin-j2kenc 1.21.2-3ubuntu0.3 libheif-plugin-jpegdec 1.21.2-3ubuntu0.3 libheif-plugin-jpegenc 1.21.2-3ubuntu0.3 libheif-plugin-kvazaar 1.21.2-3ubuntu0.3 libheif-plugin-libde265 1.21.2-3ubuntu0.3 libheif-plugin-rav1e 1.21.2-3ubuntu0.3 libheif-plugin-svtenc 1.21.2-3ubuntu0.3 libheif-plugin-x265 1.21.2-3ubuntu0.3 libheif-plugins-all 1.21.2-3ubuntu0.3 libheif1 1.21.2-3ubuntu0.3 Ubuntu 25.10 heif-gdk-pixbuf 1.20.2-1ubuntu0.6 heif-thumbnailer 1.20.2-1ubuntu0.6 heif-view 1.20.2-1ubuntu0.6 libheif-dev 1.20.2-1ubuntu0.6 libheif-examples 1.20.2-1ubuntu0.6 libheif-plugin-aomdec 1.20.2-1ubuntu0.6 libheif-plugin-aomenc 1.20.2-1ubuntu0.6 libheif-plugin-dav1d 1.20.2-1ubuntu0.6 libheif-plugin-ffmpegdec 1.20.2-1ubuntu0.6 libheif-plugin-j2kdec 1.20.2-1ubuntu0.6 libheif-plugin-j2kenc 1.20.2-1ubuntu0.6 libheif-plugin-jpegdec 1.20.2-1ubuntu0.6 libheif-plugin-jpegenc 1.20.2-1ubuntu0.6 libheif-plugin-kvazaar 1.20.2-1ubuntu0.6 libheif-plugin-libde265 1.20.2-1ubuntu0.6 libheif-plugin-rav1e 1.20.2-1ubuntu0.6 libheif-plugin-svtenc 1.20.2-1ubuntu0.6 libheif-plugin-x265 1.20.2-1ubuntu0.6 libheif-plugins-all 1.20.2-1ubuntu0.6 libheif1 1.20.2-1ubuntu0.6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8526-1 CVE-2026-47254, CVE-2026-47709, CVE-2026-47714,CVE-2026-48029, CVE-2026-50142 Package Information: https://launchpad.net/ubuntu/+source/libheif/1.21.2-3ubuntu0.3 https://launchpad.net/ubuntu/+source/libheif/1.20.2-1ubuntu0.6 . Several security issues affecting libheif on Ubuntu 26.04 LTS and 25.10 have been addressed. Update recommended.. Ubuntu security update, libheif vulnerabilities, software security patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 09, 2026 Important Ubuntu
172

Ubuntu 26.04 curl Security Advisory USN-8525-1 Critical Risks and Fixes

Several security issues were fixed in curl.. ========================================================================== Ubuntu Security Notice USN-8525-1 July 09, 2026 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in curl. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: Harry Sintonen discovered that curl incorrectly handled credentials when following HTTP redirects in conjunction with .netrc files. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2024-11053) Hiroki Kurosawa discovered that curl incorrectly handled OCSP stapling responses. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-8096) Joshua Rogers discovered that curl had a use-after-free vulnerability when resetting and cleaning up HTTP/2 stream handles. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2026-10536) Quac Tran and Ngoc Hieu discovered that curl incorrectly reused connections when switching authentication methods to the same host. An attacker could possibly use this issue to obtain sensitive information or perform unauthorized actions. This issue only affected Ubuntu 20.04 LTS. (CVE-2026-5545) Osama Hamad discovered that curl incorrectly reused SMB connections when the target share differed between transfers. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu20.04 LTS. (CVE-2026-5773) Muhamad Arga Reksapati discovered that curl incorrectly forwarded Digest proxy authentication credentials to a different proxy host. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2026-7168) It was discovered that curl incorrectly skipped SSH host verification options when using schemeless URLs with --proto-default. An attacker could possibly use this issue to perform machine-in-the-middle attacks. This issue only affected Ubuntu 25.04 and Ubuntu 25.10. (CVE-2026-12064) It was discovered that curl did not enforce an upper bound on memory allocated for unacknowledged WebSocket PING frames. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. (CVE-2026-11586) It was discovered that curl could stall indefinitely when a malicious HTTP/3 server sent a continuous stream of empty UDP datagrams. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. (CVE-2026-11352) It was discovered that curl could incorrectly continue trusting a native platform CA store after an application switched the handle to use custom CA material. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 25.10. (CVE-2026-11564) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS curl 8.18.0-1ubuntu2.3 libcurl3t64-gnutls 8.18.0-1ubuntu2.3 libcurl4-gnutls-dev 8.18.0-1ubuntu2.3 libcurl4-openssl-dev 8.18.0-1ubuntu2.3 libcurl4t64 8.18.0-1ubuntu2.3 Ubuntu 25.10 curl 8.14.1-2ubuntu1.5 libcurl3t64-gnutls 8.14.1-2ubuntu1.5 libcurl4-gnutls-dev 8.14.1-2ubuntu1.5 libcurl4-openssl-dev 8.14.1-2ubuntu1.5 libcurl4t64 8.14.1-2ubuntu1.5 Ubuntu 24.04 LTS curl 8.5.0-2ubuntu10.11 libcurl3t64-gnutls 8.5.0-2ubuntu10.11 libcurl4-gnutls-dev 8.5.0-2ubuntu10.11 libcurl4-openssl-dev 8.5.0-2ubuntu10.11 libcurl4t64 8.5.0-2ubuntu10.11 Ubuntu 20.04 LTS curl 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro libcurl3-gnutls 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro libcurl3-nss 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro libcurl4 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro libcurl4-gnutls-dev 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro libcurl4-nss-dev 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro libcurl4-openssl-dev 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro Ubuntu 18.04 LTS curl 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro libcurl3-gnutls 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro libcurl3-nss 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro libcurl4 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro libcurl4-gnutls-dev 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro libcurl4-nss-dev 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro libcurl4-openssl-dev 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro Ubuntu 16.04 LTS curl 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro libcurl3 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro libcurl3-gnutls 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro libcurl3-nss 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro libcurl4-gnutls-dev 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro libcurl4-nss-dev 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro libcurl4-openssl-dev 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro Ubuntu 14.04 LTS curl 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro libcurl3 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro libcurl3-gnutls 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro libcurl3-nss 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro libcurl4-gnutls-dev 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro libcurl4-nss-dev 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro libcurl4-openssl-dev 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8525-1 CVE-2024-11053, CVE-2024-8096, CVE-2026-10536, CVE-2026-11352, CVE-2026-11564, CVE-2026-11586, CVE-2026-12064, CVE-2026-5545, CVE-2026-5773, CVE-2026-7168 Package Information: https://launchpad.net/ubuntu/+source/curl/8.18.0-1ubuntu2.3 https://launchpad.net/ubuntu/+source/curl/8.14.1-2ubuntu1.5 https://launchpad.net/ubuntu/+source/curl/8.5.0-2ubuntu10.11 . Multiple security issues resolved in curl for various Ubuntu versions addressing sensitive information exposure and denial of service.. Ubuntu Security, curl Update, HTTP Client Issues, Open Source Vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 09, 2026 Important Ubuntu
87

Debian Tomcat11 Moderate DDoS Bypass Sensitive Info Vuln DSA-6329-1

Multiple security vulnerabilities have been discovered in Tomcat 11, a Java based web server, servlet and JSP engine which may result in a denial of service, authentication bypass or the disclosure of sensitive information. Although we are not aware of any problems, new upstream versions may introduce new options, limits or code changes which may or may not affect your existing. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6329-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Markus Koschany June 08, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat11 CVE ID : CVE-2026-24734 CVE-2026-24880 CVE-2026-25854 CVE-2026-29129 CVE-2026-29145 CVE-2026-29146 CVE-2026-32990 CVE-2026-34483 CVE-2026-34487 CVE-2026-34500 CVE-2026-41284 CVE-2026-41293 CVE-2026-42498 CVE-2026-43512 CVE-2026-43513 CVE-2026-43514 CVE-2026-43515 Multiple security vulnerabilities have been discovered in Tomcat 11, a Java based web server, servlet and JSP engine which may result in a denial of service, authentication bypass or the disclosure of sensitive information. Although we are not aware of any problems, new upstream versions may introduce new options, limits or code changes which may or may not affect your existing web applications. We recommend to consult the Tomcat 11 documentation for further information. For the stable distribution (trixie), these problems have been fixed in version 11.0.22-1~deb13u1. We recommend that you upgrade your tomcat11 packages. For the detailed security status of tomcat11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat11 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be foundat: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical updates for Tomcat 11 address multiple security issues, including DDoS risks and authentication flaws. Upgrade recommended.. Tomcat 11 Security, Debian Updates, Java Security Patches, DDoS Risks, Authentication Bypass. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jun 08, 2026 moderate Debian
87

Debian Tomcat10 Critical Denial Of Service Auth Bypass Vuln DSA-6328-1

Multiple security vulnerabilities have been discovered in Tomcat 10, a Java based web server, servlet and JSP engine which may result in a denial of service, authentication bypass or the disclosure of sensitive information. Although we are not aware of any problems, new upstream versions may introduce new options, limits or code changes which may or may not affect your existing. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6328-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Markus Koschany June 08, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat10 CVE ID : CVE-2026-24880 CVE-2026-25854 CVE-2026-29129 CVE-2026-29145 CVE-2026-29146 CVE-2026-32990 CVE-2026-34483 CVE-2026-34487 CVE-2026-34500 CVE-2026-41284 CVE-2026-41293 CVE-2026-42498 CVE-2026-43512 CVE-2026-43513 CVE-2026-43514 CVE-2026-43515 Multiple security vulnerabilities have been discovered in Tomcat 10, a Java based web server, servlet and JSP engine which may result in a denial of service, authentication bypass or the disclosure of sensitive information. Although we are not aware of any problems, new upstream versions may introduce new options, limits or code changes which may or may not affect your existing web applications. We recommend to consult the Tomcat 10 documentation for further information. For the oldstable distribution (bookworm), these problems have been fixed in version 10.1.55-1~deb12u1. For the stable distribution (trixie), these problems have been fixed in version 10.1.55-1~deb13u1. We recommend that you upgrade your tomcat10 packages. For the detailed security status of tomcat10 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat10 Further information about Debian Security Advisories, how toapply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Tomcat 10 vulnerabilities might cause DoS, authentication bypass, or sensitive info disclosures. Update recommended.. Tomcat 10 vulnerabilities, Debian security, denial of service, authentication bypass, sensitive data. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 08, 2026 Critical Debian
87

Debian Tomcat10 Important Security Denial of Service Auth Bypass DSA-6328-1

Multiple security vulnerabilities have been discovered in Tomcat 10, a Java based web server, servlet and JSP engine which may result in a denial of service, authentication bypass or the disclosure of sensitive information. Although we are not aware of any problems, new upstream versions may introduce new options, limits or code changes which may or may not affect your existing. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6328-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Markus Koschany June 08, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat10 CVE ID : CVE-2026-24880 CVE-2026-25854 CVE-2026-29129 CVE-2026-29145 CVE-2026-29146 CVE-2026-32990 CVE-2026-34483 CVE-2026-34487 CVE-2026-34500 CVE-2026-41284 CVE-2026-41293 CVE-2026-42498 CVE-2026-43512 CVE-2026-43513 CVE-2026-43514 CVE-2026-43515 Multiple security vulnerabilities have been discovered in Tomcat 10, a Java based web server, servlet and JSP engine which may result in a denial of service, authentication bypass or the disclosure of sensitive information. Although we are not aware of any problems, new upstream versions may introduce new options, limits or code changes which may or may not affect your existing web applications. We recommend to consult the Tomcat 10 documentation for further information. For the oldstable distribution (bookworm), these problems have been fixed in version 10.1.55-1~deb12u1. For the stable distribution (trixie), these problems have been fixed in version 10.1.55-1~deb13u1. We recommend that you upgrade your tomcat10 packages. For the detailed security status of tomcat10 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat10 Further information about Debian Security Advisories, how toapply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Multiple vulnerabilities found in Tomcat 10 may lead to denial of service and sensitive information disclosure. Update recommended.. Tomcat 10 Security, Debian Advisory, Denial of Service, Authentication Bypass, Sensitive Information. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 08, 2026 Important Debian
197

Debian Tomcat9 Critical Auth Bypass DoS Advisory DLA-4619-1

Multiple security vulnerabilities have been discovered in Tomcat 9, a Java based web server, servlet and JSP engine which may result in a denial of service, authentication bypass or the disclosure of sensitive information. In order to address certain vulnerabilities and restore the compatibility with Tomcat 9, an upgrade of the Tomcat native library, libtcnative-1, was required. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4619-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany June 07, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : tomcat9 Version : 9.0.118-0+deb11u1 CVE ID : CVE-2026-24880 CVE-2026-25854 CVE-2026-29129 CVE-2026-29145 CVE-2026-29146 CVE-2026-32990 CVE-2026-34483 CVE-2026-34487 CVE-2026-34500 CVE-2026-41284 CVE-2026-41293 CVE-2026-42498 CVE-2026-43512 CVE-2026-43513 CVE-2026-43514 CVE-2026-43515 Multiple security vulnerabilities have been discovered in Tomcat 9, a Java based web server, servlet and JSP engine which may result in a denial of service, authentication bypass or the disclosure of sensitive information. In order to address certain vulnerabilities and restore the compatibility with Tomcat 9, an upgrade of the Tomcat native library, libtcnative-1, was required as well. Although we are not aware of any problems, new upstream versions may introduce new options, limits or code changes which may or may not affect your existing web applications. We recommend to consult the Tomcat 9 documentation for further information. For Debian 11 bullseye, these problems have been fixed in version 9.0.118-0+deb11u1. We recommend that you upgrade your tomcat9 packages. For the detailed security status of tomcat9 please refer to its security tracker pageat: https://security-tracker.debian.org/tracker/tomcat9 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Discover vulnerabilities in Tomcat 9 and recommended updates to safeguard against denial of service and authentication bypass.. Tomcat 9 security update, Debian LTS vulnerabilities, denial of service, authentication bypass. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 07, 2026 Critical Debian LTS
197

Debian LTS DLA-4619-1 Tomcat9 Security Advisory for Multiple Risks

Multiple security vulnerabilities have been discovered in Tomcat 9, a Java based web server, servlet and JSP engine which may result in a denial of service, authentication bypass or the disclosure of sensitive information. In order to address certain vulnerabilities and restore the compatibility with Tomcat 9, an upgrade of the Tomcat native library, libtcnative-1, was required. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4619-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany June 07, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : tomcat9 Version : 9.0.118-0+deb11u1 CVE ID : CVE-2026-24880 CVE-2026-25854 CVE-2026-29129 CVE-2026-29145 CVE-2026-29146 CVE-2026-32990 CVE-2026-34483 CVE-2026-34487 CVE-2026-34500 CVE-2026-41284 CVE-2026-41293 CVE-2026-42498 CVE-2026-43512 CVE-2026-43513 CVE-2026-43514 CVE-2026-43515 Multiple security vulnerabilities have been discovered in Tomcat 9, a Java based web server, servlet and JSP engine which may result in a denial of service, authentication bypass or the disclosure of sensitive information. In order to address certain vulnerabilities and restore the compatibility with Tomcat 9, an upgrade of the Tomcat native library, libtcnative-1, was required as well. Although we are not aware of any problems, new upstream versions may introduce new options, limits or code changes which may or may not affect your existing web applications. We recommend to consult the Tomcat 9 documentation for further information. For Debian 11 bullseye, these problems have been fixed in version 9.0.118-0+deb11u1. We recommend that you upgrade your tomcat9 packages. For the detailed security status of tomcat9 please refer to its security tracker pageat: https://security-tracker.debian.org/tracker/tomcat9 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Multiple vulnerabilities in Tomcat 9 require urgent updates in Debian LTS to prevent information leaks and service disruptions.. Tomcat update, Debian security, Java web server, authentication risk, denial of service. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 06, 2026 Critical Debian LTS
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200