Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -6 articles for you...
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydebianattack

Debian 8 Security Update: DLA-1942-1 Addresses phpBB3 CSRF Token Flaw

In phpBB, includes/acp/acp_bbcodes.php had improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack was possible if an attacker also managed to retrieve . Package : phpbb3 Version : 3.0.12-5+deb8u4 CVE ID : CVE-2019-16993 In phpBB, includes/acp/acp_bbcodes.php had improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack was possible if an attacker also managed to retrieve the session id of a reauthenticated administrator prior to targeting them. The description in this DLA does not match what has been documented in the changelog.Debian.gz of this package version. After the upload of phpbb3 3.0.12-5+deb8u4, it became evident that CVE-2019-13776 has not yet been fixed. The correct fix for CVE-2019-13776 has been identified and will be shipped in a soon-to-come follow-up security release of phpbb3. For Debian 8 "Jessie", these problems have been fixed in version 3.0.12-5+deb8u4. We recommend that you upgrade your phpbb3 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: This email address is being protected from spambots. You need JavaScript enabled to view it., https://sunweavers.net/ . In phpBB, inadequate validation of CSRF tokens can lead to vulnerabilities; it's crucial to update your packages to enhance security.. phpbb, security update, CSRF token, Debian LTS, session management. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 30, 2019 Critical Debian LTS
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryupdatecritical

Fedora 21: 2015-8788 Critical Advisory for pcs Session Security

Fix for CVE-2015-1848, CVE-2015-3983 (sessions not signed). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-8788 2015-05-25 20:39:54 -------------------------------------------------------------------------------- Name : pcs Product : Fedora 21 Version : 0.9.137 Release : 4.fc21 URL : https://github.com/ClusterLabs/pcs Summary : Pacemaker Configuration System Description : pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and created pacemaker based clusters. -------------------------------------------------------------------------------- Update Information: Fix for CVE-2015-1848, CVE-2015-3983 (sessions not signed) -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 Tomas Jelinek - 0.9.137-4 - Fix for CVE-2015-1848, CVE-2015-3983 (sessions not signed) * Fri Mar 27 2015 Tomas Jelinek - 0.9.137-3 - Fixed postinstall, preuninstall and postuinstall scripts (rhbz#1096224) * Wed Dec 17 2014 Chris Feist - 0.9.137-2 - Bind to 0.0.0.0 instead of ipv6 address by default * Tue Dec 16 2014 Chris Feist - 0.9.137-1 - Re-synced to upstream sources -------------------------------------------------------------------------------- References: [ 1 ] Bug #1208294 - CVE-2015-1848 CVE-2015-3983 pcs: improper web session variable signing https://bugzilla.redhat.com/show_bug.cgi?id=1208294 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update pcs' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/ . Fedora 21's security update addresses session signing vulnerabilities, bolstering defenses against unauthorized access to sensitive information and user sessions. Fedora 21 Update, pcs Security Fix, Critical Session Issue, Linux Patch. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 04, 2015 Critical Fedora
Banner 1 1028x280 1708121660 1771599717
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hatimportant

Red Hat RHSA-2009:1164 Important: Tomcat Session Hijack and DoS Issues

Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: tomcat security update Advisory ID: RHSA-2009:1164-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:1164.html Issue date: 2009-07-21 Keywords: Security CVE Names: CVE-2007-5333 CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 ==================================================================== 1. Summary: Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that the Red Hat Security Advisory RHSA-2007:0871 did not address all possible flaws in the way Tomcat handles certain characters and character sequences in cookie values. A remote attacker could use this flaw to obtain sensitive information, such as session IDs, and then use this information for session hijacking attacks. (CVE-2007-5333) Note: The fix for the CVE-2007-5333 flaw changes the default cookie processing behavior: with this update, version 0 cookies that contain values that must be quoted to be valid are automatically changed to version 1 cookies. To reactivate the previous, but insecure behavior, addthe following entry to the "/etc/tomcat5/catalina.properties" file: org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false It was discovered that request dispatchers did not properly normalize user requests that have trailing query strings, allowing remote attackers to send specially-crafted requests that would cause an information leak. (CVE-2008-5515) A flaw was found in the way the Tomcat AJP (Apache JServ Protocol) connector processes AJP connections. An attacker could use this flaw to send specially-crafted requests that would cause a temporary denial of service. (CVE-2009-0033) It was discovered that the error checking methods of certain authentication classes did not have sufficient error checking, allowing remote attackersto enumerate (via brute force methods) usernames registered with applications running on Tomcat when FORM-based authentication was used. (CVE-2009-0580) A cross-site scripting (XSS) flaw was found in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the "time" parameter. (CVE-2009-0781) It was discovered that web applications containing their own XML parserscould replace the XML parser Tomcat uses to parse configuration files. A malicious web application running on a Tomcat instance could read or, potentially, modify the configuration and XML-based data of other web applications deployed on the same Tomcat instance. (CVE-2009-0783) Users of Tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 427766 - CVE-2007-5333 Improve cookie parsing for tomcat5 489028 - CVE-2009-0781tomcat: XSS in Apache Tomcat calendar application 493381 - CVE-2009-0033 tomcat6 Denial-Of-Service with AJP connection 503978 - CVE-2009-0580 tomcat6 Information disclosure in authentication classes 504153 - CVE-2009-0783 tomcat XML parser information disclosure 504753 - CVE-2008-5515 tomcat request dispatcher information disclosure vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: tomcat5-debuginfo-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.i386.rpm x86_64: tomcat5-debuginfo-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: tomcat5-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.i386.rpm x86_64: tomcat5-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: tomcat5-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.i386.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.i386.rpm ia64: tomcat5-5.5.23-0jpp.7.el5_3.2.ia64.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.ia64.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.ia64.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_3.2.ia64.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.ia64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.ia64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.ia64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.ia64.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.ia64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.ia64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.ia64.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.ia64.rpm ppc: tomcat5-5.5.23-0jpp.7.el5_3.2.ppc.rpm tomcat5-5.5.23-0jpp.7.el5_3.2.ppc64.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.ppc.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.ppc.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_3.2.ppc.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_3.2.ppc64.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.ppc.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.ppc.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.ppc.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.ppc.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.ppc.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.ppc.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.ppc.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.ppc.rpm s390x: tomcat5-5.5.23-0jpp.7.el5_3.2.s390x.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.s390x.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.s390x.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_3.2.s390x.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.s390x.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.s390x.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.s390x.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.s390x.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.s390x.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.s390x.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.s390x.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.s390x.rpm x86_64: tomcat5-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2.x86_64.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.cve.org/CVERecord?id=CVE-2007-5333 https://www.cve.org/CVERecord?id=CVE-2008-5515 https://www.cve.org/CVERecord?id=CVE-2009-0033 https://www.cve.org/CVERecord?id=CVE-2009-0580 https://www.cve.org/CVERecord?id=CVE-2009-0781 https://www.cve.org/CVERecord?id=CVE-2009-0783 https://tomcat.apache.org/security-5.html https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4(GNU/Linux) iD8DBQFKZmwkXlSAg2UNWIIRAuiZAKCl0RGKySFNZXzn2yP++DUeo8UV/wCfc/yd gciYRj4h4oJ7znufBR/BjDk=wR3r -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical announcement regarding Apache Tomcat on Red Hat: multiple vulnerabilities addressed. Update now for protection.. Apache Tomcat Security, Red Hat Security Update, Linux Enterprise Security. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 22, 2009 Important Red Hat
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here