Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
172
security advisoryremote attackUbuntuFedora 39 37 35 33 31 Umbra Key Updates Access USN-9201-3
Undertow would allow unintended access to user sessions over the network.. ========================================================================== Ubuntu Security Notice USN-8144-1 April 02, 2026 undertow vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Undertow would allow unintended access to user sessions over the network. Software Description: - undertow: Java web server based on non-blocking IO Details: It was discovered that Undertow incorrectly validated the Host header in incoming HTTP requests. A remote attacker could possibly use this issue to gain unintended access to user sessions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libundertow-java 2.3.8-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS libundertow-java 2.2.16-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS libundertow-java 2.0.29-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS libundertow-java 1.4.23-3ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS libundertow-java 1.3.16-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8144-1 CVE-2025-12543 . Undertow in Ubuntu allows unintended session access over the network, requiring immediate updates to mitigate risk.. Undertow Security, Ubuntu Security Notice, Remote Access Issue, User Session Vulnerability. . Severity: Important. LinuxSecurity.com Team
Apr 02, 2026
•Important
Ubuntu
98
security advisoryRed Hatkernel updateKernel Security Update for Red Hat Enterprise Linux 8.1 RHSA-2021:1171-01
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:1171-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1171 Issue date: 2021-04-13 CVE Names: CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.1) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) * kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Upstream Patch for Gracefully handle DMAR units with no supported address widthsx86/vt-d (BZ#1932201) * RHEL8.1 Alpha -ISST-LTE:PNV:Witherspoon-DD2.3:woo: KDUMP hang during shutdown, lpfc loses connection to disks (rootdisk:nvme) (BZ#1934306) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem 1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles 1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v.8.1): Source: kernel-4.18.0-147.44.1.el8_1.src.rpm aarch64: bpftool-4.18.0-147.44.1.el8_1.aarch64.rpm bpftool-debuginfo-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-core-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-cross-headers-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-debug-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-debug-core-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-debug-debuginfo-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-debug-devel-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-debug-modules-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-debug-modules-extra-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-debuginfo-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-devel-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-headers-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-modules-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-modules-extra-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-tools-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-tools-debuginfo-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-tools-libs-4.18.0-147.44.1.el8_1.aarch64.rpm perf-4.18.0-147.44.1.el8_1.aarch64.rpm perf-debuginfo-4.18.0-147.44.1.el8_1.aarch64.rpm python3-perf-4.18.0-147.44.1.el8_1.aarch64.rpm python3-perf-debuginfo-4.18.0-147.44.1.el8_1.aarch64.rpm noarch: kernel-abi-whitelists-4.18.0-147.44.1.el8_1.noarch.rpm kernel-doc-4.18.0-147.44.1.el8_1.noarch.rpm ppc64le: bpftool-4.18.0-147.44.1.el8_1.ppc64le.rpm bpftool-debuginfo-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-core-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-cross-headers-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-debug-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-debug-core-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-debug-debuginfo-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-debug-devel-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-debug-modules-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-debug-modules-extra-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-debuginfo-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-devel-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-headers-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-modules-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-modules-extra-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-tools-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-tools-debuginfo-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-tools-libs-4.18.0-147.44.1.el8_1.ppc64le.rpm perf-4.18.0-147.44.1.el8_1.ppc64le.rpm perf-debuginfo-4.18.0-147.44.1.el8_1.ppc64le.rpm python3-perf-4.18.0-147.44.1.el8_1.ppc64le.rpm python3-perf-debuginfo-4.18.0-147.44.1.el8_1.ppc64le.rpm s390x: bpftool-4.18.0-147.44.1.el8_1.s390x.rpm bpftool-debuginfo-4.18.0-147.44.1.el8_1.s390x.rpm kernel-4.18.0-147.44.1.el8_1.s390x.rpm kernel-core-4.18.0-147.44.1.el8_1.s390x.rpm kernel-cross-headers-4.18.0-147.44.1.el8_1.s390x.rpm kernel-debug-4.18.0-147.44.1.el8_1.s390x.rpm kernel-debug-core-4.18.0-147.44.1.el8_1.s390x.rpm kernel-debug-debuginfo-4.18.0-147.44.1.el8_1.s390x.rpm kernel-debug-devel-4.18.0-147.44.1.el8_1.s390x.rpm kernel-debug-modules-4.18.0-147.44.1.el8_1.s390x.rpm kernel-debug-modules-extra-4.18.0-147.44.1.el8_1.s390x.rpm kernel-debuginfo-4.18.0-147.44.1.el8_1.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-147.44.1.el8_1.s390x.rpm kernel-devel-4.18.0-147.44.1.el8_1.s390x.rpm kernel-headers-4.18.0-147.44.1.el8_1.s390x.rpm kernel-modules-4.18.0-147.44.1.el8_1.s390x.rpm kernel-modules-extra-4.18.0-147.44.1.el8_1.s390x.rpm kernel-tools-4.18.0-147.44.1.el8_1.s390x.rpm kernel-tools-debuginfo-4.18.0-147.44.1.el8_1.s390x.rpm kernel-zfcpdump-4.18.0-147.44.1.el8_1.s390x.rpm kernel-zfcpdump-core-4.18.0-147.44.1.el8_1.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-147.44.1.el8_1.s390x.rpm kernel-zfcpdump-devel-4.18.0-147.44.1.el8_1.s390x.rpm kernel-zfcpdump-modules-4.18.0-147.44.1.el8_1.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-147.44.1.el8_1.s390x.rpm perf-4.18.0-147.44.1.el8_1.s390x.rpm perf-debuginfo-4.18.0-147.44.1.el8_1.s390x.rpm python3-perf-4.18.0-147.44.1.el8_1.s390x.rpm python3-perf-debuginfo-4.18.0-147.44.1.el8_1.s390x.rpm x86_64: bpftool-4.18.0-147.44.1.el8_1.x86_64.rpm bpftool-debuginfo-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-core-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-cross-headers-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-debug-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-debug-core-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-debug-debuginfo-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-debug-devel-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-debug-modules-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-debug-modules-extra-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-debuginfo-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-devel-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-headers-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-modules-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-modules-extra-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-tools-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-tools-debuginfo-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-tools-libs-4.18.0-147.44.1.el8_1.x86_64.rpm perf-4.18.0-147.44.1.el8_1.x86_64.rpm perf-debuginfo-4.18.0-147.44.1.el8_1.x86_64.rpm python3-perf-4.18.0-147.44.1.el8_1.x86_64.rpm python3-perf-debuginfo-4.18.0-147.44.1.el8_1.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v.8.1): aarch64: bpftool-debuginfo-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-debug-debuginfo-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-debuginfo-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-tools-debuginfo-4.18.0-147.44.1.el8_1.aarch64.rpm kernel-tools-libs-devel-4.18.0-147.44.1.el8_1.aarch64.rpm perf-debuginfo-4.18.0-147.44.1.el8_1.aarch64.rpm python3-perf-debuginfo-4.18.0-147.44.1.el8_1.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-debug-debuginfo-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-debuginfo-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-tools-debuginfo-4.18.0-147.44.1.el8_1.ppc64le.rpm kernel-tools-libs-devel-4.18.0-147.44.1.el8_1.ppc64le.rpm perf-debuginfo-4.18.0-147.44.1.el8_1.ppc64le.rpm python3-perf-debuginfo-4.18.0-147.44.1.el8_1.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-debug-debuginfo-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-debuginfo-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-tools-debuginfo-4.18.0-147.44.1.el8_1.x86_64.rpm kernel-tools-libs-devel-4.18.0-147.44.1.el8_1.x86_64.rpm perf-debuginfo-4.18.0-147.44.1.el8_1.x86_64.rpm python3-perf-debuginfo-4.18.0-147.44.1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-27363 https://access.redhat.com/security/cve/CVE-2021-27364 https://access.redhat.com/security/cve/CVE-2021-27365 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYHV2etzjgjWX9erEAQgxrw/+NWqL6Px+QMd7FFzhI9CmYfGNWrgMJybx WvUS7pJsAc542wlKR/wENb8Pt+8DzOS+DEnmDDXby5Gtzq/f3KWPjXvl0ExYaziM knZs+mU+xrhpobnZxAvIITmxAzWrqxOgpG97MfplHr9zSMFH5/wO01nekBWVfdp6 J8Ie6Xpbe+9T6sQHp4QZqrUoPWpWKxDrhFU/v/bUc8YhBLCC0iIc/79K3TcBUt7f 1s5bbDxxkkNI8XJJonQoWeAfBVcMTOo9wVxpZjwfaK31YGTOkleEjttit9BE7M9f gHRqXfdRU+4BC97hWHQBP97a526CeECYt17oOsa5vV/pZFDxf6Npmcfj1oPuTgDq ru5M7/TQlr3TTNbnkLT8H7Jr/r6pfpVC2kKnr5AQs9A/zkTXKugH4H9Qvxvn4vSD iQVJoKTGmrEwZGdSQczpJMZN19BVW/fHRje9OqFm0e8UNIdoLNMeFw76xG93pK8P ZNAb+hyfWNkdV5u5cgcn+qc3EmXXBS8cSODDsKWPbCUJEz4EA0YzZXVGx8O3wlXe 7u/Aw/P69wjkzl2sRxKTGumSx/18ev2vnBitMJ2GV3J59wiBGMfBuCCaOxiazOqx SbPFAjjhRPIeUI0Pem8GIF/m6s41cYdQdo6NPaoSOF+PR4SOgro+Kq0GX7fTdD12 ptTTlq+xdDE=BoJl -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 13, 2021
•Important
Red Hat
172
security advisoryaccess issuemoderate severityUbuntu 12.10 USN-1716-1 Moderate: Gnome-Screensaver Access Problem
gnome-screensaver would allow unintended access to the user session.. =========================================================================Ubuntu Security Notice USN-1716-1 February 12, 2013 gnome-screensaver vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 Summary: gnome-screensaver would allow unintended access to the user session. Software Description: - gnome-screensaver: GNOME screen saver and locker Details: It was discovered that gnome-screensaver did not start automatically after logging in. This may result in the screen not being automatically locked after the inactivity timeout is reached, permitting an attacker with physical access to gain access to an unlocked session. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: gnome-screensaver 3.6.0-0ubuntu2.1 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1716-1 CVE-2013-1050 Package Information: https://launchpad.net/ubuntu/+source/gnome-screensaver/3.6.0-0ubuntu2.1 . Mitigating gnome-screensaver flaw in Ubuntu impacting user login. Apply the latest security patch to protect your device.. gnome-screensaver vulnerability, session access control, ubuntu security. . LinuxSecurity.com Team
Feb 12, 2013
Ubuntu
91
security advisorygentookdelibsGentoo: GLSA 200408-23 Low: kdelibs Cross-Domain Cookie Access
The cookie manager component in kdelibs contains a vulnerability allowing an attacker to potentially gain access to a user's session on a legitimate web server. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200408-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: kdelibs: Cross-domain cookie injection vulnerability Date: August 24, 2004 Bugs: #61389 ID: 200408-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= The cookie manager component in kdelibs contains a vulnerability allowing an attacker to potentially gain access to a user's session on a legitimate web server. Background ========= KDE is a widely-used desktop environment based on the Qt toolkit. kcookiejar in kdelibs is responsible for storing and managing HTTP cookies. Konqueror uses kcookiejar for storing and managing cookies. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 kde-base/kdelibs = 3.2.3-r2 Description ========== kcookiejar contains a vulnerability which may allow a malicious website to set cookies for other websites under the same second-level domain. This vulnerability applies to country-specific secondary top level domains that use more than 2 characters in the secondary part of the domain name, and that use a secondary part other than com, net, mil, org, gov, edu or int. However, certain popular domains, such as co.uk, are not affected. Impact ===== Users visiting a malicious website using the Konqueror browser may have a session cookie set for them by that site.Later, when the user visits another website under the same domain, the attacker's session cookie will be used instead of the cookie issued by the legitimate site. Depending on the design of the legitimate site, this may allow an attacker to gain access to the user's session. For further explanation on this type of attack, see the paper titled "Session Fixation Vulnerability in Web-based Applications" (reference 2). Workaround ========= There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of kdelibs. Resolution ========= All kdelibs users should upgrade to the latest version: # emerge sync # emerge -pv "> =kde-base/kdelibs-3.2.3-r2" # emerge "> =kde-base/kdelibs-3.2.3-r2" References ========= [ 1 ] KDE Advisory https://kde.org/info/security/advisory-20040823-1.txt [ 2 ] Session Fixation Vulnerability in Web-based Applications https://acrossecurity.com/papers/session_fixation.pdf Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200408-23 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Aug 24, 2004
•Low
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!