Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H800
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 18 articles for you...
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorySuSEimportant

SUSE: pgadmin4 Important SSRF Session Hijack Memory Exhaustion 2025:01326-1

* bsc#1224295 * bsc#1234840 * bsc#1239308 Cross-References: . # Security update for pgadmin4 Announcement ID: SUSE-SU-2025:01326-1 Release Date: 2025-08-14T13:03:14Z Rating: important References: * bsc#1224295 * bsc#1234840 * bsc#1239308 Cross-References: * CVE-2023-1907 * CVE-2024-4068 * CVE-2025-27152 CVSS scores: * CVE-2023-1907 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-1907 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-1907 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2023-1907 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-4068 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-4068 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-27152 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-27152 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-27152 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for pgadmin4 fixes the following issues: * CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308) * CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users authenticate simultaneously via ldap (bsc#1234840) * CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295) ## Patch Instructions: To install this SUSE update use the SUSE recommended installationmethods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-1326=1 ## Package List: * Python 3 Module 15-SP6 (noarch) * pgadmin4-doc-4.30-150300.3.18.1 * pgadmin4-web-4.30-150300.3.18.1 * Python 3 Module 15-SP6 (s390x) * pgadmin4-4.30-150300.3.18.1 * pgadmin4-debuginfo-4.30-150300.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1907.html * https://www.suse.com/security/cve/CVE-2024-4068.html * https://www.suse.com/security/cve/CVE-2025-27152.html * https://bugzilla.suse.com/show_bug.cgi?id=1224295 * https://bugzilla.suse.com/show_bug.cgi?id=1234840 * https://bugzilla.suse.com/show_bug.cgi?id=1239308 . Resolves critical vulnerabilities in pgadmin4, addressing SSRF and session authentication weaknesses. Keep informed about security enhancements.. SUSE security advisory, pgadmin4 patch, security update, Linux vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Aug 14, 2025 Important SuSE
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorymoderatedebian

Debian 9: DLA-2661-1 Moderate: Jetty9 Credential Exposure Risk

Several vulnerabilities were discovered in jetty, a Java servlet engine and webserver. An attacker may reveal cryptographic credentials such as passwords to a local user, disclose installation paths, hijack user sessions or tamper with collocated webapps. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2661-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Sylvain Beucler May 14, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : jetty9 Version : 9.2.30-0+deb9u1 CVE ID : CVE-2017-9735 CVE-2018-12536 CVE-2019-10241 CVE-2019-10247 CVE-2020-27216 Debian Bug : 864898 902774 928444 Several vulnerabilities were discovered in jetty, a Java servlet engine and webserver. An attacker may reveal cryptographic credentials such as passwords to a local user, disclose installation paths, hijack user sessions or tamper with collocated webapps. CVE-2017-9735 Jetty is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. CVE-2018-12536 On webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system. CVE-2019-10241 The server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. CVE-2019-10247 The server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context. CVE-2020-27216 On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. This update also includes several other bug fixes and improvements. For more information please refer to the upstream changelog file. For Debian 9 stretch, these problems have been fixed in version 9.2.30-0+deb9u1. We recommend that you upgrade your jetty9 packages. For the detailed security status of jetty9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/jetty9 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at:https://wiki.debian.org/LTS . A new patch for jetty9 resolves several vulnerabilities that could permit malicious actors to reveal sensitive information and manipulate user sessions.. jetty Security, Debian Update, Session Hijacking. . LinuxSecurity.com Team

Calendar 2 May 14, 2021 Debian LTS
Banner 1 1028x280 1708121660 1771599717
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorymoderatedenial of service

Mageia 7: 2021-0016 Moderate: XRDP Denial Of Service Risk

Ashley Newson discovered that the XRDP sessions manager was susceptible to denial of service. A local attacker can further take advantage of this flaw to impersonate the XRDP sessions manager and capture any user credentials that are submitted to XRDP, approve or reject arbitrary login credentials or to hijack existing sessions for xorgxrdp sessions (CVE-2020-4044). . MGASA-2021-0016 - Updated xrdp packages fix security vulnerability Publication date: 10 Jan 2021 URL: https://advisories.mageia.org/MGASA-2021-0016.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-4044 Ashley Newson discovered that the XRDP sessions manager was susceptible to denial of service. A local attacker can further take advantage of this flaw to impersonate the XRDP sessions manager and capture any user credentials that are submitted to XRDP, approve or reject arbitrary login credentials or to hijack existing sessions for xorgxrdp sessions (CVE-2020-4044). References: - https://bugs.mageia.org/show_bug.cgi?id=26931 - https://lists.debian.org/debian-security-announce/2020/msg00143.html - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/7FYD6USHZXDI2EAZVGOVFMAE7ILP3SPL/ - https://www.cve.org/CVERecord?id=CVE-2020-4044 SRPMS: - 7/core/xrdp-0.9.10-1.1.mga7 . Fedora's recent patch release tackles a severe vulnerability in the OpenSSH configuration, enhancing the protection of remote login details.. Mageia XRDP Update, Session Hijacking Risk, Security Threat, Credential Safety. . LinuxSecurity.com Team

Calendar 2 Jan 10, 2021 Mageia
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoraupdate information

Fedora 31: rubygem-rack Update FEDORA-2020-57fc0d0156 Critical Session Risk

Update to Rack 2.0.8.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-57fc0d0156 2020-01-18 20:53:18.652494 --------------------------------------------------------------------------------Name : rubygem-rack Product : Fedora 31 Version : 2.0.8 Release : 1.fc31 URL : https://rack.github.io/ Summary : A modular Ruby webserver interface Description : Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call. --------------------------------------------------------------------------------Update Information: Update to Rack 2.0.8. --------------------------------------------------------------------------------ChangeLog: * Thu Jan 9 2020 Gerd Pokorra - 1:2.0.8-1 - Update to Rack 2.0.8. - Change the source URL --------------------------------------------------------------------------------References: [ 1 ] Bug #1789101 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1789101 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-57fc0d0156' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announcemailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . A new rubygem-rack version 2.0.8 has been released to fix session hijacking vulnerabilities. Users are urged to update for enhanced session protection. Rack Update, Fedora Packagenotes, Ruby Webserver Interface. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 18, 2020 Critical Fedora
Banner 1 1028x280 1708121660 1771599717
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydebiansession hijacking

Debian LTS: DLA-1942-2 Moderate: phpBB3 CSRF Token Issue

CVE-2019-16993 In phpBB, includes/acp/acp_bbcodes.php had improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An . This is a follow-up to DLA-1942-1. There was some confusion about the correct fix for CVE-2019-13776. The correct announcement for this DLA should have been: Package : phpbb3 Version : 3.0.12-5+deb8u4 CVE ID : CVE-2019-13776 CVE-2019-16993 CVE-2019-16993 In phpBB, includes/acp/acp_bbcodes.php had improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack was possible if an attacker also managed to retrieve the session id of a reauthenticated administrator prior to targeting them. CVE-2019-13776 phpBB allowed the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking lead to stored XSS. For Debian 8 "Jessie", these problems have been fixed in version 3.0.12-5+deb8u4. We recommend that you upgrade your phpbb3 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The phpBB CSRF token vulnerability threatens Debian LTS systems. Prompt updates are essential for security and robust token handling for users and admins.. phpBB, Debian LTS, security update, CSRF fix, software patch. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Oct 07, 2019 Important Debian LTS
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisoryheap overflowX.org

Scientific Linux SL7 x86_64 SLSA-2017-1865-1 Moderate: X.org Buffer Issue

An integer overflow flaw leading to a heap-based buffer overflow was found in libXpm. An attacker could use this flaw to crash an application using libXpm via a specially crafted XPM file. (CVE-2016-10164) * It was discovered that libXdmcp used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the proce [More...]. Synopsis: Moderate: X.org X11 libraries security, bug fix and Advisory ID: SLSA-2017:1865-1 Issue Date: 2017-08-01 CVE Numbers: CVE-2016-10164 CVE-2017-2625 CVE-2017-2626 -- The following packages have been upgraded to a later upstream version: libX11 (1.6.5), libXaw (1.0.13), libXdmcp (1.1.2), libXfixes (5.0.3), libXfont (1.5.2), libXi (1.7.9), libXpm (3.5.12), libXrandr (1.5.1), libXrender (0.9.10), libXt (1.1.5), libXtst (1.2.3), libXv (1.0.11), libXvMC (1.0.10), libXxf86vm (1.1.4), libdrm (2.4.74), libepoxy (1.3.1), libevdev (1.5.6), libfontenc (1.1.3), libvdpau (1.1.1), libwacom (0.24), libxcb (1.12), libxkbfile (1.0.9), mesa (17.0.1), mesa-private-llvm (3.9.1), xcb-proto (1.12), xkeyboard-config (2.20), xorg-x11-proto-devel (7.7). Security Fix(es): * An integer overflow flaw leading to a heap-based buffer overflow was found in libXpm. An attacker could use this flaw to crash an application using libXpm via a specially crafted XPM file. (CVE-2016-10164) * It was discovered that libXdmcp used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions. (CVE-2017-2625) * It was discovered that libICE used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list. (CVE-2017-2626) -- SL7 x86_64 libICE-1.0.9-9.el7.i686.rpm libICE-1.0.9-9.el7.x86_64.rpm libICE-debuginfo-1.0.9-9.el7.i686.rpm libICE-debuginfo-1.0.9-9.el7.x86_64.rpm libX11-1.6.5-1.el7.i686.rpm libX11-1.6.5-1.el7.x86_64.rpm libX11-debuginfo-1.6.5-1.el7.i686.rpm libX11-debuginfo-1.6.5-1.el7.x86_64.rpm libXaw-1.0.13-4.el7.i686.rpm libXaw-1.0.13-4.el7.x86_64.rpm libXaw-debuginfo-1.0.13-4.el7.i686.rpm libXaw-debuginfo-1.0.13-4.el7.x86_64.rpm libXcursor-1.1.14-8.el7.i686.rpm libXcursor-1.1.14-8.el7.x86_64.rpm libXcursor-debuginfo-1.1.14-8.el7.i686.rpm libXcursor-debuginfo-1.1.14-8.el7.x86_64.rpm libXdmcp-1.1.2-6.el7.i686.rpm libXdmcp-1.1.2-6.el7.x86_64.rpm libXdmcp-debuginfo-1.1.2-6.el7.i686.rpm libXdmcp-debuginfo-1.1.2-6.el7.x86_64.rpm libXfixes-5.0.3-1.el7.i686.rpm libXfixes-5.0.3-1.el7.x86_64.rpm libXfixes-debuginfo-5.0.3-1.el7.i686.rpm libXfixes-debuginfo-5.0.3-1.el7.x86_64.rpm libXfont-1.5.2-1.el7.i686.rpm libXfont-1.5.2-1.el7.x86_64.rpm libXfont-debuginfo-1.5.2-1.el7.i686.rpm libXfont-debuginfo-1.5.2-1.el7.x86_64.rpm libXfont2-2.0.1-2.el7.i686.rpm libXfont2-2.0.1-2.el7.x86_64.rpm libXfont2-debuginfo-2.0.1-2.el7.i686.rpm libXfont2-debuginfo-2.0.1-2.el7.x86_64.rpm libXi-1.7.9-1.el7.i686.rpm libXi-1.7.9-1.el7.x86_64.rpm libXi-debuginfo-1.7.9-1.el7.i686.rpm libXi-debuginfo-1.7.9-1.el7.x86_64.rpm libXpm-3.5.12-1.el7.i686.rpm libXpm-3.5.12-1.el7.x86_64.rpm libXpm-debuginfo-3.5.12-1.el7.i686.rpm libXpm-debuginfo-3.5.12-1.el7.x86_64.rpm libXrandr-1.5.1-2.el7.i686.rpm libXrandr-1.5.1-2.el7.x86_64.rpm libXrandr-debuginfo-1.5.1-2.el7.i686.rpm libXrandr-debuginfo-1.5.1-2.el7.x86_64.rpm libXrender-0.9.10-1.el7.i686.rpm libXrender-0.9.10-1.el7.x86_64.rpm libXrender-debuginfo-0.9.10-1.el7.i686.rpm libXrender-debuginfo-0.9.10-1.el7.x86_64.rpm libXt-1.1.5-3.el7.i686.rpm libXt-1.1.5-3.el7.x86_64.rpm libXt-debuginfo-1.1.5-3.el7.i686.rpm libXt-debuginfo-1.1.5-3.el7.x86_64.rpm libXtst-1.2.3-1.el7.i686.rpm libXtst-1.2.3-1.el7.x86_64.rpm libXtst-debuginfo-1.2.3-1.el7.i686.rpm libXtst-debuginfo-1.2.3-1.el7.x86_64.rpm libXv-1.0.11-1.el7.i686.rpm libXv-1.0.11-1.el7.x86_64.rpm libXv-debuginfo-1.0.11-1.el7.i686.rpm libXv-debuginfo-1.0.11-1.el7.x86_64.rpm libXvMC-1.0.10-1.el7.i686.rpm libXvMC-1.0.10-1.el7.x86_64.rpm libXvMC-debuginfo-1.0.10-1.el7.i686.rpm libXvMC-debuginfo-1.0.10-1.el7.x86_64.rpm libXxf86vm-1.1.4-1.el7.i686.rpm libXxf86vm-1.1.4-1.el7.x86_64.rpm libXxf86vm-debuginfo-1.1.4-1.el7.i686.rpm libXxf86vm-debuginfo-1.1.4-1.el7.x86_64.rpm libdrm-2.4.74-1.el7.i686.rpm libdrm-2.4.74-1.el7.x86_64.rpm libdrm-debuginfo-2.4.74-1.el7.i686.rpm libdrm-debuginfo-2.4.74-1.el7.x86_64.rpm libepoxy-1.3.1-1.el7.i686.rpm libepoxy-1.3.1-1.el7.x86_64.rpm libepoxy-debuginfo-1.3.1-1.el7.i686.rpm libepoxy-debuginfo-1.3.1-1.el7.x86_64.rpm libevdev-1.5.6-1.el7.i686.rpm libevdev-1.5.6-1.el7.x86_64.rpm libevdev-debuginfo-1.5.6-1.el7.i686.rpm libevdev-debuginfo-1.5.6-1.el7.x86_64.rpm libfontenc-1.1.3-3.el7.i686.rpm libfontenc-1.1.3-3.el7.x86_64.rpm libfontenc-debuginfo-1.1.3-3.el7.i686.rpm libfontenc-debuginfo-1.1.3-3.el7.x86_64.rpm libinput-1.6.3-2.el7.i686.rpm libinput-1.6.3-2.el7.x86_64.rpm libinput-debuginfo-1.6.3-2.el7.i686.rpm libinput-debuginfo-1.6.3-2.el7.x86_64.rpm libvdpau-1.1.1-3.el7.i686.rpm libvdpau-1.1.1-3.el7.x86_64.rpm libvdpau-debuginfo-1.1.1-3.el7.i686.rpm libvdpau-debuginfo-1.1.1-3.el7.x86_64.rpm libwacom-0.24-1.el7.i686.rpm libwacom-0.24-1.el7.x86_64.rpm libwacom-debuginfo-0.24-1.el7.i686.rpm libwacom-debuginfo-0.24-1.el7.x86_64.rpm libxcb-1.12-1.el7.i686.rpm libxcb-1.12-1.el7.x86_64.rpm libxcb-debuginfo-1.12-1.el7.i686.rpm libxcb-debuginfo-1.12-1.el7.x86_64.rpm libxkbcommon-0.7.1-1.el7.i686.rpm libxkbcommon-0.7.1-1.el7.x86_64.rpm libxkbcommon-debuginfo-0.7.1-1.el7.i686.rpm libxkbcommon-debuginfo-0.7.1-1.el7.x86_64.rpm libxkbcommon-x11-0.7.1-1.el7.i686.rpm libxkbcommon-x11-0.7.1-1.el7.x86_64.rpm libxkbfile-1.0.9-3.el7.i686.rpm libxkbfile-1.0.9-3.el7.x86_64.rpm libxkbfile-debuginfo-1.0.9-3.el7.i686.rpm libxkbfile-debuginfo-1.0.9-3.el7.x86_64.rpm mesa-debuginfo-17.0.1-6.20170307.el7.i686.rpm mesa-debuginfo-17.0.1-6.20170307.el7.x86_64.rpm mesa-dri-drivers-17.0.1-6.20170307.el7.i686.rpm mesa-dri-drivers-17.0.1-6.20170307.el7.x86_64.rpm mesa-filesystem-17.0.1-6.20170307.el7.i686.rpm mesa-filesystem-17.0.1-6.20170307.el7.x86_64.rpm mesa-libEGL-17.0.1-6.20170307.el7.i686.rpm mesa-libEGL-17.0.1-6.20170307.el7.x86_64.rpm mesa-libGL-17.0.1-6.20170307.el7.i686.rpm mesa-libGL-17.0.1-6.20170307.el7.x86_64.rpm mesa-libGLES-17.0.1-6.20170307.el7.i686.rpm mesa-libGLES-17.0.1-6.20170307.el7.x86_64.rpm mesa-libgbm-17.0.1-6.20170307.el7.i686.rpm mesa-libgbm-17.0.1-6.20170307.el7.x86_64.rpm mesa-libglapi-17.0.1-6.20170307.el7.i686.rpm mesa-libglapi-17.0.1-6.20170307.el7.x86_64.rpm mesa-libxatracker-17.0.1-6.20170307.el7.i686.rpm mesa-libxatracker-17.0.1-6.20170307.el7.x86_64.rpm mesa-private-llvm-3.9.1-3.el7.i686.rpm mesa-private-llvm-3.9.1-3.el7.x86_64.rpm mesa-private-llvm-debuginfo-3.9.1-3.el7.i686.rpm mesa-private-llvm-debuginfo-3.9.1-3.el7.x86_64.rpm drm-utils-2.4.74-1.el7.x86_64.rpm libICE-devel-1.0.9-9.el7.i686.rpm libICE-devel-1.0.9-9.el7.x86_64.rpm libX11-devel-1.6.5-1.el7.i686.rpm libX11-devel-1.6.5-1.el7.x86_64.rpm libXaw-devel-1.0.13-4.el7.i686.rpm libXaw-devel-1.0.13-4.el7.x86_64.rpm libXcursor-devel-1.1.14-8.el7.i686.rpm libXcursor-devel-1.1.14-8.el7.x86_64.rpm libXdmcp-devel-1.1.2-6.el7.i686.rpm libXdmcp-devel-1.1.2-6.el7.x86_64.rpm libXfixes-devel-5.0.3-1.el7.i686.rpm libXfixes-devel-5.0.3-1.el7.x86_64.rpm libXfont-devel-1.5.2-1.el7.i686.rpm libXfont-devel-1.5.2-1.el7.x86_64.rpm libXfont2-devel-2.0.1-2.el7.i686.rpm libXfont2-devel-2.0.1-2.el7.x86_64.rpm libXi-devel-1.7.9-1.el7.i686.rpm libXi-devel-1.7.9-1.el7.x86_64.rpm libXpm-devel-3.5.12-1.el7.i686.rpm libXpm-devel-3.5.12-1.el7.x86_64.rpm libXrandr-devel-1.5.1-2.el7.i686.rpm libXrandr-devel-1.5.1-2.el7.x86_64.rpm libXrender-devel-0.9.10-1.el7.i686.rpm libXrender-devel-0.9.10-1.el7.x86_64.rpm libXt-devel-1.1.5-3.el7.i686.rpm libXt-devel-1.1.5-3.el7.x86_64.rpm libXtst-devel-1.2.3-1.el7.i686.rpm libXtst-devel-1.2.3-1.el7.x86_64.rpm libXv-devel-1.0.11-1.el7.i686.rpm libXv-devel-1.0.11-1.el7.x86_64.rpm libXvMC-devel-1.0.10-1.el7.i686.rpm libXvMC-devel-1.0.10-1.el7.x86_64.rpm libXxf86vm-devel-1.1.4-1.el7.i686.rpm libXxf86vm-devel-1.1.4-1.el7.x86_64.rpm libdrm-devel-2.4.74-1.el7.i686.rpm libdrm-devel-2.4.74-1.el7.x86_64.rpm libepoxy-devel-1.3.1-1.el7.i686.rpm libepoxy-devel-1.3.1-1.el7.x86_64.rpm libevdev-devel-1.5.6-1.el7.i686.rpm libevdev-devel-1.5.6-1.el7.x86_64.rpm libevdev-utils-1.5.6-1.el7.x86_64.rpm libfontenc-devel-1.1.3-3.el7.i686.rpm libfontenc-devel-1.1.3-3.el7.x86_64.rpm libinput-devel-1.6.3-2.el7.i686.rpm libinput-devel-1.6.3-2.el7.x86_64.rpm libvdpau-devel-1.1.1-3.el7.i686.rpm libvdpau-devel-1.1.1-3.el7.x86_64.rpm libwacom-devel-0.24-1.el7.i686.rpm libwacom-devel-0.24-1.el7.x86_64.rpm libxcb-devel-1.12-1.el7.i686.rpm libxcb-devel-1.12-1.el7.x86_64.rpm libxkbcommon-devel-0.7.1-1.el7.i686.rpm libxkbcommon-devel-0.7.1-1.el7.x86_64.rpm libxkbcommon-x11-devel-0.7.1-1.el7.i686.rpm libxkbcommon-x11-devel-0.7.1-1.el7.x86_64.rpm libxkbfile-devel-1.0.9-3.el7.i686.rpm libxkbfile-devel-1.0.9-3.el7.x86_64.rpm mesa-libEGL-devel-17.0.1-6.20170307.el7.i686.rpm mesa-libEGL-devel-17.0.1-6.20170307.el7.x86_64.rpm mesa-libGL-devel-17.0.1-6.20170307.el7.i686.rpm mesa-libGL-devel-17.0.1-6.20170307.el7.x86_64.rpm mesa-libGLES-devel-17.0.1-6.20170307.el7.i686.rpm mesa-libGLES-devel-17.0.1-6.20170307.el7.x86_64.rpm mesa-libOSMesa-17.0.1-6.20170307.el7.i686.rpm mesa-libOSMesa-17.0.1-6.20170307.el7.x86_64.rpm mesa-libOSMesa-devel-17.0.1-6.20170307.el7.i686.rpm mesa-libOSMesa-devel-17.0.1-6.20170307.el7.x86_64.rpm mesa-libgbm-devel-17.0.1-6.20170307.el7.i686.rpm mesa-libgbm-devel-17.0.1-6.20170307.el7.x86_64.rpm mesa-libxatracker-devel-17.0.1-6.20170307.el7.i686.rpm mesa-libxatracker-devel-17.0.1-6.20170307.el7.x86_64.rpm mesa-private-llvm-devel-3.9.1-3.el7.i686.rpm mesa-private-llvm-devel-3.9.1-3.el7.x86_64.rpm mesa-vulkan-drivers-17.0.1-6.20170307.el7.x86_64.rpm vulkan-1.0.39.1-2.el7.i686.rpm vulkan-1.0.39.1-2.el7.x86_64.rpm vulkan-debuginfo-1.0.39.1-2.el7.i686.rpm vulkan-debuginfo-1.0.39.1-2.el7.x86_64.rpm vulkan-devel-1.0.39.1-2.el7.i686.rpm vulkan-devel-1.0.39.1-2.el7.x86_64.rpm noarch libX11-common-1.6.5-1.el7.noarch.rpm libwacom-data-0.24-1.el7.noarch.rpm xkeyboard-config-2.20-1.el7.noarch.rpm libvdpau-docs-1.1.1-3.el7.noarch.rpm libxcb-doc-1.12-1.el7.noarch.rpm vulkan-filesystem-1.0.39.1-2.el7.noarch.rpm xcb-proto-1.12-2.el7.noarch.rpm xkeyboard-config-devel-2.20-1.el7.noarch.rpm xorg-x11-proto-devel-7.7-20.el7.noarch.rpm - Scientific Linux Development Team . Several moderate vulnerabilities have been identified in the X.org X11 libraries, particularly concerning session fixation and buffer overflow weaknesses.. buffer Overflow, session Hijacking, Xorg Libraries, libXpm Fixes. . LinuxSecurity.com Team

Calendar 2 Aug 21, 2017 Scientific Linux
Banner 1 1028x280 1708121660 1771599717
198
Ls Advisories Archlinux Esm H240
Price Tag 1security advisorymedium severitysession hijacking

Arch Linux: ASA-201707-8 Medium: Tor Session Hijack Risk

The package tor before version 0.3.0.9-1 is vulnerable to session hijacking. . Arch Linux Security Advisory ASA-201707-8 ======================================== Severity: Medium Date : 2017-07-11 CVE-ID : CVE-2017-0377 Package : tor Type : session hijacking Remote : Yes Link : https://security.archlinux.org/AVG-336 Summary ====== The package tor before version 0.3.0.9-1 is vulnerable to session hijacking. Resolution ========= Upgrade to 0.3.0.9-1. # pacman -Syu "tor> =0.3.0.9-1" The problem has been fixed upstream in version 0.3.0.9. Workaround ========= None. Description ========== A security issue has been found in Tor

Calendar 2 Jul 11, 2017 Medium ArchLinux
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorymoderatedenial of service

Ubuntu 16.04 LTS USN-3024-1 Moderate: Tomcat Security Issues Overview

Several security issues were fixed in Tomcat.. =========================================================================Ubuntu Security Notice USN-3024-1 July 05, 2016 tomcat6, tomcat7 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in Tomcat. Software Description: - tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Details: It was discovered that Tomcat incorrectly handled pathnames used by web applications in a getResource, getResourceAsStream, or getResourcePaths call. A remote attacker could use this issue to possibly list a parent directory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5174) It was discovered that the Tomcat mapper component incorrectly handled redirects. A remote attacker could use this issue to determine the existence of a directory. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5345) It was discovered that Tomcat incorrectly handled different session settings when multiple versions of the same web application was deployed. A remote attacker could possibly use this issue to hijack web sessions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5346) It was discovered that the Tomcat Manager and Host Manager applications incorrectly handled new requests. A remote attacker could possibly use this issue to bypass CSRF protection mechanisms. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5351) It was discovered that Tomcat did not place StatusManagerServlet on the RestrictedServlets list. A remote attacker could possibly use this issue to read arbitrary HTTP requests, including session ID values. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu15.10. (CVE-2016-0706) It was discovered that the Tomcat session-persistence implementation incorrectly handled session attributes. A remote attacker could possibly use this issue to execute arbitrary code in a privileged context. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0714) It was discovered that the Tomcat setGlobalContext method incorrectly checked if callers were authorized. A remote attacker could possibly use this issue to read or wite to arbitrary application data, or cause a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0763) It was discovered that the Tomcat Fileupload library incorrectly handled certain upload requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-3092) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libtomcat7-java 7.0.68-1ubuntu0.1 Ubuntu 15.10: libtomcat7-java 7.0.64-1ubuntu0.3 Ubuntu 14.04 LTS: libtomcat7-java 7.0.52-1ubuntu0.6 Ubuntu 12.04 LTS: libtomcat6-java 6.0.35-1ubuntu3.7 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3024-1 CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2016-3092 Package Information: https://launchpad.net/ubuntu/+source/tomcat7/7.0.68-1ubuntu0.1 https://launchpad.net/ubuntu/+source/tomcat7/7.0.64-1ubuntu0.3 https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.6 https://launchpad.net/ubuntu/+source/tomcat6/6.0.35-1ubuntu3.7 . Numerous vulnerabilities in Tomcat resolved. Refresh your Ubuntu environment to maintain security and performance. Remain vigilant!. Tomcat Issues, Ubuntu Security, Remote Attacks, Web Application Security. .Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 05, 2016 Important Ubuntu
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here