Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -6 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorymoderateFedora

Fedora 41 Nginx: 2025-66ebd291f8 moderate: TLS session reuse issue

Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-66ebd291f8 2025-02-15 02:35:33.711202+00:00 -------------------------------------------------------------------------------- Name : nginx Product : Fedora 41 Version : 1.26.3 Release : 1.fc41 URL : https://nginx.org Summary : A high performance web server and reverse proxy server Description : Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. -------------------------------------------------------------------------------- Update Information: Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module. Thanks to Nils Bars. *) Workaround: "gzip filter failed to use preallocated memory" alerts appeared in logs when using zlib-ng. *) Bugfix: nginx could not build libatomic library using the library sources if the --with-libatomic=DIR option was used. *) Bugfix: nginx now ignores QUIC version negotiation packets from clients. *) Bugfix: nginx could not be built on Solaris 10 and earlier with the ngx_http_v3_module. *) Bugfixes in HTTP/3. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 6 2025 Felix Kaechele - 2:1.26.3-1 - update to 1.26.3 - fixes SSL session reuse vulnerability (CVE-2025-23419) - drop zlib-ng patch, theissue was addressed upstream * Wed Feb 5 2025 Luboš Uhliarik - 2:1.26.2-6 - Use systemd-sysusers * Mon Feb 3 2025 Joe Orton - 2:1.26.2-5 - Add systemd instantiated service nginx@.service, allowing e.g. "systemctl start This email address is being protected from spambots. You need JavaScript enabled to view it." to start an instance of nginx using /etc/nginx/foobar.conf as the configuration. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2277663 - please switch to using systemd-sysusers to create the nginx user https://bugzilla.redhat.com/show_bug.cgi?id=2277663 [ 2 ] Bug #2344198 - CVE-2025-23419 nginx: TLS Session Resumption Vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2344198 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-66ebd291f8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 41 Update Notification provides nginx security fix and bug details, addressing the TLS session reuse issue and more.. nginx update,Fedora 41 advisory,SSL security patch,TLS session management. . LinuxSecurity.com Team

Calendar 2 Feb 15, 2025 Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoranginx

Fedora 40: FEDORA-2025-016ed44ddc critical: nginx SSL session bypass

Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-016ed44ddc 2025-02-15 02:22:06.812098+00:00 -------------------------------------------------------------------------------- Name : nginx Product : Fedora 40 Version : 1.26.3 Release : 1.fc40 URL : https://nginx.org Summary : A high performance web server and reverse proxy server Description : Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. -------------------------------------------------------------------------------- Update Information: Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module. Thanks to Nils Bars. *) Workaround: "gzip filter failed to use preallocated memory" alerts appeared in logs when using zlib-ng. *) Bugfix: nginx could not build libatomic library using the library sources if the --with-libatomic=DIR option was used. *) Bugfix: nginx now ignores QUIC version negotiation packets from clients. *) Bugfix: nginx could not be built on Solaris 10 and earlier with the ngx_http_v3_module. *) Bugfixes in HTTP/3. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 6 2025 Felix Kaechele - 2:1.26.3-1 - update to 1.26.3 - fixes SSL session reuse vulnerability (CVE-2025-23419) - drop zlib-ng patch, theissue was addressed upstream * Wed Feb 5 2025 Luboš Uhliarik - 2:1.26.2-6 - Use systemd-sysusers * Mon Feb 3 2025 Joe Orton - 2:1.26.2-5 - Add systemd instantiated service nginx@.service, allowing e.g. "systemctl start This email address is being protected from spambots. You need JavaScript enabled to view it." to start an instance of nginx using /etc/nginx/foobar.conf as the configuration. * Sat Feb 1 2025 Björn Esser - 2:1.26.2-4 - Add explicit BR: libxcrypt-devel * Sat Feb 1 2025 Felix Kaechele - 2:1.26.2-3 - Add zlib-ng patch to fix rhbz#2343318 * Fri Jan 17 2025 Fedora Release Engineering - 2:1.26.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2277663 - please switch to using systemd-sysusers to create the nginx user https://bugzilla.redhat.com/show_bug.cgi?id=2277663 [ 2 ] Bug #2344197 - CVE-2025-23419 nginx: TLS Session Resumption Vulnerability [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2344197 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-016ed44ddc' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . A security patch for nginx on Fedora 40 resolves problems related to SSL session validation stemming from inadequate verification procedures.. nginx updates,Fedora security,SSL session issues,TLS vulnerabilities,web server security. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 15, 2025 Critical Fedora
Banner 1 1028x280 1708121660 1771599717
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorynetwork securitycritical

Debian: DSA-4029-2 Critical: Apache HTTP Server RCE Security Flaw Alert

Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3029-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Salvatore Bonaccorso September 20, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx CVE ID : CVE-2014-3616 Debian Bug : 761940 Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position. For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy3. For the testing distribution (jessie), this problem has been fixed in version 1.6.2-1. For the unstable distribution (sid), this problem has been fixed in version 1.6.2-1. We recommend that you upgrade your nginx packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian has released an update for nginx to address identified vulnerabilities in SSL session reuse, which may result in potential risks of virtual host confusion attacks.. Debian Security,Nginx Update,SSL Session Attack,Network Configuration. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 20, 2014 Critical Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here