Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
89
security advisoryfedorathreatFedora 43 rust-nu Addresses OpenSSL Shell Security Issues for 2026-41676
Rebuild with version 0.10.79 of the openssl crate which includes fixes for the following security issues: CVE-2026-41676 / GHSA-pqf5-4pqq-29f5 CVE-2026-41677 / GHSA-xmgf-hq76-4vx2 CVE-2026-41678 / GHSA-8c75-8mhr-p7r9. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b00a9673c8 2026-05-21 01:26:51.960395+00:00 -------------------------------------------------------------------------------- Name : rust-nu Product : Fedora 43 Version : 0.99.1 Release : 17.fc43 URL : https://crates.io/crates/nu Summary : New type of shell Description : A new type of shell. -------------------------------------------------------------------------------- Update Information: Rebuild with version 0.10.79 of the openssl crate which includes fixes for the following security issues: CVE-2026-41676 / GHSA-pqf5-4pqq-29f5 CVE-2026-41677 / GHSA-xmgf-hq76-4vx2 CVE-2026-41678 / GHSA-8c75-8mhr-p7r9 CVE-2026-41681 / GHSA-ghm9-cr32-g9qj CVE-2026-41898 / GHSA-hppc-g8h3-xhp3 CVE-2026-42327 / GHSA-xp3w-r5p5-63rr CVE-2026-44662 / GHSA-xv59-967r-8726 -------------------------------------------------------------------------------- ChangeLog: * Mon May 11 2026 Fabio Valentini - 0.99.1-17 - Rebuild for rust-openssl CVE-2026-{41676,41677,41678,41681,41898,42327,44662} -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b00a9673c8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 21, 2026
•Important
Fedora
89
security advisorydenial of serviceFedoraFedora 40: FEDORA-2024-ce2936b568 Moderate: Rust-Nu Denial of Service
This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-ce2936b568 2024-05-26 01:25:15.719720 -------------------------------------------------------------------------------- Name : rust-nu Product : Fedora 40 Version : 0.91.0 Release : 2.fc40 URL : Summary : New type of shell Description : A new type of shell. -------------------------------------------------------------------------------- Update Information: This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority security and / or safety fixes in crate dependencies that had not yet been handled via a separate (targeted) rebuild: h2 v0.3.26+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0332.html glib v0.19.4+ and backports (UB): core/pull/1343 hashbrown v0.14.5+ (UB): https://github.com/rust-lang/hashbrown/pull/511 rustls v0.22.4+, v0.21.11+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0336.html -------------------------------------------------------------------------------- ChangeLog: * Thu May 23 2024 Fabio Valentini - 0.91.0-2 - Rebuild with Rust 1.78 to fix incomplete debuginfo and backtraces -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2024-ce2936b568' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 26, 2024
Fedora
89
security advisoryupdateFedoraFedora: 2022-5b644a935b Moderate: Bash Null Check Issue Resolved
Add a null check in parameter_brace_transform() function. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-5b644a935b 2022-10-05 01:03:41.175274 --------------------------------------------------------------------------------Name : bash Product : Fedora 35 Version : 5.1.8 Release : 3.fc35 URL : Summary : The GNU Bourne Again shell Description : The GNU Bourne Again shell (Bash) is a shell or command language interpreter that is compatible with the Bourne shell (sh). Bash incorporates useful features from the Korn shell (ksh) and the C shell (csh). Most sh scripts can be run by bash without modification. --------------------------------------------------------------------------------Update Information: Add a null check in parameter_brace_transform() function --------------------------------------------------------------------------------ChangeLog: * Mon Sep 26 2022 Siteshwar Vashisht - 5.1.8-3 - Add a null check in parameter_brace_transform() function Resolves: #2122331 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5b644a935b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 04, 2022
Fedora
98
security advisorysecurity updatered hatRed Hat Enterprise Linux 8: RHSA-2020-0903-01 Critical Zsh Privilege Flaw
An update for zsh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: zsh security update Advisory ID: RHSA-2020:0903-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0903 Issue date: 2020-03-19 CVE Names: CVE-2019-20044 ==================================================================== 1. Summary: An update for zsh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - noarch Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more. Security Fix(es): * zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includesthe changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1804859 - CVE-2019-20044 zsh: insecure dropping of privileges when unsetting PRIVILEGED option 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): noarch: zsh-html-5.5.1-6.el8_1.2.noarch.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: zsh-5.5.1-6.el8_1.2.src.rpm aarch64: zsh-5.5.1-6.el8_1.2.aarch64.rpm zsh-debuginfo-5.5.1-6.el8_1.2.aarch64.rpm zsh-debugsource-5.5.1-6.el8_1.2.aarch64.rpm ppc64le: zsh-5.5.1-6.el8_1.2.ppc64le.rpm zsh-debuginfo-5.5.1-6.el8_1.2.ppc64le.rpm zsh-debugsource-5.5.1-6.el8_1.2.ppc64le.rpm s390x: zsh-5.5.1-6.el8_1.2.s390x.rpm zsh-debuginfo-5.5.1-6.el8_1.2.s390x.rpm zsh-debugsource-5.5.1-6.el8_1.2.s390x.rpm x86_64: zsh-5.5.1-6.el8_1.2.x86_64.rpm zsh-debuginfo-5.5.1-6.el8_1.2.x86_64.rpm zsh-debugsource-5.5.1-6.el8_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-20044 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXnNXRtzjgjWX9erEAQhpFw/8DpTkNen+6G9706kw0XvfJZGlChbAvZ8D SogdtGRb9QBBCAmF/gkucSy6j8J6prx8So39w2iKLV5WKL/1RK0mXpNmFRfJxYuI rLMk04eccVJiXeFHYPxnh/OOhmGN3WxiUmnop5lkazjYE2CXJ7LXVj5JFibT5oDK hVzgPbEkxhorlzLmwQPDLnFEanw+9N/R5owxgfjksWyjlFSv/xGQM27MOLWyIonk U5IiFO1b+ah++SRT6QgAGjpx1QEebDFwyZs9+E/YBMZrhiiwvaQ9ykZI+MfAAXhT fz85/CNvHFJz9kI7hT1EBGmCBsJ/ZiRdyPmlzY284PsDfwe3i4p3YilFp+gQ0s19 CnET/k7W2HGnBRsxxgDjQyLFzaOYU4/9moQQ0rdDxiVrqgKIf+ATmq/00hu1pddw CqH/+ZD81SvhdGrjxigLhDUbgW0tYirDPOnlKWEn6pJQOqVQGlA6SL7IVc3nuLhE h4P1Nrph+h0PBi3U3QAQ35Tgbqf8oB77gmTuRL5Wiey9yx5QsXdrQ61OeOKXD15/ sIMYYf5V+wSWu0vYCEUqMfHoL562xkfr6PNm1QOIkbMghXeJfNUNP+fiF0PLKIAT ZZW//T9wbOwekhiiLKr26WiRjyy6ZWcGwLCx94DsgUOwrh3YII6YHoB0YZrzKsB5 emNTsUY5VPM=pPnF -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 19, 2020
•Important
Red Hat
91
security advisorygentooarbitrary code executionGentoo: GLSA 201511-01 Normal: MirBSD Korn Shell Arbitrary Code Execution
An attacker who already had access to the environment could so append values to parameters passed through programs.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201511-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MirBSD Korn Shell: Arbitrary code execution Date: November 02, 2015 Bugs: #524414 ID: 201511-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= An attacker who already had access to the environment could so append values to parameters passed through programs. Background ========= MirBSD Korn Shell is an actively developed free implementation of the Korn Shell programming language and a successor to the Public Domain Korn Shell. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-shells/mksh < 50c > = 50c Description ========== Improper sanitation of environment import allows for appending of values to passed parameters. Impact ===== An attacker who already had access to the environment could so append values to parameters passed through programs (including sudo(8) or setuid) to shell scripts, including indirectly, after those programs intended to sanitise the environment, e.g. invalidating the last $PATH component. Workaround ========= There is no known workaround at this time. Resolution ========= All mksh users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-shells/mksh-50c" References ========= [ 1 ] mksh R50c released, securityfix Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201511-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Nov 02, 2015
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!