Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -2 articles for you...
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryupdatecritical

Debian 11 DSA-5360-1 Critical: Emacs Shell Command Risk Mitigated

Xi Lu discovered that missing input sanitising in Emacs (in etags, the Ruby mode and htmlfontify) could result in the execution of arbitrary shell commands. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5360-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff February 23, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : emacs CVE ID : CVE-2022-48337 CVE-2022-48338 CVE-2022-48339 Xi Lu discovered that missing input sanitising in Emacs (in etags, the Ruby mode and htmlfontify) could result in the execution of arbitrary shell commands. For the stable distribution (bullseye), these problems have been fixed in version 1:27.1+1-3.1+deb11u2. We recommend that you upgrade your emacs packages. For the detailed security status of emacs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/emacs Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . A vital security patch for Emacs has been released, tackling vulnerabilities related to input handling to mitigate the risk of unauthorized command execution.. Debian Security Advisory, Emacs Update, Shell Command Exploit. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 23, 2023 Critical Debian
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorymoderatedebian

Debian: DSA-4487-1 moderate: Neovim Shell Command Execution Issue

User "Arminius" discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi (Vi IMproved), which also affected the Neovim fork, an extensible editor focused on modern code and features: . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4487-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff July 23, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : neovim CVE ID : CVE-2019-12735 User "Arminius" discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi (Vi IMproved), which also affected the Neovim fork, an extensible editor focused on modern code and features: Editors typically provide a way to embed editor configuration commands (aka modelines) which are executed once a file is opened, while harmful commands are filtered by a sandbox mechanism. It was discovered that the "source" command (used to include and execute another file) was not filtered, allowing shell command execution with a carefully crafted file opened in Neovim. For the oldstable distribution (stretch), this problem has been fixed in version 0.1.7-4+deb9u1. We recommend that you upgrade your neovim packages. For the detailed security status of neovim please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/neovim Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Ubuntu Security Notice USN-4521-2 for neovim addresses a vulnerability that allows shell command execution via unvalidated modelines.. Debian Security Advisory, Neovim Security, Command Execution Risk, ShellExploit, Editor Vulnerability. . LinuxSecurity.com Team

Calendar 2 Jul 23, 2019 Debian
Banner 4 1028x280 1708121825 1771600306
99
Ls Advisories Slackware Esm H240
Price Tag 1security advisorycriticalsecurity fix

Slackware 14.1: 2016-062-01 Critical Mailx Shell Command Execution

New mailx packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mailx (SSA:2016-062-01) New mailx packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/mailx-12.5-i486-2_slack14.1.txz: Rebuilt. Drop SSLv2 support (no longer supported by OpenSSL), and fix security issues that could allow a local attacker to cause mailx to execute arbitrary shell commands through the use of a specially-crafted email address. For more information, see: https://www.cve.org/CVERecord?id=CVE-2004-2771 https://www.cve.org/CVERecord?id=CVE-2014-7844 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/mailx-12.5-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/mailx-12.5-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mailx-12.5-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mailx-12.5-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mailx-12.5-i486-1_slack13.37.txz Updated package for Slackware x86_6413.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mailx-12.5-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mailx-12.5-i486-2_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mailx-12.5-x86_64-2_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mailx-12.5-i486-2_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mailx-12.5-x86_64-2_slack14.1.txz Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 13.0 package: 38ee95ec8ed3dfdaf2f736e3e0e3fc39 mailx-12.5-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 1df63fd2f328a10beca73a155b79ff3c mailx-12.5-x86_64-1_slack13.0.txz Slackware 13.1 package: 7ed6abe0adf99fe6cc2a820ca7b4086d mailx-12.5-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 991ac2b0121330bdb3ecd1f32f62d53c mailx-12.5-x86_64-1_slack13.1.txz Slackware 13.37 package: 5f8ddb457a40ebbb5ea83b086c2ca964 mailx-12.5-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 9898bb8aa35e1c7ea21898aafe2de0e6 mailx-12.5-x86_64-1_slack13.37.txz Slackware 14.0 package: 8a52d8cf54387eb6de3a00a90334694b mailx-12.5-i486-2_slack14.0.txz Slackware x86_64 14.0 package: abe166a6d5e80195f6a07213ad0f89c9 mailx-12.5-x86_64-2_slack14.0.txz Slackware 14.1 package: 39496e377649bc8c5ed75c15dc9d2505 mailx-12.5-i486-2_slack14.1.txz Slackware x86_64 14.1 package: cded8a78db70f0e5208475c988b4facb mailx-12.5-x86_64-2_slack14.1.txz Slackware -current package: 2c416a0e6e988dac27b99bb5eda67224 n/mailx-12.5-i586-2.txz Slackware x86_64 -current package: 237538b03e07025f97eb21708fda82bc n/mailx-12.5-x86_64-2.txz Installation instructions: +------------------------+ Upgrade the package as root: #upgradepkg mailx-12.5-i486-2_slack14.1.txz +-----+ . Recent mailx updates made available for Slackware to resolve severe security vulnerabilities. Immediate upgrade is suggested for every system version.. Slackware Packages, Mailx Shell Command Execution, Security Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 03, 2016 Critical Slackware
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianarbitrary execution

Debian: DSA-2946-1 Urgent: python-gnupg Shell Command Execution

Multiple vulnerabilities were discovered in the Python wrapper for the Gnu Privacy Guard (GPG). Insufficient sanitising could lead to the execution of arbitrary shell commands. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2946-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff June 04, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-gnupg CVE ID : CVE-2013-7323 CVE-2014-1927 CVE-2014-1928 CVE-2014-1929 Multiple vulnerabilities were discovered in the Python wrapper for the Gnu Privacy Guard (GPG). Insufficient sanitising could lead to the execution of arbitrary shell commands. For the stable distribution (wheezy), these problems have been fixed in version 0.3.6-1~deb7u1. For the testing distribution (jessie), these problems have been fixed in version 0.3.6-1. For the unstable distribution (sid), these problems have been fixed in version 0.3.6-1. We recommend that you upgrade your python-gnupg packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Several security flaws in python-gnupg may allow for unauthorized command execution. It is advisable to perform an upgrade to ensure protection.. Python GnuPG, Debian Security, Shell Command Execution. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 04, 2014 Critical Debian
Banner 4 1028x280 1708121825 1771600306
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryDebianremote

Debian DSA-2598-1: Weechat Remote Threats Security Update

Two security issues have been discovered in Weechat a, fast, light and extensible chat client: CVE-2011-1428 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2598-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff January 05, 2013 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : weechat Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-1428 CVE-2012-5534 Two security issues have been discovered in Weechat a, fast, light and extensible chat client: CVE-2011-1428 X.509 certificates were incorrectly validated. CVE-2012-5534 The hook_process function in the plugin API allowed the execution of arbitrary shell commands. For the stable distribution (squeeze), these problems have been fixed in version 0.3.2-1+squeeze1. For the testing distribution (wheezy), these problems have been fixed in version 0.3.8-1+deb7u1. For the unstable distribution (sid), these problems have been fixed in version 0.3.9.2-1. We recommend that you upgrade your weechat packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian update resolves two vulnerabilities in Weechat, tackling risks related to unauthorized access and incorrect validation flaws.. Debian Weechat Update Remote Access Issues. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jan 05, 2013 Important Debian
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticaldebian

Debian: DSA 1297-1 Critical: Gforge Plugin Shell Command Execution Issue

Bernhard R. Link discovered that the CVS browsing interface of Gforge, a collaborative development tool, performs insufficient escaping of URLs, which allows the execution of arbitrary shell commands with the privileges of the www-data user.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1297-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff May 24th, 2007 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : gforge-plugin-scmcvs Vulnerability : missing input sanitising Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-0246 Bernhard R. Link discovered that the CVS browsing interface of Gforge, a collaborative development tool, performs insufficient escaping of URLs, which allows the execution of arbitrary shell commands with the privileges of the www-data user. The oldstable distribution (sarge) is not affected by this problem. For the stable distribution (etch) this problem has been fixed in version 4.5.14-5. For the unstable distribution (sid) this problem has been fixed in version 4.5.14-6. We recommend that you upgrade your gforge-plugin-scmcvs package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: Size/MD5 checksum: 598 8738c271d0dc9944d6fbe3e68b4713d6 Size/MD5 checksum: 14336539a63598dc47a3d3be27ede648fea85e Architecture independent components: Size/MD5 checksum: 91980 f3a9400e23d76e99a55a1e9739312f06 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Advisory DSA 1297-1 http://www.debian.org/security/ Moritz Muehlenhoff May 24th, 200. bernhard, browsing, interface, gforge, collaborative, development. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 24, 2007 Critical Debian
Banner 4 1028x280 1708121825 1771600306
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisoryGentooarbitrary execution

Gentoo: GLSA-200611-22 Normal: Ingo H3 Shell Command Execution Risk

Ingo H3 is vulnerable to arbitrary shell command execution when handling procmail rules.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200611-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Ingo H3: Folder name shell command injection Date: November 27, 2006 Bugs: #153927 ID: 200611-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Ingo H3 is vulnerable to arbitrary shell command execution when handling procmail rules. Background ========= Ingo H3 is a generic frontend for editing Sieve, procmail, maildrop and IMAP filter rules. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/horde-ingo < 1.1.2 > = 1.1.2 Description ========== Ingo H3 fails to properly escape shell metacharacters in procmail rules. Impact ===== A remote authenticated attacker could craft a malicious rule which could lead to the execution of arbitrary shell commands on the server. Workaround ========= Don't use procmail with Ingo H3. Resolution ========= All Ingo H3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/horde-ingo-1.1.2" References ========= [ 1 ] CVE-2006-5449 https://www.cve.org/CVERecord?id=CVE-2006-5449 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200611-22 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuringthe confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . The vulnerabilities in Ingo H3's shell command execution put Gentoo users at risk. Immediate upgrades are strongly advised for everyone.. Ingo H3 Security,Gentoo Advisory,Shell Command Threats,Procmail Security. . LinuxSecurity.com Team

Calendar 2 Nov 27, 2006 Gentoo
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here