Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian LTS openssl Important Use-After-Free NULL Pointer Issues DLA-4624-1

Calendar White Jun 09, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 alsa-lib Important Denial of Service Fix USN-8044-2

Calendar White Jun 09, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS node-shell-quote Important Denial of Service CVE-2026-9277

Calendar White Jun 09, 2026
Important
Mageia Large Esm H800
Mageia

Mageia 9 Suricata Critical Performance Security Issues MGASA-2026-0181

Calendar White Jun 09, 2026
Critical
Mageia Large Esm H900
Mageia

Mageia 9 PackageKit Important TOCTOU Race Escalation CVE-2026-41651

Calendar White Jun 09, 2026
Important
Mageia Large Esm H900
Mageia

Mageia 9 Unbound Critical Remote Code Execution Advisory 2026-0034

Calendar White Jun 09, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 26.04 LTS Netatalk Multiple Security Issues USN-8395-1

Calendar White Jun 09, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 43 mingw-objfw 1.5.5 Update Security Fix FEDORA-2026-de23fedf3e

Calendar White Jun 08, 2026
Fedora Large Esm H900
Fedora

Fedora 43 objfw Important Update 1.5.5 Bug Fixes June 2026

Calendar White Jun 08, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":549,"type":"x","order":1,"pct":78.54,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.29,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.86,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.3,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 1 articles for you...
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentoognupg

Gentoo GLSA-202408-23 Normal: GnuPG Signature Spoofing Advisory

Multiple vulnerabilities have been discovered in GnuPG, the worst of which could lead to signature spoofing.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202408-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GnuPG: Multiple Vulnerabilities Date: August 10, 2024 Bugs: #855395, #923248 ID: 202408-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in GnuPG, the worst of which could lead to signature spoofing. Background ========== The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Affected packages ================= Package Vulnerable Unaffected --------------- ------------ ------------ app-crypt/gnupg < 2.4.4 > = 2.4.4 Description =========== Multiple vulnerabilities have been discovered in GnuPG. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All GnuPG users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-crypt/gnupg-2.4.4" References ========== [ 1 ] CVE-2022-34903 https://nvd.nist.gov/vuln/detail/CVE-2022-34903 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202408-23 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. oralternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Unveil the newest security advisory GLSA 202408-23 for GnuPG, which deals with significant vulnerabilities and the necessary updates to ensure protection.. GnuPG Security Advisory, Gentoo Linux Update, Security Issues GnuPG. . LinuxSecurity.com Team

Calendar 2 Aug 10, 2024 Gentoo
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderateRed Hat

Red Hat Enterprise Linux 9: Fix for Moderate GnuPG2 Signature Spoofing

An update for gnupg2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: gnupg2 security update Advisory ID: RHSA-2022:6602-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6602 Issue date: 2022-09-20 CVE Names: CVE-2022-34903 ==================================================================== 1. Summary: An update for gnupg2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es): * gpg: Signature spoofing via status line injection (CVE-2022-34903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2102868 - CVE-2022-34903 gpg: Signature spoofing viastatus line injection 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): aarch64: gnupg2-debuginfo-2.3.3-2.el9_0.aarch64.rpm gnupg2-debugsource-2.3.3-2.el9_0.aarch64.rpm gnupg2-smime-2.3.3-2.el9_0.aarch64.rpm gnupg2-smime-debuginfo-2.3.3-2.el9_0.aarch64.rpm ppc64le: gnupg2-debuginfo-2.3.3-2.el9_0.ppc64le.rpm gnupg2-debugsource-2.3.3-2.el9_0.ppc64le.rpm gnupg2-smime-2.3.3-2.el9_0.ppc64le.rpm gnupg2-smime-debuginfo-2.3.3-2.el9_0.ppc64le.rpm s390x: gnupg2-debuginfo-2.3.3-2.el9_0.s390x.rpm gnupg2-debugsource-2.3.3-2.el9_0.s390x.rpm gnupg2-smime-2.3.3-2.el9_0.s390x.rpm gnupg2-smime-debuginfo-2.3.3-2.el9_0.s390x.rpm x86_64: gnupg2-debuginfo-2.3.3-2.el9_0.x86_64.rpm gnupg2-debugsource-2.3.3-2.el9_0.x86_64.rpm gnupg2-smime-2.3.3-2.el9_0.x86_64.rpm gnupg2-smime-debuginfo-2.3.3-2.el9_0.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 9): Source: gnupg2-2.3.3-2.el9_0.src.rpm aarch64: gnupg2-2.3.3-2.el9_0.aarch64.rpm gnupg2-debuginfo-2.3.3-2.el9_0.aarch64.rpm gnupg2-debugsource-2.3.3-2.el9_0.aarch64.rpm gnupg2-smime-debuginfo-2.3.3-2.el9_0.aarch64.rpm ppc64le: gnupg2-2.3.3-2.el9_0.ppc64le.rpm gnupg2-debuginfo-2.3.3-2.el9_0.ppc64le.rpm gnupg2-debugsource-2.3.3-2.el9_0.ppc64le.rpm gnupg2-smime-debuginfo-2.3.3-2.el9_0.ppc64le.rpm s390x: gnupg2-2.3.3-2.el9_0.s390x.rpm gnupg2-debuginfo-2.3.3-2.el9_0.s390x.rpm gnupg2-debugsource-2.3.3-2.el9_0.s390x.rpm gnupg2-smime-debuginfo-2.3.3-2.el9_0.s390x.rpm x86_64: gnupg2-2.3.3-2.el9_0.x86_64.rpm gnupg2-debuginfo-2.3.3-2.el9_0.x86_64.rpm gnupg2-debugsource-2.3.3-2.el9_0.x86_64.rpm gnupg2-smime-debuginfo-2.3.3-2.el9_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 RedHat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYypfX9zjgjWX9erEAQiOvhAAhVRPZMa292T4ShXZAj/q0CrQorvNe2nQ yvOLbVmhP1hoGNczgXjCCaO8j72n2ZW4jDW1Y+iTIwdthKUWBp8+OjAJOeVjUuex 8BWX36sbIND6cNaRPhdayAaMt23nTkOqEKOHZQiAVkGdZefRQm0NCEnutsaGxc4f 9zg90wOrO3NCpIY5BbSqoa/yRPShL9c/myjeqngmaeviuDY435+cH+mRJtHiIEee RJld/ltoOoGwJSMiNr4fXLoFuPAYlSKvKYf4NPehRve3ykdgm492NIZgtSFcZs5I XkjmMJGqNHP6Q0a5+3Z89j1sFZR8uXH+sV0ZpW7RsdRqnzZULuXjBIv/8d3sZywM mxruNtaYOsmIh8uUzvkd2c/2gUKjKv9pO2o/Au4nq6dE1axWy1WLEvTUztk5sZ8N d0/y4t904ABz6u5aYADoObmCyULEkjY75FAcyzl6Zvayw9/SJH52pOPgYLzqR8Tu wOOgVdFtQju+5/ASzpuVnN6AjxcrBsTvEKOBI8zHTqlzaq6QpaZlO8etdcc2TXHV eVdSzlBbt0aZuqxhJD+y0N4N9/Oapq2JFjyaF6pac8wrcRrX8/j5FoOQPE/P4OOI qBGwF5WhU53uRoXYEMGT4GrgQfyuQypCbUUjTSkxcI4bidX3U2e5iT0cg4Kjv7qK tqtXxkGaWqc=ep9h -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . GnuPG patch for Red Hat Enterprise Linux 9, classified as medium risk due to signature forgery remedy. Discover additional details.. GnuPG Update, Signature Spoofing Fix, Red Hat Security, Security Advisory. . LinuxSecurity.com Team

Calendar 2 Sep 20, 2022 Red Hat
Banner 3 1028x280 1708121785 1771599793
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity issueRed Hat Enterprise Linux

Red Hat Enterprise Linux 8 RHSA-2022-6463 moderate: gpg signature spoofing

An update for gnupg2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: gnupg2 security update Advisory ID: RHSA-2022:6463-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6463 Issue date: 2022-09-13 CVE Names: CVE-2022-34903 ==================================================================== 1. Summary: An update for gnupg2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es): * gpg: Signature spoofing via status line injection (CVE-2022-34903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2102868 - CVE-2022-34903 gpg: Signature spoofing via status line injection 6. Package List: Red Hat Enterprise Linux BaseOS (v.8): Source: gnupg2-2.2.20-3.el8_6.src.rpm aarch64: gnupg2-2.2.20-3.el8_6.aarch64.rpm gnupg2-debuginfo-2.2.20-3.el8_6.aarch64.rpm gnupg2-debugsource-2.2.20-3.el8_6.aarch64.rpm gnupg2-smime-2.2.20-3.el8_6.aarch64.rpm gnupg2-smime-debuginfo-2.2.20-3.el8_6.aarch64.rpm ppc64le: gnupg2-2.2.20-3.el8_6.ppc64le.rpm gnupg2-debuginfo-2.2.20-3.el8_6.ppc64le.rpm gnupg2-debugsource-2.2.20-3.el8_6.ppc64le.rpm gnupg2-smime-2.2.20-3.el8_6.ppc64le.rpm gnupg2-smime-debuginfo-2.2.20-3.el8_6.ppc64le.rpm s390x: gnupg2-2.2.20-3.el8_6.s390x.rpm gnupg2-debuginfo-2.2.20-3.el8_6.s390x.rpm gnupg2-debugsource-2.2.20-3.el8_6.s390x.rpm gnupg2-smime-2.2.20-3.el8_6.s390x.rpm gnupg2-smime-debuginfo-2.2.20-3.el8_6.s390x.rpm x86_64: gnupg2-2.2.20-3.el8_6.x86_64.rpm gnupg2-debuginfo-2.2.20-3.el8_6.x86_64.rpm gnupg2-debugsource-2.2.20-3.el8_6.x86_64.rpm gnupg2-smime-2.2.20-3.el8_6.x86_64.rpm gnupg2-smime-debuginfo-2.2.20-3.el8_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYyCBytzjgjWX9erEAQhBhg/+KSNEvBY3M8glyU/at+t3haHSa0Ap6wtb y51Ua4fZ6rpA02TISCldKooeCOwvi5i66hwBT3ConquMSGm2RnKGOsifz7eWpl04 C+VcLu2R7w+egdw+smnzJmt4g/0SqIRFn/OTC8bIgM1bx4CzpZRqjlkWSUqiR6/T 8vf5yTClfwRc52Nt2lK1LNxX93AdPhI6rg9D9TgVt1nzshLDbRxIhoIgBKQyoeav YA0s8wtivise5QMH+occGIDBKk/fiiV/43dDRTnVpsrN7TzMOOMo2/9nSI7tdio4 +dNhuu41Ls0bi2kNNPa6IWePrs0lcscwp2IXY04y+XZH0seucWzsEYh7JbSUfvCQ tLjuRrWRtiSI3rc3G1FgRb56zqcikeareekYB7pOixxbjJM0JEoCe89w8ELA5S0R 7oW4EmMSgw9Xc7ytddqmK6aqit7JL3RZpSEAe2nY27+XsyVp8/P58mFz7/9cH0tF AdQFJfEMfHaWncTaY8m1LNS+03F72bsfZHwURuyKWOrwZa5CoM7pD20MSZuDNhJF TzJ/ZCJvyGkIiyLFl7tLWKLoXgsLi2iuyWKwP3QgCsoBYdx963BV5UVeslZjCvOp sWebkDhq5HJ9x4UKTkyT8RsI/q4BOFPflu4PwlGJEMQf1q7tMr0OZFKoD+Ku3JcH gnZufTP+0IE=AKN0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A significant patch for gnupg2 has been released on Red Hat Enterprise Linux, fixing a vulnerability related to signature spoofing. Learn more about it here.. gnupg2 security update, red hat advisory, software update, signature spoofing, enterprise linux. . LinuxSecurity.com Team

Calendar 2 Sep 13, 2022 Red Hat
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorycriticalFedora

Fedora 35: 0dbfb7e270 Critical Gnupg1 Signature Spoofing Fix

Security fix for CVE-2022-34903. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-0dbfb7e270 2022-07-28 01:29:59.622249 --------------------------------------------------------------------------------Name : gnupg1 Product : Fedora 35 Version : 1.4.23 Release : 18.fc35 URL : https://www.gnupg.org/ Summary : A GNU utility for secure communication and data storage Description : GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with any version of PGP2 (PGP2.x uses only IDEA for symmetric-key encryption, which is patented worldwide). --------------------------------------------------------------------------------Update Information: Security fix for CVE-2022-34903 --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Brian C. Lane - 1.4.23-18 - g10/status.c: Backport fix for status buffer overrun Resolves: rhbz#2108445 - Note that this includes the fix for [CVE-2022-34903] * Thu Jan 20 2022 Fedora Release Engineering - 1.4.23-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2102868 - CVE-2022-34903 gpg: Signature spoofing via status line injection https://bugzilla.redhat.com/show_bug.cgi?id=2102868 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-0dbfb7e270' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html Allpackages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . CentOS patch for gnupg1 resolves CVE-2022-34903, enhancing the protection of data integrity and secure exchanges.. Fedora 35 GnuPG Fix, GnuPG Signature Spoofing, Encryption Utility. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 27, 2022 Critical Fedora
Banner 3 1028x280 1708121785 1771599793
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorygnupgcritical

Fedora 36: 2022-1747eea46c Critical: GnuPG Signature Spoofing

Security fix for CVE-2022-34903. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-1747eea46c 2022-07-28 01:26:41.098904 --------------------------------------------------------------------------------Name : gnupg1 Product : Fedora 36 Version : 1.4.23 Release : 18.fc36 URL : http://www.gnupg.org/ Summary : A GNU utility for secure communication and data storage Description : GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with any version of PGP2 (PGP2.x uses only IDEA for symmetric-key encryption, which is patented worldwide). --------------------------------------------------------------------------------Update Information: Security fix for CVE-2022-34903 --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Brian C. Lane - 1.4.23-18 - g10/status.c: Backport fix for status buffer overrun Resolves: rhbz#2108445 - Note that this includes the fix for [CVE-2022-34903] --------------------------------------------------------------------------------References: [ 1 ] Bug #2102868 - CVE-2022-34903 gpg: Signature spoofing via status line injection https://bugzilla.redhat.com/show_bug.cgi?id=2102868 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-1747eea46c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Important patch for Fedora 36 addresses signature forgery issues within GnuPG and enhances data security protocols.. Fedora Update,Gpg Encryption,Security Fix,Buffer Overflow,OpenPGP Compliance. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 27, 2022 Critical Fedora
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorysecurity issueDebian

Debian: DSA-5174-1 Critical GnuPG2 Signature Spoofing Risk

Demi Marie Obenour discovered a flaw in GnuPG, allowing for signature spoofing via arbitrary injection into the status line. An attacker who controls the secret part of any signing-capable key or subkey in the victim's keyring, can take advantage of this flaw to provide a . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5174-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso July 03, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gnupg2 CVE ID : CVE-2022-34903 Debian Bug : 1014157 Demi Marie Obenour discovered a flaw in GnuPG, allowing for signature spoofing via arbitrary injection into the status line. An attacker who controls the secret part of any signing-capable key or subkey in the victim's keyring, can take advantage of this flaw to provide a correctly-formed signature that some software, including gpgme, will accept to have validity and signer fingerprint chosen from the attacker. For the oldstable distribution (buster), this problem has been fixed in version 2.2.12-1+deb10u2. For the stable distribution (bullseye), this problem has been fixed in version 2.2.27-2+deb11u2. We recommend that you upgrade your gnupg2 packages. For the detailed security status of gnupg2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/gnupg2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Announcement DSA-5175-1 highlights vulnerabilities in sudo package. Patch installation advised to ensure system protection and reliability.. gnupg update, Debian advisory, security patch, signature spoofing. . Severity: Critical.LinuxSecurity.com Team

Calendar 2 Jul 03, 2022 Critical Debian
Banner 3 1028x280 1708121785 1771599793
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoraupdate information

Fedora 28 Security Advisory: Evolution CVE-2018-15587 Moderate Threat

Security fix for CVE-2018-15587. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-fc866e9156 2019-03-08 21:40:10.944860 --------------------------------------------------------------------------------Name : evolution Product : Fedora 28 Version : 3.28.5 Release : 3.fc28 URL : https://wiki.gnome.org/Apps/Evolution Summary : Mail and calendar client for GNOME Description : Evolution is the GNOME mailer, calendar, contact manager and communications tool. The components which make up Evolution are tightly integrated with one another and act as a seamless personal information-management tool. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2018-15587 --------------------------------------------------------------------------------ChangeLog: * Mon Feb 18 2019 Milan Crha - 3.28.5-3 - Add patch for RH bug #1677651 (CVE-2018-15587 reposition signature bar) * Fri Oct 26 2018 Milan Crha - 3.28.5-2 - Add BuildRequires/Requires for 'killall' binary * Mon Jul 30 2018 Milan Crha - 3.28.5-1 - Update to 3.28.5 * Mon Jul 16 2018 Milan Crha - 3.28.4-1 - Update to 3.28.4 * Mon Jun 18 2018 Milan Crha - 3.28.3-1 - Update to 3.28.3 * Mon May 7 2018 Milan Crha - 3.28.2-1 - Update to 3.28.2 --------------------------------------------------------------------------------References: [ 1 ] Bug #1677650 - CVE-2018-15587 evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages https://bugzilla.redhat.com/show_bug.cgi?id=1677650 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-fc866e9156' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . --------------------------------------------------------------------------------Fedora Update Notifi. security, cve-2018-15587, --------------------------------------------------------------------. . LinuxSecurity.com Team

Calendar 2 Mar 08, 2019 Fedora
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorycritical issuesoftware update

Ubuntu 10.04 LTS USN-2028-1 Critical: libxml-security-java Spoofing Issue

Apache XML Security for Java could be tricked into validating spoofed signatures.. =========================================================================Ubuntu Security Notice USN-2028-1 November 12, 2013 libxml-security-java vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.04 LTS Summary: Apache XML Security for Java could be tricked into validating spoofed signatures. Software Description: - libxml-security-java: implementation of security standards for XML Details: James Forshaw discovered that Apache XML Security for Java incorrectly validated CanonicalizationMethod parameters. An attacker could use this flaw to spoof XML signatures. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: libxml-security-java 1.4.3-2ubuntu0.1 In general, a standard system update will make all the necessary changes. References: CVE-2013-2172 Package Information: https://launchpad.net/ubuntu/+source/libxml-security-java/1.4.3-2ubuntu0.1 . Apache XML Security for Java can enable fraudulent signature validation. It's crucial to upgrade Ubuntu 10.04 to address this severe vulnerability.. Apache XML Security, Signature Spoofing, Ubuntu Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 12, 2013 Critical Ubuntu
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":549,"type":"x","order":1,"pct":78.54,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.29,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.86,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.3,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here