Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 16 articles for you...
87

Debian Trixie SPIP Critical Remote Code Exec Vulnerabilities DSA-6296-1

Multiple vulnerabilities were discovered in SPIP, a website engine for publishing, which may result in remote code execution or an open redirect. For the stable distribution (trixie), these problems have been fixed in version 4.4.15+dfsg-0+deb13u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6296-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso May 25, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : spip CVE ID : CVE-2026-8429 CVE-2026-8430 CVE-2026-48832 Multiple vulnerabilities were discovered in SPIP, a website engine for publishing, which may result in remote code execution or an open redirect. For the stable distribution (trixie), these problems have been fixed in version 4.4.15+dfsg-0+deb13u1. We recommend that you upgrade your spip packages. For the detailed security status of spip please refer to its security tracker page at: https://security-tracker.debian.org/tracker/spip Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Multiple vulnerabilities in SPIP fixed with new updates for Debian Trixie users. Includes critical remote code execution risk.. Debian Security, SPIP vulnerabilities, Remote Code Execution, Debian Updates, Open Redirects. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 25, 2026 Critical Debian
87

Ubuntu Jammy SPIP Security Vulnerability Identified as CVE-2023-4567

Jul Blobul discovered that SPIP, a website engine for publishing, is prone to a privilege escalation vulnerability. For the stable distribution (trixie), this problem has been fixed in version 4.4.13+dfsg-0+deb13u1. We recommend that you upgrade your spip packages.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6174-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso March 22, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : spip CVE ID : CVE-2026-33549 Jul Blobul discovered that SPIP, a website engine for publishing, is prone to a privilege escalation vulnerability. For the stable distribution (trixie), this problem has been fixed in version 4.4.13+dfsg-0+deb13u1. We recommend that you upgrade your spip packages. For the detailed security status of spip please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/spip Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . SPIP faces critical privilege escalation risk. Upgrade to 4.4.13+dfsg-0+deb13u1 to mitigate the identified risk proactively.. debian security advisory, spip privilege escalation, debian update, vulnerability management. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Mar 22, 2026 Critical Debian
87

Debian DSA-6155-1 spip Important SQL Injection XSS Attack

It was discovered that SPIP, a website engine for publishing, would allow a malicious user to access protected information, and perform various SQL injection, Cross-Side Scripting (XSS), and Server-Side Request Forgery (SSRF) attacks. In some cases this could result in arbitrary code execution.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6155-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Sebastien Delafond March 03, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : spip CVE ID : CVE-2026-22205 CVE-2026-22206 CVE-2026-26223 CVE-2026-26345 CVE-2026-27472 CVE-2026-27473 CVE-2026-27474 CVE-2026-27475 It was discovered that SPIP, a website engine for publishing, would allow a malicious user to access protected information, and perform various SQL injection, Cross-Side Scripting (XSS), and Server-Side Request Forgery (SSRF) attacks. In some cases this could result in arbitrary code execution. For the stable distribution (trixie), these problems have been fixed in version 4.4.11+dfsg-0+deb13u1. We recommend that you upgrade your spip packages. For the detailed security status of spip please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/spip Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Upgrade spip in Debian to mitigate security risks like SQL injection and XSS attacks while protecting sensitive information.. Debian Security, SPIP, Code Execution, SQL Injection, Cross-Site Scripting. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 03, 2026 Important Debian
172

Ubuntu 24.10, 20.04, 18.04: USN-7318-1 moderate: spip security issues

Several security issues were fixed in spip.. ========================================================================== Ubuntu Security Notice USN-7318-1 March 04, 2025 spip vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in spip. Software Description: - spip: website engine for publishing Details: It was discovered that svg-sanitizer, vendored in SPIP, did not properly sanitize SVG/XML content. An attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 24.10. (CVE-2022-23638) It was discovered that SPIP did not properly sanitize certain inputs. A remote attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-28959) It was discovered that SPIP did not properly sanitize certain inputs. A remote attacker could possibly use this issue to perform PHP injection attacks. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-28960) It was discovered that SPIP did not properly sanitize certain inputs. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-28961) It was discovered that SPIP did not properly sanitize certain inputs. A remote authenticated attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-37155) It was discovered that SPIP did not properly sanitize certain inputs. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2023-24258) It was discovered that SPIP did not properly handle serialization under certain circumstances. A remote attacker could possibly use this issue to executearbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2023-27372) It was discovered that SPIP did not properly sanitize HTTP requests. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2024-8517) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 spip 4.3.1+dfsg-1ubuntu0.1 Ubuntu 20.04 LTS spip 3.2.7-1ubuntu0.1+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS spip 3.1.4-4~deb9u5ubuntu0.1~esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7318-1 CVE-2022-23638, CVE-2022-28959, CVE-2022-28960, CVE-2022-28961, CVE-2022-37155, CVE-2023-24258, CVE-2023-27372, CVE-2024-8517 Package Information: https://launchpad.net/ubuntu/+source/spip/4.3.1+dfsg-1ubuntu0.1 . Multiple security issues in spip have been addressed for Ubuntu 24.10, 20.04, and 18.04 LTS; make sure to upgrade your systems.. spip vulnerabilities, Ubuntu security notice, software updates, input cleaning. . Severity: Medium. LinuxSecurity.com Team

Calendar%202 Mar 04, 2025 Medium Ubuntu
197

Debian 10 Buster DLA-3761-1 Moderate Security Issue: Spip XSS Risk

Hatim Chabik discovered a cross-site scripting (XSS) vulnerability in spip, a content management system, which can lead to privilege escalation or information disclosure. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3761-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Guilhem Moulin March 15, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : spip Version : 3.2.4-1+deb10u13 CVE ID : CVE-2023-52322 Debian Bug : 1059331 Hatim Chabik discovered a cross-site scripting (XSS) vulnerability in spip, a content management system, which can lead to privilege escalation or information disclosure. For Debian 10 buster, this problem has been fixed in version 3.2.4-1+deb10u13. We recommend that you upgrade your spip packages. For the detailed security status of spip please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/spip Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The recent release for Debian LTS DLA-3762-1 resolves a CSRF vulnerability in the software Project Management Tool, which could lead to unauthorized actions and sensitive information leakage.. Debian Security Advisory, Spip CMS Vulnerability, XSS Risk in Spip. . LinuxSecurity.com Team

Calendar%202 Mar 15, 2024 Debian LTS
197

Debian 10 LTS: DLA-3691-1 critical: SPIP DoS and Info Leak Mitigation

Multiple security issues were discovered in SPIP, a content management system, which could lead to denial of service or information disclosure. For Debian 10 buster, this problem has been fixed in version . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3691-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Guilhem Moulin December 18, 2023 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : spip Version : 3.2.4-1+deb10u12 Multiple security issues were discovered in SPIP, a content management system, which could lead to denial of service or information disclosure. For Debian 10 buster, this problem has been fixed in version 3.2.4-1+deb10u12. We recommend that you upgrade your spip packages. For the detailed security status of spip please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/spip Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Several security flaws addressed in SPIP following Debian LTS DLA-3691-1 update. Upgrading is crucial to prevent potential disruptions and safeguard data integrity.. Debian Security Update, SPIP DoS Mitigation, Debian LTS Advisory, Information Disclosure Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Dec 18, 2023 Critical Debian LTS
197

Debian 10 Buster DLA-3347-2: Moderate Spip Plugin Activation Issue

It was discovered that the fix for CVE-2023-27372 broke (de)activation of plugins with dependencies. For Debian 10 buster, this problem has been fixed in version . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3347-2 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Guilhem Moulin March 03, 2023 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : spip Version : 3.2.4-1+deb10u11 It was discovered that the fix for CVE-2023-27372 broke (de)activation of plugins with dependencies. For Debian 10 buster, this problem has been fixed in version 3.2.4-1+deb10u11. We recommend that you upgrade your spip packages. For the detailed security status of spip please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/spip Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-3348-1 resolves an issue with Moodle related to course management that stemmed from previous updates.. Debian LTS, spip security, plugin compatibility, update advisory. . LinuxSecurity.com Team

Calendar%202 Mar 03, 2023 Debian LTS
87

Debian Bullseye DSA-5367-1 Moderate: Spip Code Execution Risk

It was discovered that SPIP, a website engine for publishing, would allow a malicious user to execute arbitrary code. For the stable distribution (bullseye), this problem has been fixed in . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5367-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Sebastien Delafond March 02, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : spip CVE ID : CVE-2023-27372 It was discovered that SPIP, a website engine for publishing, would allow a malicious user to execute arbitrary code. For the stable distribution (bullseye), this problem has been fixed in version 3.2.11-3+deb11u7. We recommend that you upgrade your spip packages. For the detailed security status of spip please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/spip Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian releases patched version of spip package addressing potential remote code execution vulnerability, reinforcing user safety on the stable platform.. Spip Security Update, Arbitrary Code Execution, Debian Security Advisory, Software Update. . LinuxSecurity.com Team

Calendar%202 Mar 02, 2023 Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200