Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorysoftware updateFedora

Fedora: FEDORA-2019-3d418f349c Moderate: Deepin-Clone Symlink Attack

Security fix for CVE-2019-13228, CVE-2019-13229, CVE-2019-13227, CVE-2019-13226.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-3d418f349c 2019-07-28 01:23:13.298454 --------------------------------------------------------------------------------Name : deepin-clone Product : Fedora 30 Version : 1.1.4 Release : 1.fc30 URL : https://github.com/martyr-deepin/deepin-clone Summary : Disk and partition backup/restore tool Description : Disk and partition backup/restore tool. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2019-13228, CVE-2019-13229, CVE-2019-13227, CVE-2019-13226. --------------------------------------------------------------------------------ChangeLog: * Tue Jul 16 2019 Robin Lee - 1.1.4-1 - Update to 1.1.4 (RHBZ#1693085, RHBZ#1730301, RHBZ#1730307, RHBZ#1730309, * Mon Jun 17 2019 Jan Grulich - 1.1.0-4 - rebuild (qt5) * Mon Jun 10 2019 Robin Lee - 1.1.0-3 - Rebuild (Qt5) --------------------------------------------------------------------------------References: [ 1 ] Bug #1730300 - CVE-2019-13226 deepin-clone: predictable path in the Helper::temporaryMountDevice() function enabling a symlink exploit https://bugzilla.redhat.com/show_bug.cgi?id=1730300 [ 2 ] Bug #1730306 - CVE-2019-13227 deepin-clone: log file at the fixed path created as root leads to a symlink attack https://bugzilla.redhat.com/show_bug.cgi?id=1730306 [ 3 ] Bug #1730308 - CVE-2019-13229 deepin-clone: fixed path in the Helper::getPartitionSizeInfo() function allows symlink attack https://bugzilla.redhat.com/show_bug.cgi?id=1730308 [ 4 ] Bug #1730312 - CVE-2019-13228 deepin-clone: fixed path in the BootDoctor::fix() function allows symlink attack https://bugzilla.redhat.com/show_bug.cgi?id=1730312 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-3d418f349c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Critical patch released for deepin-clone in Fedora to address various symlink vulnerabilities and bolster overall system protection.. deepin-clone, Fedora Update, Disk Backup Tool, Symlink Attack, Security Advisory. . LinuxSecurity.com Team

Calendar 2 Jul 27, 2019 Fedora
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycritical issueDebian

Debian 7 Wheezy DLA-894-1 Critical: Samba Symlink Race Condition Caution

Jann Horn of Google discovered a time-of-check, time-of-use race condition in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client can take advantage of this flaw by exploting a symlink race to access areas of the server file system not exported under a . Package : samba Version : 2:3.6.6-6+deb7u12 CVE ID : CVE-2017-2619 Jann Horn of Google discovered a time-of-check, time-of-use race condition in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client can take advantage of this flaw by exploting a symlink race to access areas of the server file system not exported under a share definition. For Debian 7 "Wheezy", these problems have been fixed in version 2:3.6.6-6+deb7u12. We recommend that you upgrade your samba packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Upgrade Samba on Debian 7 Wheezy to enhance security against vulnerabilities reported by Jann Horn from Google. Follow these essential steps to secure your system. Samba Security, Debian Update, Security Flaw, Time-Of-Check, Race Condition. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 11, 2017 Critical Debian LTS
Banner 2 1028x280 1708121730 1 1771599631
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentoofile overwrite

Gentoo: GLSA 200504-06 Normal: Unshar Symlink Exploit Risk

The unshar utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200504-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: sharutils: Insecure temporary file creation Date: April 06, 2005 Bugs: #87939 ID: 200504-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= The unshar utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. Background ========= sharutils is a collection of tools to deal with shar archives. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-arch/sharutils < 4.2.1-r11 > = 4.2.1-r11 Description ========== Joey Hess has discovered that the program unshar, which is a part of sharutils, creates temporary files in a world-writable directory with predictable names. Impact ===== A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When unshar is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user. Workaround ========= There is no known workaround at this time. Resolution ========= All sharutils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-arch/sharutils-4.2.1-r11" References ========= [ 1 ] Ubuntu Advisory Availability =========== ThisGLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200504-06 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.0/ . The Gentoo Linux Security Advisory GLSA 200504-06 addresses serious vulnerabilities in the unshar utility's symlink handling, risking file overwriting and system integrity.. sharutils Risks, Gentoo Exploits, File Overwrite Security. . LinuxSecurity.com Team

Calendar 2 Apr 06, 2005 Gentoo
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryred hat linuxcritical

Red Hat Linux 5.2, 6.x: RHSA-2000:110-06 Critical Symlink Exploit

Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7.. ` --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7 Advisory ID: RHSA-2000:110-06 Issue date: 2000-11-17 Updated on: 2000-11-20 Product: Red Hat Linux Keywords: joe DEADJOE symlink vulnerability Cross references: N/A --------------------------------------------------------------------- 1. Topic: Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7. 2. Relevant releases/architectures: Red Hat Linux 5.2 - i386, alpha, sparc Red Hat Linux 6.0 - i386, alpha, sparc Red Hat Linux 6.1 - i386, alpha, sparc Red Hat Linux 6.2 - i386, alpha, sparc Red Hat Linux 6.2EE - i386 Red Hat Linux 7.0 - i386 3. Problem description: When exiting joe in a nonstandard way (such as a system crash, closing an xterm, or a network connection going down), joe will unconditionally append its open buffers to the file "DEADJOE". This could be exploited by the creation of DEADJOE symlinks in directories where root would normally use joe. In this way, joe could be used to append garbage to potentially-sensitive files, resulting in a denial of service. Users of Red Hat Linux 6.x and 5.2 should also note that joe's configuration files have been moved from /usr/lib/joe to /etc/joe 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. 5. Bug IDs fixed ( for more info): N/A 6. RPMs required: Red Hat Linux 5.2: alpha: sparc: i386: sources: Red Hat Linux 6.0: sparc: i386: alpha: sources: Red Hat Linux 6.1: alpha: sparc: i386: sources: Red Hat Linux 6.2: alpha: sparc: i386: sources: Red Hat Linux 7.0: i386: sources: 7. Verification: MD5 sum PackageName -------------------------------------------------------------------------- 7b78c81b253833ae849d162457d318dd 5.2/SRPMS/joe-2.8-42.52.src.rpm 0959bddd216c47426e5c335e6dbaa922 5.2/alpha/joe-2.8-42.52.alpha.rpm d5dc1a23953544964c04ad1eaa9c1a26 5.2/i386/joe-2.8-42.52.i386.rpm d5ce7e5469be6ff16373d4610c2b8fb3 5.2/sparc/joe-2.8-42.52.sparc.rpm 6eb2d2741296250f71667d5a1c1467fc 6.0/SRPMS/joe-2.8-42.62.src.rpm c53a34db6539d412adc86493e17e9725 6.0/alpha/joe-2.8-42.62.alpha.rpm d6afd50052ee0f5354a7398849d6c5b5 6.0/i386/joe-2.8-42.62.i386.rpm 0b1e58283c4f4d4c41c55948b0117f80 6.0/sparc/joe-2.8-42.62.sparc.rpm 6eb2d2741296250f71667d5a1c1467fc 6.1/SRPMS/joe-2.8-42.62.src.rpm c53a34db6539d412adc86493e17e9725 6.1/alpha/joe-2.8-42.62.alpha.rpm d6afd50052ee0f5354a7398849d6c5b5 6.1/i386/joe-2.8-42.62.i386.rpm 0b1e58283c4f4d4c41c55948b0117f80 6.1/sparc/joe-2.8-42.62.sparc.rpm 6eb2d2741296250f71667d5a1c1467fc 6.2/SRPMS/joe-2.8-42.62.src.rpm c53a34db6539d412adc86493e17e9725 6.2/alpha/joe-2.8-42.62.alpha.rpm d6afd50052ee0f5354a7398849d6c5b5 6.2/i386/joe-2.8-42.62.i386.rpm 0b1e58283c4f4d4c41c55948b0117f80 6.2/sparc/joe-2.8-42.62.sparc.rpm 67e2ddb6f4c903672782467684fbb7d3 7.0/SRPMS/joe-2.8-43.src.rpm 1578b0e184b76b23d2a30b101f1665d4 7.0/i386/joe-2.8-43.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: N/A Copyright(c) 2000 Red Hat, Inc. `. Updated Alex software receives critical fix to rectify symlink vulnerability in Fedora Linux editions 30, 31, and 32. Timely installation advised.. joe Editor, Red Hat Linux, Symlink Exploits, Security patches. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 20, 2000 Critical Red Hat
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here