Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisoryfedoraimportantFedora 43 Composer Important Fix GitHub Token Validation 2026-3e8172bbdb
Version 2.9.8 - 2026-05-13 Security: Fixed GitHub token validation and disclosure (GHSA-f9f8-rm49-7jv2). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3e8172bbdb 2026-05-23 15:47:52.432854+00:00 -------------------------------------------------------------------------------- Name : composer Product : Fedora 43 Version : 2.9.8 Release : 1.fc43 URL : https://getcomposer.org/ Summary : Dependency Manager for PHP Description : Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/ -------------------------------------------------------------------------------- Update Information: Version 2.9.8 - 2026-05-13 Security: Fixed GitHub token validation and disclosure (GHSA-f9f8-rm49-7jv2) -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2026 Remi Collet - 2.9.8-1 - update to 2.9.8 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3e8172bbdb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 23, 2026
•Important
Fedora
89
security advisoryfedoradisclosureFedora 44 Composer 2.9.8 Security GitHub Token Fix Advisory 2026-bd05cb6c4d
Version 2.9.8 - 2026-05-13 Security: Fixed GitHub token validation and disclosure (GHSA-f9f8-rm49-7jv2). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-bd05cb6c4d 2026-05-23 00:56:16.173256+00:00 -------------------------------------------------------------------------------- Name : composer Product : Fedora 44 Version : 2.9.8 Release : 1.fc44 URL : https://getcomposer.org/ Summary : Dependency Manager for PHP Description : Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/ -------------------------------------------------------------------------------- Update Information: Version 2.9.8 - 2026-05-13 Security: Fixed GitHub token validation and disclosure (GHSA-f9f8-rm49-7jv2) -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2026 Remi Collet - 2.9.8-1 - update to 2.9.8 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-bd05cb6c4d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 23, 2026
•Important
Fedora
197
security advisorycriticaldebianDebian 11 PyJWT Critical Header Parameter Issue DLA-4564-1 CVE-2026-32597
It was discovered that PyJWT, a Python implementation of JSON Web Token did not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4564-1
May 05, 2026
•Critical
Debian LTS
100
security advisoryupdatecriticalSUSE: 2021:3170-1 Critical: SUSE Manager Server 4.2 Issues Resolved
An update that solves three vulnerabilities and has 25 fixes is now available. . SUSE Security Update: Security update for SUSE Manager Server 4.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3170-1 Rating: critical References: #1171483 #1173143 #1181223 #1186281 #1186339 #1187335 #1187549 #1188032 #1188042 #1188136 #1188163 #1188193 #1188260 #1188393 #1188400 #1188503 #1188505 #1188551 #1188641 #1188647 #1188656 #1188853 #1188855 #1189011 #1189040 #1189167 #1189419 #1189458 Cross-References: CVE-2021-40323 CVE-2021-40324 CVE-2021-40325 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has 25 fixes is now available. Description: This update fixes the following issues: branch-network-formula: - Use kernel parameters from PXE formula also for local boot cobbler - security issues fixed: - CVE-2021-40323: Fixed an arbitrary file disclosure/Template Injection (bsc#1189458) - CVE-2021-40324: Fixed an arbitrary file write (bsc#1189458) - CVE-2021-40325: Fixed a problem with the token validation (bsc#1189458) - Please note that with these changes, a valid log data from Anamon (Red Hat Autoinstallation Process) uploaded to cobbler may be rejected: cpu-mitigations-formula: - Add SLES 15 SP3 and openSUSE Leap 15.3 to supported versions openvpn-formula: - Changed package to noarch. prometheus-exporters-formula: - Fix formula data migration with missing exporter configuration (bsc#1188136) py26-compat-salt: - Fix error handling in openscap module (bsc#1188647) - Define license macro as doc in spec file if not existing py27-compat-salt: - Addmissing aarch64 to rpm package architectures - Consolidate some state requisites (bsc#1188641) - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Define license macro as doc in spec file if not existing saltboot-formula: - Use kernel parameters from PXE formula also for local boot spacecmd: - Update translation strings - Make schedule_deletearchived to get all actions without display limit - Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) - Use correct API endpoint in list_proxies (bsc#1188042) - Add schedule_deletearchived to bulk delete archived actions (bsc#1181223) spacewalk-backend: - Update translation strings - Fix typo "verfication" instead of "verification" spacewalk-certs-tools: - Prepare the bootstrap script generator for Rocky Linux 8 spacewalk-client-tools: - Update translation strings spacewalk-java: - Show AppStreams tab just for modular channels - Fix Json null comparison in virtual network info parsing (bsc#1189167) - Update translation strings - 'AppStreams with defaults' filter template in CLM - Add a link to OS image store dir in image list page - Do not log XMLRPC fault exceptions as errors (bsc#1188853) - XMLRPC: Add call for listing application monitoring endpoints - AppStreams tab for modular channels - Link to CLM filter creation from system details page - Allow getting all archived actions via XMLRPC without display limit (bsc#1181223) - Fix NPE when no redhat info could be fetched - Java enablement for Rocky Linux 8 - Delete ActionChains when the last action is a Reboot and it completes (bsc#1188163) - Properly handle virtual networks without defined bridge (bsc#1189167) - Mark SSH minion actions when they're picked up (bsc#1188505) - Add UEFI support for VM creation / editing - Add virt-tuner templates to VMcreation - Fix cleanup always being executed on delete system (bsc#1189011) - Warning in Overview page for SLE Micro system (bsc#1188551) - Add support for Kiwi options - Ensure XMLRPC returns 'issue_date' in ISO format when listing erratas (bsc#1188260) - Fix NullPointerException in HardwareMapper.getUpdatedGuestMemory - Fix entitlements not being updated during system transfer (bsc#1188032) - Simplify the VM creation action in DB - Get CPU data for AArch64 - Handle virtual machines running on pacemaker cluster - Refresh virtual host pillar to clear the virtpoller beacon (bsc#1188393) - Add Beijing timezone to selectable timezones (bsc#1188193) - Fix updating primary net interface on hardware refresh (bsc#1188400) - Fix issues when removing archived actions using XMLRPC api (bsc#1181223) - Readable error when "mgr-sync add channel" is called with a no-existing label (bsc#1173143) spacewalk-setup: - Enable logging for salt SSH - Increase max size for uploaded files to Salt master spacewalk-utils: - Add Rocky Linux 8 repositories spacewalk-web: - Don't capitalize acronyms - Update translation strings - 'AppStreams with defaults' filter template in CLM - Add a link to OS image store dir in image list page - Link to CLM filter creation from system details page - Expose UEFI parameters in the VM creation/editing pages - Add virt-tuner templates to VM creation - Fix cleanup always being executed on delete system (bsc#1189011) - Add support for Kiwi options - Fix virtualization guests to handle null HostInfo - Compare lowercase CPU arch with libvirt domain capabilities - Refresh JWT virtual console token before it expires - Handle virtual machines running on pacemaker cluster susemanager: - Abort migration if data_directory is defined at the PostgreSQL configuration file - Update translation strings - Add bootstrap repository definitions for Rocky Linux 8 susemanager-build-keys: - Add Debian 11 - Add Rocky Linux 8 susemanager-doc-indexes: - Added SUSE Linux Enterprise 15 Service Pack 3 to clients list - Add information about pam service name limitations - Add SUSE Linux Enterprise Micro to supported features table - Add SUSE Linux Enterprise Micro client to support matrix page - Replaced remaining occurrences of "Service Pack Migration" to "Product Migration" - Reworded the Advanced virtual guest management description for clarity in Client Configuration Guide - Added missing Rocky instructions to the Client Configuration Guide - Updated setup section in the Installation Guide about troubleshooting freely available products - Added channel synchronization warning in the product migration chapter of the Client Configuration Guide - Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server Expanded Support 6, Oracle Linux 6, CentOS 6, and Ubuntu 16.04 LTS as supported client systems in the Client Configuration Guide (bsc#1188656) - In the Prometheus chapter of the Administration Guide advise to store data locally (bsc#1188855) - Additional information added for Inter Server Sync v2 on limitations and configuration - Documented required SUSE Linux Enterprise Server version for the Ansible control node in the Ansible Integration chapter of the Administration Guide (bsc#1189419) - Added information about installing Python 3.6 on CentOS, Oracle Linux, Almalinux, SUSE Linux Enterprise Server with Expanded Support, and Red Hat in the Client Configuration Guide (bsc#1187335) - Corrected the package name for PAM authentication (bsc#1171483) - Client Configuration Guide: reorganized navigation bar to list SUSE Linux Enterprise Server, openSUSE and other clients in alphabetical order for better user experience - In the Ansible chapter of the Administration Guide mention that Ansible is available on Proxy and Retail Branch Server - Added a warning on Ansiblehardware requirements to the Retail Guide - Improved warning on over-writing images in public cloud in the Client Configuration Guide - Reference Guide: removed underscores in page titles and nav bar links. - Provide more information about Salt SSH user configuration in the Salt Guide (bsc#1187549) - Documented KIWI options and profile selection in Administration Guide - Added note about autoinstallation kernel options and Azure clients - Added general information about SUSE Manager registration code that you can obtain from a "SUSE Manager Lifecycle Management+" subscription - Document new Salt SSH logs at the Client Configuration Guide, Troubleshooting section - In the monitoring chapter of the Administration Guide mention that Prometheus is available on Proxy and Retail Branch Server - Added warning on Prometheus hardware requirements in the Retail Guide (bsc#1186339) - Documented spacecmd installation on Ubuntu 18.04 and 20.04 in Client Configuration Guide - Amended Client Configuration Guide to exclude paragraphs that are Uyuni specific for CentOS, AlmaLinux and Oracle clients susemanager-docs_en: - Added SUSE Linux Enterprise 15 Service Pack 3 to clients list - Add information about pam service name limitations - Add SUSE Linux Enterprise Micro to supported features table - Add SUSE Linux Enterprise Micro client to support matrix page - Replaced remaining occurrences of "Service Pack Migration" to "Product Migration" - Reworded the Advanced virtual guest management description for clarity in Client Configuration Guide - Added missing Rocky instructions to the Client Configuration Guide - Updated setup section in the Installation Guide about troubleshooting freely available products - Added channel synchronization warning in the product migration chapter of the Client Configuration Guide - Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server Expanded Support 6,Oracle Linux 6, CentOS 6, and Ubuntu 16.04 LTS as supported client systems in the Client Configuration Guide (bsc#1188656) - In the Prometheus chapter of the Administration Guide advise to store data locally (bsc#1188855) - Additional information added for Inter Server Sync v2 on limitations and configuration - Documented required SUSE Linux Enterprise Server version for the Ansible control node in the Ansible Integration chapter of the Administration Guide (bsc#1189419) - Added information about installing Python 3.6 on CentOS, Oracle Linux, Almalinux, SUSE Linux Enterprise Server with Expanded Support, and Red Hat in the Client Configuration Guide (bsc#1187335) - Corrected the package name for PAM authentication (bsc#1171483) - Client Configuration Guide: reorganized navigation bar to list SUSE Linux Enterprise Server, openSUSE and other clients in alphabetical order for better user experience - In the Ansible chapter of the Administration Guide mention that Ansible is available on Proxy and Retail Branch Server - Added a warning on Ansible hardware requirements to the Retail Guide - Improved warning on over-writing images in public cloud in the Client Configuration Guide - Reference Guide: removed underscores in page titles and nav bar links. - Provide more information about Salt SSH user configuration in the Salt Guide (bsc#1187549) - Documented KIWI options and profile selection in Administration Guide - Added note about autoinstallation kernel options and Azure clients - Added general information about SUSE Manager registration code that you can obtain from a "SUSE Manager Lifecycle Management+" subscription - Document new Salt SSH logs at the Client Configuration Guide, Troubleshooting section - In the monitoring chapter of the Administration Guide mention that Prometheus is available on Proxy and Retail Branch Server - Added warning on Prometheus hardware requirements in theRetail Guide (bsc#1186339) - Documented spacecmd installation on Ubuntu 18.04 and 20.04 in Client Configuration Guide - Amended Client Configuration Guide to exclude paragraphs that are Uyuni specific for CentOS, AlmaLinux and Oracle clients susemanager-schema: - Add Rocky Linux 8 key and vendor - Fix wrongly assigned entitlements due to system transfer (bsc#1188032) - Force a one-off VACUUM ANALYZE - Add Kiwi commandline options to Kiwi profile - Upgrade scripts idempotency fixes - Simplify the VM creation action in DB - Handle virtual machines running on pacemaker cluster - Refresh virtual host pillar to clear the virtpoller beacon (bsc#1188393) - Add Beijing timezone to selectable timezones (bsc#1188193) susemanager-sls: - Add Rocky Linux 8 support - Enable logrotate configuration for Salt SSH minion logs - Add UEFI support for VM creation - Add virt-tuner templates to VM creation - Handle more ocsf2 setups in virt_utils module - Add missing symlinks to generate the "certs" state for SLE Micro 5.0 and openSUSE MicroOS minions (bsc#1188503) - Add findutils to Kiwi bootstrap packages - Remove systemid file on salt client cleanup - Add support for Kiwi options - Skip 'update-ca-certificates' run if the certs are updated automatically - Use lscpu to provide more CPU grains for all architectures - Fix deleting stopped virtual network (bsc#1186281) - Handle virtual machines running on pacemaker cluster susemanager-sync-data: - Support Rocky Linux 8 x86_64 - Add channel family for MicroOS Z - Set OES 2018 SP3 to released How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods likeYaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2021-3170=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64): inter-server-sync-0.0.5-8.3.2 inter-server-sync-debuginfo-0.0.5-8.3.2 susemanager-4.2.22-3.6.1 susemanager-tools-4.2.22-3.6.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): branch-network-formula-0.1.1628156312.dbd0dec-3.3.1 cobbler-3.1.2-5.8.1 cpu-mitigations-formula-0.4.0-3.3.1 openvpn-formula-0.1.2-3.3.1 prometheus-exporters-formula-1.0.3-3.6.1 py26-compat-salt-2016.11.10-11.28.6.1 py27-compat-salt-3000.3-7.7.8.1 python3-spacewalk-certs-tools-4.2.12-3.6.2 python3-spacewalk-client-tools-4.2.13-4.6.3 saltboot-formula-0.1.1628156312.dbd0dec-3.3.1 spacecmd-4.2.12-4.6.2 spacewalk-backend-4.2.16-4.6.3 spacewalk-backend-app-4.2.16-4.6.3 spacewalk-backend-applet-4.2.16-4.6.3 spacewalk-backend-config-files-4.2.16-4.6.3 spacewalk-backend-config-files-common-4.2.16-4.6.3 spacewalk-backend-config-files-tool-4.2.16-4.6.3 spacewalk-backend-iss-4.2.16-4.6.3 spacewalk-backend-iss-export-4.2.16-4.6.3 spacewalk-backend-package-push-server-4.2.16-4.6.3 spacewalk-backend-server-4.2.16-4.6.3 spacewalk-backend-sql-4.2.16-4.6.3 spacewalk-backend-sql-postgresql-4.2.16-4.6.3 spacewalk-backend-tools-4.2.16-4.6.3 spacewalk-backend-xml-export-libs-4.2.16-4.6.3 spacewalk-backend-xmlrpc-4.2.16-4.6.3 spacewalk-base-4.2.21-3.6.3 spacewalk-base-minimal-4.2.21-3.6.3 spacewalk-base-minimal-config-4.2.21-3.6.3 spacewalk-certs-tools-4.2.12-3.6.2 spacewalk-client-tools-4.2.13-4.6.3 spacewalk-html-4.2.21-3.6.3 spacewalk-java-4.2.28-3.11.5 spacewalk-java-config-4.2.28-3.11.5 spacewalk-java-lib-4.2.28-3.11.5 spacewalk-java-postgresql-4.2.28-3.11.5 spacewalk-setup-4.2.8-3.6.1 spacewalk-taskomatic-4.2.28-3.11.5 spacewalk-utils-4.2.13-3.6.1 spacewalk-utils-extras-4.2.13-3.6.1 susemanager-build-keys-15.3.5-3.3.1 susemanager-build-keys-web-15.3.5-3.3.1 susemanager-doc-indexes-4.2-12.8.1 susemanager-docs_en-4.2-12.8.1 susemanager-docs_en-pdf-4.2-12.8.1 susemanager-schema-4.2.17-3.6.2 susemanager-sls-4.2.16-3.6.1 susemanager-sync-data-4.2.8-3.6.1 susemanager-web-libs-4.2.21-3.6.3 uyuni-config-modules-4.2.16-3.6.1 References: https://www.suse.com/security/cve/CVE-2021-40323.html https://www.suse.com/security/cve/CVE-2021-40324.html https://www.suse.com/security/cve/CVE-2021-40325.html https://bugzilla.suse.com/1171483 https://bugzilla.suse.com/1173143 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1186281 https://bugzilla.suse.com/1186339 https://bugzilla.suse.com/1187335 https://bugzilla.suse.com/1187549 https://bugzilla.suse.com/1188032 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1188136 https://bugzilla.suse.com/1188163 https://bugzilla.suse.com/1188193 https://bugzilla.suse.com/1188260 https://bugzilla.suse.com/1188393 https://bugzilla.suse.com/1188400 https://bugzilla.suse.com/1188503 https://bugzilla.suse.com/1188505 https://bugzilla.suse.com/1188551 https://bugzilla.suse.com/1188641 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1188656 https://bugzilla.suse.com/1188853 https://bugzilla.suse.com/1188855 https://bugzilla.suse.com/1189011 https://bugzilla.suse.com/1189040 https://bugzilla.suse.com/1189167 https://bugzilla.suse.com/1189419 https://bugzilla.suse.com/1189458 . Critical update resolves security flaws in SUSE Manager Server 4.2, enhancing overall system protection and functionality.. SUSE Manager ServerSecurity Update,Critical Security Flaws,Software Fixes. . Severity: Critical. LinuxSecurity.com Team
Sep 20, 2021
•Critical
SuSE
87
security advisoryupdatecriticalDebian: DSA-4823-1 InfluxDB Authentication Bypass Update
It was discovered that incorrect validation of JWT tokens in InfluxDB, a time series, metrics, and analytics database, could result in authentication bypass. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4823-1
Jan 01, 2021
•Important
Debian
172
security advisorydenial of serviceUbuntuUbuntu 12.10: 1771-1 Critical: Nova Token Issues and Mitigation
Two security issues were fixed in Nova.. =========================================================================Ubuntu Security Notice USN-1771-1 March 20, 2013 nova vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 Summary: Two security issues were fixed in Nova. Software Description: - nova: OpenStack Compute cloud infrastructure Details: Loganathan Parthipan discovered that Nova did not properly validate VNC tokens after an instance was deleted. An authenticated attacker could exploit this to access other virtual machines under certain circumstances. This issue did not affect Ubuntu 11.10. (CVE-2013-0335) Vish Ishaya discovered that Nova did not always enforce quotas on fixed IPs. An authenticated attacker could exploit this to cause a denial of service via resource consumption. Nova will now enforce a quota limit of 10 fixed IPs per instance, which is configurable via 'quota_fixed_ips' in /etc/nova/nova.conf. (CVE-2013-1838) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: python-nova 2012.2.1+stable-20121212-a99a802e-0ubuntu1.4 Ubuntu 12.04 LTS: python-nova 2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.4 Ubuntu 11.10: python-nova 2011.3-0ubuntu6.13 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1771-1 CVE-2013-0335, CVE-2013-1838 Package Information: https://launchpad.net/ubuntu/+source/nova/2012.2.1+stable-20121212-a99a802e-0ubuntu1.4 https://launchpad.net/ubuntu/+source/nova/2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.4 https://launchpad.net/ubuntu/+source/nova/2011.3-0ubuntu6.13 . Critical security patches have been applied to address OpenStack Nova vulnerabilities in Ubuntuversions 16.04 and 20.04 LTS, ensuring better system protection.. OpenStack Nova, Ubuntu Security Update, Resource Management. . Severity: Critical. LinuxSecurity.com Team
Mar 20, 2013
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!