Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H800
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 4 articles for you...
217
Ls Advisories Oracle Esm H240
Price Tag 1security advisoryremote code executiondirectory traversal

Oracle Linux 10: ELSA-2025-23052 Tomcat9 Important RCE Issues

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-23052 http://linux.oracle.com/errata/ELSA-2025-23052.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: tomcat9-9.0.87-8.el10_1.1.noarch.rpm tomcat9-admin-webapps-9.0.87-8.el10_1.1.noarch.rpm tomcat9-docs-webapp-9.0.87-8.el10_1.1.noarch.rpm tomcat9-el-3.0-api-9.0.87-8.el10_1.1.noarch.rpm tomcat9-jsp-2.3-api-9.0.87-8.el10_1.1.noarch.rpm tomcat9-lib-9.0.87-8.el10_1.1.noarch.rpm tomcat9-servlet-4.0-api-9.0.87-8.el10_1.1.noarch.rpm tomcat9-webapps-9.0.87-8.el10_1.1.noarch.rpm aarch64: tomcat9-9.0.87-8.el10_1.1.noarch.rpm tomcat9-admin-webapps-9.0.87-8.el10_1.1.noarch.rpm tomcat9-docs-webapp-9.0.87-8.el10_1.1.noarch.rpm tomcat9-el-3.0-api-9.0.87-8.el10_1.1.noarch.rpm tomcat9-jsp-2.3-api-9.0.87-8.el10_1.1.noarch.rpm tomcat9-lib-9.0.87-8.el10_1.1.noarch.rpm tomcat9-servlet-4.0-api-9.0.87-8.el10_1.1.noarch.rpm tomcat9-webapps-9.0.87-8.el10_1.1.noarch.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/tomcat9-9.0.87-8.el10_1.1.src.rpm Related CVEs: CVE-2025-31651 CVE-2025-55752 Description of changes: [1:9.0.87-8.1] - Resolves: RHEL-124497 tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752) - Resolves: RHEL-91732 tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651) _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 10 security advisory ELSA-2025-23052 details important Tomcat9 updates for potential RCE issues.. Oracle Linux, Tomcat9, Important Advisory, RCE Issues, Security Updates. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Dec 11, 2025 Important Oracle
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydenial of servicecritical

Debian 11: Tomcat9 Critical DoS Issues Fixed DLA-4244-1

Several security vulnerabilities have been found in Tomcat 9, a Java web server and servlet engine. Most notably the update improves the handling of HTTP/2 connections and corrects various flaws which can lead to uncontrolled resource consumption and a denial of service. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4244-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany July 22, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : tomcat9 Version : 9.0.107-0+deb11u1 CVE ID : CVE-2024-34750 CVE-2024-54677 CVE-2025-31650 CVE-2025-31651 CVE-2025-46701 CVE-2025-48976 CVE-2025-48988 CVE-2025-49125 CVE-2025-52434 CVE-2025-52520 CVE-2025-53506 Several security vulnerabilities have been found in Tomcat 9, a Java web server and servlet engine. Most notably the update improves the handling of HTTP/2 connections and corrects various flaws which can lead to uncontrolled resource consumption and a denial of service. For Debian 11 bullseye, these problems have been fixed in version 9.0.107-0+deb11u1. We recommend that you upgrade your tomcat9 packages. For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/tomcat9 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The Debian LTS advisory warns of critical security vulnerabilities in Tomcat 9, emphasizing resource leaks and denial of service risks that could affect applications.. Tomcat 9 Security, Debian LTS Update, HTTP/2 Vulnerabilities, Resource Consumption Issue, Denial of Service Attack. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 22, 2025 Critical Debian LTS
Banner 3 1028x280 1708121785 1771599793
217
Ls Advisories Oracle Esm H240
Price Tag 1security advisoryDoSimportant

Oracle Linux 10: ELSA-2025-11332 Tomcat9 Important DoS and RCE

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-11332 http://linux.oracle.com/errata/ELSA-2025-11332.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: tomcat9-9.0.87-5.el10_0.1.noarch.rpm tomcat9-admin-webapps-9.0.87-5.el10_0.1.noarch.rpm tomcat9-docs-webapp-9.0.87-5.el10_0.1.noarch.rpm tomcat9-el-3.0-api-9.0.87-5.el10_0.1.noarch.rpm tomcat9-jsp-2.3-api-9.0.87-5.el10_0.1.noarch.rpm tomcat9-lib-9.0.87-5.el10_0.1.noarch.rpm tomcat9-servlet-4.0-api-9.0.87-5.el10_0.1.noarch.rpm tomcat9-webapps-9.0.87-5.el10_0.1.noarch.rpm aarch64: tomcat9-9.0.87-5.el10_0.1.noarch.rpm tomcat9-admin-webapps-9.0.87-5.el10_0.1.noarch.rpm tomcat9-docs-webapp-9.0.87-5.el10_0.1.noarch.rpm tomcat9-el-3.0-api-9.0.87-5.el10_0.1.noarch.rpm tomcat9-jsp-2.3-api-9.0.87-5.el10_0.1.noarch.rpm tomcat9-lib-9.0.87-5.el10_0.1.noarch.rpm tomcat9-servlet-4.0-api-9.0.87-5.el10_0.1.noarch.rpm tomcat9-webapps-9.0.87-5.el10_0.1.noarch.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/tomcat9-9.0.87-5.el10_0.1.src.rpm Related CVEs: CVE-2024-56337 CVE-2025-31650 Description of changes: [1:9.0.87-5.1] - Resolves: RHEL-91765 tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650) - Resolves: RHEL-71981 tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337) _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Updates for Apache Tomcat 9 on Oracle Linux tackle significant security threats, such as RCE and DoS vulnerabilities. Take immediate action.. Oracle Linux, tomcat9, Important Advisory, Security Updates. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 17, 2025 Important Oracle
217
Ls Advisories Oracle Esm H240
Price Tag 1security advisorymoderateremote code execution

Oracle Linux 10 ELSA-2025-8495 critical: apache2 remote exploit threat

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-7494 http://linux.oracle.com/errata/ELSA-2025-7494.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: tomcat9-9.0.87-5.el10_0.noarch.rpm tomcat9-admin-webapps-9.0.87-5.el10_0.noarch.rpm tomcat9-docs-webapp-9.0.87-5.el10_0.noarch.rpm tomcat9-el-3.0-api-9.0.87-5.el10_0.noarch.rpm tomcat9-jsp-2.3-api-9.0.87-5.el10_0.noarch.rpm tomcat9-lib-9.0.87-5.el10_0.noarch.rpm tomcat9-servlet-4.0-api-9.0.87-5.el10_0.noarch.rpm tomcat9-webapps-9.0.87-5.el10_0.noarch.rpm aarch64: tomcat9-9.0.87-5.el10_0.noarch.rpm tomcat9-admin-webapps-9.0.87-5.el10_0.noarch.rpm tomcat9-docs-webapp-9.0.87-5.el10_0.noarch.rpm tomcat9-el-3.0-api-9.0.87-5.el10_0.noarch.rpm tomcat9-jsp-2.3-api-9.0.87-5.el10_0.noarch.rpm tomcat9-lib-9.0.87-5.el10_0.noarch.rpm tomcat9-servlet-4.0-api-9.0.87-5.el10_0.noarch.rpm tomcat9-webapps-9.0.87-5.el10_0.noarch.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/tomcat9-9.0.87-5.el10_0.src.rpm Related CVEs: CVE-2025-24813 Description of changes: [1:9.0.87-5] - Resolves: RHEL-82927 tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813) _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 10 security patch ELSA-2025-7494 offers an essential update for tomcat9, addressing vulnerabilities that could potentially lead to remote code execution.. Oracle Linux,tomcat9,remote code execution,security advisory. . LinuxSecurity.com Team

Calendar 2 Jul 01, 2025 Oracle
Banner 3 1028x280 1708121785 1771599793
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisoryDoSUbuntu

Ubuntu 22.04 LTS: USN-7410-1 critical: Tomcat resource consumption DoS

Tomcat could be made to consume resources if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-7410-1 April 07, 2025 tomcat9 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Tomcat could be made to consume resources if it received specially crafted network traffic. Software Description: - tomcat9: Servlet and JSP engine Details: It was discovered that Tomcat incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause tomcat9 to consume resources, leading to a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS tomcat9-common 9.0.58-1ubuntu0.2 Ubuntu 20.04 LTS tomcat9-common 9.0.31-1ubuntu0.9 Ubuntu 18.04 LTS tomcat9-common 9.0.16-3ubuntu0.18.04.2+esm5 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7410-1 CVE-2023-44487 Package Information: https://launchpad.net/ubuntu/+source/tomcat9/9.0.58-1ubuntu0.2 https://launchpad.net/ubuntu/+source/tomcat9/9.0.31-1ubuntu0.9 . Debian Security Notice DSN-2547-2 outlines a Nginx performance degradation problem resulting from manipulated incoming data.. Tomcat, Ubuntu Security, Resource Management, Denial of Service, Network Handling. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 07, 2025 Critical Ubuntu
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydebianregression

Debian: DLA-3617-2 Critical: Tomcat9 HTTP2 Connection Issue Fix

A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong value for the overheadcount variable forced HTTP2 connections to close early. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3617-2 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany October 17, 2023 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : tomcat9 Version : 9.0.31-1~deb10u10 CVE ID : CVE-2023-44487 A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong value for the overheadcount variable forced HTTP2 connections to close early. For Debian 10 buster, this problem has been fixed in version 9.0.31-1~deb10u10. We recommend that you upgrade your tomcat9 packages. For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/tomcat9 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-3620-1 resolves a complication in postgresql impacting database interactions as a consequence of a patch oversight.. Tomcat Update, Debian Security, Regression Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 16, 2023 Critical Debian LTS
Banner 3 1028x280 1708121785 1771599793
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticaldebian

Debian 10: DSA-5522-3 Critical: Tomcat9 HTTP2 Regression Attack Fix

A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong value for the overheadcount variable forced HTTP2 connections to close early. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5522-3 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Markus Koschany October 16, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat9 CVE ID : CVE-2023-44487 A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong value for the overheadcount variable forced HTTP2 connections to close early. For the oldstable distribution (bullseye), this problem has been fixed in version 9.0.43-2~deb11u9. We recommend that you upgrade your tomcat9 packages. For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/tomcat9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The latest patch for Tomcat 9 resolves a premature closure issue affecting HTTP2 connections. It is advisable to perform an upgrade!. Tomcat9 Update, Debian Security, HTTP2 Issue, Regression Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 16, 2023 Critical Debian
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticaldebian

Debian 10: DSA-5522-2 Critical: Tomcat9 Rapid Reset Attack Regression Fix

The patch to address CVE-2023-44487 (Rapid Reset Attack) was incomplete and caused a regression when using asynchronous I/O (the default for NIO and NIO2). DATA frames must be included when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5522-2 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Markus Koschany October 12, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat9 CVE ID : CVE-2023-44487 Debian Bug : 1053820 The patch to address CVE-2023-44487 (Rapid Reset Attack) was incomplete and caused a regression when using asynchronous I/O (the default for NIO and NIO2). DATA frames must be included when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated. For the oldstable distribution (bullseye), this problem has been fixed in version 9.0.43-2~deb11u8. We recommend that you upgrade your tomcat9 packages. For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/tomcat9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Advisory DSA-5523-1 pertains to vulnerabilities discovered in nginx that allow for potential remote code execution and highlights the critical updates required.. Debian Security Advisory, Tomcat9 Update, Rapid Reset Attack, Asynchronous IO, Regression Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 12, 2023 Critical Debian
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here