Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 149 articles for you...
89

Fedora 42: toolbox Security Updates for CVE-2025-23266 CVE-2025-23267

Security fixes Bumped the minimum github.com/go-viper/mapstructure/v2 version to 2.3.0 for GHSA-fv92-fjc5-jj9h or GO-2025-3787 Bumped the minimum github.com/NVIDIA/nvidia-container-toolkit version to 1.17.8 for CVE-2025-23266 and CVE-2025-23267. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-e41c694c83 2025-08-11 17:03:33.367585+00:00 -------------------------------------------------------------------------------- Name : toolbox Product : Fedora 42 Version : 0.2 Release : 1.fc42 URL : https://containertoolbx.org/ Summary : Tool for interactive command line environments on Linux Description : Toolbx is a tool for Linux, which allows the use of interactive command line environments for software development and troubleshooting the host operating system, without having to install software on the host. It is built on top of Podman and other standard container technologies from OCI. Toolbx environments have seamless access to the user's home directory, the Wayland and X11 sockets, networking (including Avahi), removable devices (like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev database, etc.. -------------------------------------------------------------------------------- Update Information: Security fixes Bumped the minimum github.com/go-viper/mapstructure/v2 version to 2.3.0 for GHSA-fv92-fjc5-jj9h or GO-2025-3787 Bumped the minimum github.com/NVIDIA/nvidia-container-toolkit version to 1.17.8 for CVE-2025-23266 and CVE-2025-23267 Bug fixes Improved error handling when creating symbolic links inside the container to initialize it Preserved environment variables set by a KDE session and Konsole Unbroke access to CA certificates in sshd(8) sessions (regression in 0.1.2) Unbroke overriding the HOME variable (regression in 0.0.90) Dependencies Bumped the minimum Go version to1.22 -------------------------------------------------------------------------------- ChangeLog: * Sat Aug 9 2025 Debarshi Ray - 0.2-1 - Update to 0.2 - Fix CVE-2025-23266, CVE-2025-23267, and GHSA-fv92-fjc5-jj9h or GO-2025-3787 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2375632 - toolbox: mapstructure May Leak Sensitive Information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2375632 [ 2 ] Bug #2382220 - CVE-2025-23266 toolbox: Privilege Escalation via Hook Initialization in NVIDIA Container Toolkit [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2382220 [ 3 ] Bug #2387403 - toolbox-0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2387403 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e41c694c83' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . The recent Fedora 42 toolbox update addresses security issues related to Go andvulnerabilities in the NVIDIA toolkit.. Fedora toolbox security updates, privilege escalation CVE-2025-23266, CVE-2025-23267, Linux toolbox improvements. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Aug 11, 2025 Important Fedora
100

SUSE Container Toolbox 5.5: SUSE-CU-2024:152-1 low: tar handling issue

The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:152-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.133 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.133 Severity : low Type : security References : 1217969 CVE-2023-39804 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:70-1 Released: Tue Jan 9 18:29:39 2024 Summary: Security update for tar Type: security Severity: low References: 1217969,CVE-2023-39804 This update for tar fixes the following issues: - CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969). The following package changes have been done: - tar-1.34-150000.3.34.1 updated - container:sles15-image-15.0.0-36.5.71 updated . SUSE Container Security Bulletin for suse/sle-micro/5.5/toolkit resolves several low-level vulnerabilities via a tar compression update.. SUSE Container Update, Tar Patch, Toolbox Security, Low Severity Update. . Severity: Low. LinuxSecurity.com Team

Calendar%202 Jan 11, 2024 Low SuSE
100

UBUNTU: 2024:152-2 Low: Critical Fix for Container and Archive Utility

The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:151-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.349 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.349 Severity : low Type : security References : 1217969 CVE-2023-39804 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:70-1 Released: Tue Jan 9 18:29:39 2024 Summary: Security update for tar Type: security Severity: low References: 1217969,CVE-2023-39804 This update for tar fixes the following issues: - CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969). The following package changes have been done: - tar-1.34-150000.3.34.1 updated . SUSE Container Update for suse/sle-micro/5.3/toolbox addresses security issues identified in the latest patch releases.. SUSE Security Update, Container Patch, Tar Security Fix, SUSE Toolbox Update. . Severity: Low. LinuxSecurity.com Team

Calendar%202 Jan 10, 2024 Low SuSE
100

SUSE: 2023:4320-1 important: critical security patch for toolbox

The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4310-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.339 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.339 Severity : important Type : security References : 1201384 1216987 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4963-1 Released: Fri Dec 22 14:37:08 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) The following package changes have been done: - libcurl4-7.66.0-150200.4.66.1 updated - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-17.20.229 updated . The latest Container Update Announcement from SUSE for suse/sle-micro/5.2 toolbox introduces essential security updates that address significant vulnerabilities.. SUSEContainer Update, Toolbox Security Update, Security Patches, CVE-2023-50495. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 25, 2023 Important SuSE
100

SUSE: 2023:4187-1 moderate: GPG2 and Curl Fixes in Toolbox

The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4187-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.512 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.512 Severity : moderate Type : security References : 1216862 1217212 1217573 CVE-2023-46218 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4713-1 Released: Mon Dec 11 13:23:12 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,CVE-2023-46218 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - gpg2-2.2.27-150300.3.8.1 updated - libcurl4-7.66.0-150200.4.63.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated -libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-17.20.226 updated . SUSE Container Release: suse/sle-micro/5.1/toolbox introduces crucial security patches and improvements across multiple software components.. SUSE Container Update, Curl Fixes, GPG2 Update, SLE Micro Toolbox. . LinuxSecurity.com Team

Calendar%202 Dec 18, 2023 SuSE
100

SUSE Micro 5.2 Toolbox: Updates for Curl and Other Packages

The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4126-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.333 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.333 Severity : moderate Type : security References : 1216862 1217212 1217573 CVE-2023-46218 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4713-1 Released: Mon Dec 11 13:23:12 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,CVE-2023-46218 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - gpg2-2.2.27-150300.3.8.1 updated - libcurl4-7.66.0-150200.4.63.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated -libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-17.20.225 updated . SUSE Container Update Notification: suse/sle-micro/5.2/toolbox features enhancements and remedial measures for multiple elements.. SUSE Container Security, Toolbox Update, Curl Fixes. . LinuxSecurity.com Team

Calendar%202 Dec 13, 2023 SuSE
100

SUSE: 2023:5123-1 important: system package vulnerability patch

The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4097-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.117 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.117 Severity : moderate Type : security References : 1216862 1217212 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - gpg2-2.2.27-150300.3.8.1updated - libcurl4-8.0.1-150400.5.36.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.63 updated . Important notice on critical security vulnerabilities in SUSE Container image suse/sle-micro/5.5. Review and update your deployments promptly for security. SUSE Container Update, security patches, CURL Fix, Toolbox SLE Micro. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 13, 2023 Important SuSE
100

SUSE Toolbox 5.3 Update: curl fixes and security patches

The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4041-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.270 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.270 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - groff-1.22.4-150400.5.2.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libpipeline1-1.4.1-150000.3.2.1 updated - man-2.7.6-150100.8.5.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-group-wheel-20170617-150400.24.2.1 updated - system-user-man-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-27.14.125 updated . SUSE ContainerEnhancement Alert regarding toolbox involves essential security patches and rectifications for curl security loopholes.. SUSE Container Update,Curl Fix,Toolbox Security,SUSE Advisory,Moderate Severity. . LinuxSecurity.com Team

Calendar%202 Dec 08, 2023 SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200