Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Security Notice 2026-2328-1 Significant Updates on Four Xen Risks

Calendar White Jun 10, 2026
Important
Suse Large Esm H900
SuSE

openSUSE 2026-2328-1 Xen Important Buffer Overflow Patch

Calendar White Jun 10, 2026
Important
Opensuse Large Esm H900
openSUSE

openSUSE Leap 15.6 Important Xen Denial of Service Fix SUSE-SU-2026-2329-1

Calendar White Jun 10, 2026
Important
Suse Large Esm H800
SuSE

openSUSE Important xen Patch for Multiple Threats SUSE-2026-2329-1

Calendar White Jun 10, 2026
Important
Suse Large Esm H900
SuSE

SUSE MariaDB Critical Security Fix 12 Vulnerabilities 2026-2330-1

Calendar White Jun 10, 2026
Critical
Ubuntu Large Esm H900
Ubuntu

Ubuntu 22.04 LTS Exim4 Moderate Regression CVE-2023-42117

Calendar White Jun 10, 2026
Important
Suse Large Esm H800
SuSE

SUSE StrongSwan Important Double-Free CVE-2026-47895 Advisory 2026-2312-1

Calendar White Jun 10, 2026
Important
Suse Large Esm H900
SuSE

SUSE vim Important Command Injection Buffer Overflow Update 2026-2313-1

Calendar White Jun 10, 2026
Important
Suse Large Esm H900
SuSE

openSUSE Important libsoup HTTP Request Smuggling Vulnerability 2026-2314-1

Calendar White Jun 10, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":552,"type":"x","order":1,"pct":78.63,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.27,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.84,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.25,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -6 articles for you...
217
Ls Advisories Oracle Esm H240
Price Tag 1security advisorysecurity issuemoderate severity

Oracle Linux 8 ELSA-2025-4791 moderate: Python security fixes

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-4791 http://linux.oracle.com/errata/ELSA-2025-4791.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: python39-3.9.20-1.module+el8.10.0+90419+54594e05.x86_64.rpm python39-cffi-1.14.3-2.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-chardet-3.0.4-19.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-cryptography-3.3.1-3.0.1.module+el8.10.0+90269+2fa22b99.x86_64.rpm python39-devel-3.9.20-1.module+el8.10.0+90419+54594e05.x86_64.rpm python39-idle-3.9.20-1.module+el8.10.0+90419+54594e05.x86_64.rpm python39-idna-2.10-4.module+el8.10.0+90341+71ca88f4.noarch.rpm python39-libs-3.9.20-1.module+el8.10.0+90419+54594e05.x86_64.rpm python39-lxml-4.6.5-1.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-mod_wsgi-4.7.1-7.module+el8.10.0+90570+e9e3ed00.1.x86_64.rpm python39-numpy-1.19.4-3.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-numpy-doc-1.19.4-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-numpy-f2py-1.19.4-3.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-pip-20.2.4-9.module+el8.10.0+90269+2fa22b99.noarch.rpm python39-pip-wheel-20.2.4-9.module+el8.10.0+90269+2fa22b99.noarch.rpm python39-ply-3.11-10.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-psutil-5.8.0-4.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-psycopg2-2.8.6-3.module+el8.10.0+90269+2fa22b99.x86_64.rpm python39-psycopg2-doc-2.8.6-3.module+el8.10.0+90269+2fa22b99.x86_64.rpm python39-psycopg2-tests-2.8.6-3.module+el8.10.0+90269+2fa22b99.x86_64.rpm python39-pycparser-2.20-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-PyMySQL-0.10.1-2.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-pysocks-1.7.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-pyyaml-5.4.1-1.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-requests-2.25.0-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-rpm-macros-3.9.20-1.module+el8.10.0+90419+54594e05.noarch.rpm python39-scipy-1.5.4-5.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-setuptools-50.3.2-6.module+el8.10.0+90395+b6c4aad1.noarch.rpm python39-setuptools-wheel-50.3.2-6.module+el8.10.0+90395+b6c4aad1.noarch.rpm python39-six-1.15.0-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-test-3.9.20-1.module+el8.10.0+90419+54594e05.x86_64.rpm python39-tkinter-3.9.20-1.module+el8.10.0+90419+54594e05.x86_64.rpm python39-toml-0.10.1-5.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-urllib3-1.25.10-5.module+el8.10.0+90269+2fa22b99.noarch.rpm python39-wheel-0.35.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-wheel-wheel-0.35.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm aarch64: python39-3.9.20-1.module+el8.10.0+90419+54594e05.aarch64.rpm python39-cffi-1.14.3-2.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-chardet-3.0.4-19.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-cryptography-3.3.1-3.0.1.module+el8.10.0+90269+2fa22b99.aarch64.rpm python39-devel-3.9.20-1.module+el8.10.0+90419+54594e05.aarch64.rpm python39-idle-3.9.20-1.module+el8.10.0+90419+54594e05.aarch64.rpm python39-idna-2.10-4.module+el8.10.0+90341+71ca88f4.noarch.rpm python39-libs-3.9.20-1.module+el8.10.0+90419+54594e05.aarch64.rpm python39-lxml-4.6.5-1.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-mod_wsgi-4.7.1-7.module+el8.10.0+90570+e9e3ed00.1.aarch64.rpm python39-numpy-1.19.4-3.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-numpy-doc-1.19.4-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-numpy-f2py-1.19.4-3.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-pip-20.2.4-9.module+el8.10.0+90269+2fa22b99.noarch.rpm python39-pip-wheel-20.2.4-9.module+el8.10.0+90269+2fa22b99.noarch.rpm python39-ply-3.11-10.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-psutil-5.8.0-4.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-psycopg2-2.8.6-3.module+el8.10.0+90269+2fa22b99.aarch64.rpm python39-psycopg2-doc-2.8.6-3.module+el8.10.0+90269+2fa22b99.aarch64.rpm python39-psycopg2-tests-2.8.6-3.module+el8.10.0+90269+2fa22b99.aarch64.rpm python39-pycparser-2.20-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-PyMySQL-0.10.1-2.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-pysocks-1.7.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-pyyaml-5.4.1-1.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-requests-2.25.0-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-rpm-macros-3.9.20-1.module+el8.10.0+90419+54594e05.noarch.rpm python39-scipy-1.5.4-5.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-setuptools-50.3.2-6.module+el8.10.0+90395+b6c4aad1.noarch.rpm python39-setuptools-wheel-50.3.2-6.module+el8.10.0+90395+b6c4aad1.noarch.rpm python39-six-1.15.0-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-test-3.9.20-1.module+el8.10.0+90419+54594e05.aarch64.rpm python39-tkinter-3.9.20-1.module+el8.10.0+90419+54594e05.aarch64.rpm python39-toml-0.10.1-5.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-urllib3-1.25.10-5.module+el8.10.0+90269+2fa22b99.noarch.rpm python39-wheel-0.35.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-wheel-wheel-0.35.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//mod_wsgi-4.7.1-7.module+el8.10.0+90570+e9e3ed00.1.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//numpy-1.19.4-3.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python39-3.9.20-1.module+el8.10.0+90419+54594e05.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python3x-pip-20.2.4-9.module+el8.10.0+90269+2fa22b99.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python3x-setuptools-50.3.2-6.module+el8.10.0+90395+b6c4aad1.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python3x-six-1.15.0-3.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-cffi-1.14.3-2.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-chardet-3.0.4-19.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-cryptography-3.3.1-3.0.1.module+el8.10.0+90269+2fa22b99.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-idna-2.10-4.module+el8.10.0+90341+71ca88f4.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-lxml-4.6.5-1.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-ply-3.11-10.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-psutil-5.8.0-4.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-psycopg2-2.8.6-3.module+el8.10.0+90269+2fa22b99.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-pycparser-2.20-3.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-PyMySQL-0.10.1-2.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-pysocks-1.7.1-4.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-requests-2.25.0-3.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-toml-0.10.1-5.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-urllib3-1.25.10-5.module+el8.10.0+90269+2fa22b99.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-wheel-0.35.1-4.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//PyYAML-5.4.1-1.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//scipy-1.5.4-5.module+el8.9.0+90016+9c2d6573.src.rpm Related CVEs: CVE-2022-2255 Description of changes: mod_wsgi [4.7.1-7.1] - Resolves: RHEL-87514 - CVE-2022-2255 python39:3.9/mod_wsgi: Trusted Proxy Headers Removing Bypass numpy python39 python3x-pip python3x-setuptools python3x-six python-cffi python-chardet python-cryptography python-idna python-lxml python-ply python-psutil python-psycopg2 python-pycparser python-PyMySQL python-pysocks python-requests python-toml python-urllib3 python-wheel PyYAML scipy _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 8 security bulletin ELSA-2025-4792 outlines important updates for PHP components correcting vulnerabilities.. Oracle Linux, python update, security advisory, moderate severity, trusted proxy. . LinuxSecurity.com Team

Calendar 2 May 13, 2025 Oracle
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderateupdate

SUSE: 2023:2345-2 Important: Security Update for Nginx Modules

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for apache2-mod_wsgi ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4488-1 Rating: moderate References: #1201634 Cross-References: CVE-2022-2255 CVSS scores: CVE-2022-2255 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-2255 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAPApplications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2-mod_wsgi fixes the following issues: - CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. (bsc#1201634) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4488=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4488=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4488=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4488=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-4488=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-4488=1 - SUSELinux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-4488=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-4488=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4488=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-4488=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.5.18-150000.4.6.1 apache2-mod_wsgi-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-debugsource-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2(aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.5.18-150000.4.6.1 apache2-mod_wsgi-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.5.18-150000.4.6.1 apache2-mod_wsgi-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.5.18-150000.4.6.1 apache2-mod_wsgi-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-debugsource-4.5.18-150000.4.6.1 References: https://www.suse.com/security/cve/CVE-2022-2255.html https://bugzilla.suse.com/1201634 . Fedora Security Patch for nginx fixes critical vulnerability in SSL/TLS configurations. Apply updates immediately!. apache2-mod_wsgi,SUSE Enterprise,security update,trusted proxy. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Dec 14, 2022 Important SuSE
Banner 1 1028x280 1708121660 1771599717
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoraupdate information

Fedora 28: FEDORA-2018-732f45d43e moderate: php-symfony4 HTTP Header Risks

## 4.0.14 (2018-08-01) * security #cve-2018-14774 [HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer (nicolas-grekas) * security #cve-2018-14773 [HttpFoundation] Remove support for legacy and risky HTTP headers (nicolas-grekas) * bug #28003 [HttpKernel] Fixes invalid REMOTE_ADDR in inline subrequest when configuring trusted proxy with subnet. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-732f45d43e 2018-08-14 21:06:35.949639 --------------------------------------------------------------------------------Name : php-symfony4 Product : Fedora 28 Version : 4.0.14 Release : 1.fc28 URL : https://symfony.com/ Summary : Symfony PHP framework (version 4) Description : Symfony PHP framework (version 4). NOTE: Does not require PHPUnit bridge. --------------------------------------------------------------------------------Update Information: ## 4.0.14 (2018-08-01) * security #cve-2018-14774 [HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer (nicolas-grekas) * security #cve-2018-14773 [HttpFoundation] Remove support for legacy and risky HTTP headers (nicolas-grekas) * bug #28003 [HttpKernel] Fixes invalid REMOTE_ADDR in inline subrequest when configuring trusted proxy with subnet (netiul) * bug #28007 [FrameworkBundle] fixed guard event names for transitions (destillat) * bug #28045 [HttpFoundation] Fix Cookie::isCleared (ro0NL) * bug #28080 [HttpFoundation] fixed using _method parameter with invalid type (Phobetor) * bug #28052 [HttpKernel] Fix merging bindings for controllers' locators (nicolas-grekas) ## 4.0.13 (2018-07-23) * bug #28005 [HttpKernel] Fixed templateExists on parse error of the template name (yceruto) * bug #27997 Serbo-Croatian has Serbian plural rule (kylekatarnls) * bug #26193 Fix false-positive deprecation notices for TranslationLoader and WriteCheckSessionHandler (iquito) * bug #27941[WebProfilerBundle] Fixed icon alignment issue using Bootstrap 4.1.2 (jmsche) * bug #27937 [HttpFoundation] reset callback on StreamedResponse when setNotModified() is called (rubencm) * bug #27927 [HttpFoundation] Suppress side effects in 'get' and 'has' methods of NamespacedAttributeBag (webnet-fr) * bug #27923 [Form/Profiler] Massively reducing memory footprint of form profiling pages... (VincentChalnot) * bug #27918 [Console] correctly return parameter's default value on "--" (seschwar) * bug #27904 [Filesystem] fix lock file permissions (fritzmg) * bug #27903 [Lock] fix lock file permissions (fritzmg) * bug #27889 [Form] Replace .initialism with .text-uppercase. (vudaltsov) * bug #27902 Fix the detection of the Process new argument (stof) * bug #27885 [HttpFoundation] don't encode cookie name for BC (nicolas-grekas) * bug #27782 [DI] Fix dumping ignore-on-uninitialized references to synthetic services (nicolas-grekas) * bug #27435 [OptionResolver] resolve arrays (Doctrs) * bug #27728 [TwigBridge] Fix missing path and separators in loader paths list on debug:twig output (yceruto) * bug #27837 [PropertyInfo] Fix dock block lookup fallback loop (DerManoMann) * bug #27758 [WebProfilerBundle] Prevent toolbar links color override by css (alcalyn) * bug #27847 [Security] Fix accepting null as $uidKey in LdapUserProvider (louhde) * bug #27834 [DI] Don't show internal service id on binding errors (nicolas-grekas) * bug #27831 Check for Hyper terminal on all operating systems. (azjezz) * bug #27794 Add color support for Hyper terminal . (azjezz) * bug #27809 [HttpFoundation] Fix tests: new message for status 425 (dunglas) * bug #27618 [PropertyInfo] added handling of nullable types in PhpDoc (oxan) * bug #27659 [HttpKernel] Make AbstractTestSessionListener compatible with CookieClearingLogoutHandler (thewilkybarkid) * bug #27752 [Cache] provider does not respect option maxIdLength with versioning enabled (Constantine Shtompel) * bug #27776 [ProxyManagerBridge] Fixsupport of private services (bis) (nicolas-grekas) * bug #27714 [HttpFoundation] fix session tracking counter (nicolas-grekas, dmaicher) * bug #27747 [HttpFoundation] fix registration of session proxies (nicolas-grekas) * bug #27722 Redesign the Debug error page in prod (javiereguiluz) * bug #27716 [DI] fix dumping deprecated service in yaml (nicolas-grekas) ## 4.0.12 (2018-06-25) * bug #27626 [TwigBundle][DX] Only add the Twig WebLinkExtension if the WebLink component is enabled (thewilkybarkid) * bug #27701 [SecurityBundle] Dont throw if "security.http_utils" is not found (nicolas-grekas) * bug #27690 [DI] Resolve env placeholder in logs (ro0NL) * bug #26534 allow_extra_attributes does not throw an exception as documented (deviantintegral) * bug #27668 [Lock] use 'r+' for fopen (fixes issue on Solaris) (fritzmg) * bug #27669 [Filesystem] fix file lock on SunOS (fritzmg) * bug #27662 [HttpKernel] fix handling of nested Error instances (xabbuh) * bug #26845 [Config] Fixing GlobResource when inside phar archive (vworldat) * bug #27382 [Form] Fix error when rendering a DateIntervalType form with exactly 0 weeks (krixon) * bug #27309 Fix surrogate not using original request (Toflar) * bug #27467 [HttpKernel] fix session tracking in surrogate master requests (nicolas-grekas) * bug #27630 [Validator][Form] Remove BOM in some xlf files (gautierderuette) * bug #27596 [Framework][Workflow] Added support for interfaces (vudaltsov) * bug #27593 [ProxyManagerBridge] Fixed support of private services (nicolas-grekas) * bug #27591 [VarDumper] Fix dumping ArrayObject and ArrayIterator instances (nicolas-grekas) * bug #27581 Fix bad method call with guard authentication + session migration (weaverryan) * bug #27576 [Cache] Fix expiry comparisons in array-based pools (nicolas-grekas) * bug #27556 Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener (weaverryan) * bug #27452 Avoid migration on stateless firewalls (weaverryan) * bug#27568 [DI] Deduplicate generated proxy classes (nicolas-grekas) * bug #27326 [Serializer] deserialize from xml: Fix a collection that contains the only one element (webnet-fr) * bug #27567 [PhpUnitBridge] Fix error on some Windows OS (Nsbx) * bug #27357 [Lock] Remove released semaphore (jderusse) * bug #27416 TagAwareAdapter over non-binary memcached connections corrupts memcache (Aleksey Prilipko) * bug #27514 [Debug] Pass previous exception to FatalErrorException (pmontoya) * bug #27516 Revert "bug #26138 [HttpKernel] Catch HttpExceptions when templating is not installed (cilefen)" (nicolas-grekas) * bug #27318 [Cache] memcache connect should not add duplicate entries on sequential calls (Aleksey Prilipko) * bug #27389 [Serializer] Fix serializer tries to denormalize null values on nullable properties (ogizanagi) * bug #27272 [FrameworkBundle] Change priority of AddConsoleCommandPass to TYPE_BEFORE_REMOVING (upyx) * bug #27396 [HttpKernel] fix registering IDE links (nicolas-grekas) * bug #26973 [HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer. (kmadejski) * bug #27303 [Process] Consider "executable" suffixes first on Windows (sanmai) * bug #27297 Triggering RememberMe's loginFail() when token cannot be created (weaverryan) * bug #27344 [HttpKernel] reset kernel start time on reboot (kiler129) * bug #27365 [Serializer] Check the value of enable_max_depth if defined (dunglas) * bug #27358 [PhpUnitBridge] silence some stderr outputs (ostrolucky) * bug #27366 [DI] never inline lazy services (nicolas-grekas) --------------------------------------------------------------------------------ChangeLog: * Thu Aug 2 2018 Shawn Iwinski - 4.0.14-1 - Update to 4.0.14 (CVE-2018-14773 / CVE-2018-14774) - Add conflict php-composer(phpdocumentor/type-resolver) < 0.3.0 * Fri Jul 13 2018 Fedora Release Engineering - 4.0.11-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Mon May 28 2018 Remi Collet - 4.0.11-1 - update to4.0.11 * Thu May 24 2018 Remi Collet - 4.0.10-1 - update to 4.0.10 - ignore new dependency on symfony/polyfill-ctype * Fri May 4 2018 Remi Collet - 4.0.9-1 - update to 4.0.9 --------------------------------------------------------------------------------References: [ 1 ] Bug #1611906 - CVE-2018-14773 php-symfony: Legacy HTTP headers allow users to modify URLs and bypass restrictions https://bugzilla.redhat.com/show_bug.cgi?id=1611906 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-732f45d43e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/HQM36TIXT3OCRJQVSXONXFQ4SBIQDYCQ/ . A vital security update for Fedora 28 addresses vulnerabilities in php-symfony4. Users are encouraged to update promptly to enhance header management and security.. Fedora Security Update, php-symfony4 Advisory, Header Management Fix. . LinuxSecurity.com Team

Calendar 2 Aug 14, 2018 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":552,"type":"x","order":1,"pct":78.63,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.27,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.84,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.25,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here