Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 23 articles for you...
89
security advisorydenial of servicefedoraFedora 42 dotnet10.0 Denial of Service Vulnern 2026-48e73ed6b8
This is the March 2026 release of .NET 10. Release Notes: SDK: https://github.com/dotnet/core/blob/main/release- notes/10.0/10.0.4/10.0.104.md Runtime: https://github.com/dotnet/core/blob/main/release-. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-48e73ed6b8 2026-03-28 01:05:58.419822+00:00 -------------------------------------------------------------------------------- Name : dotnet10.0 Product : Fedora 42 Version : 10.0.104 Release : 1.fc42 URL : https://github.com/dotnet/ Summary : .NET 10.0 Runtime and SDK Description : .NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. -------------------------------------------------------------------------------- Update Information: This is the March 2026 release of .NET 10. Release Notes: SDK: https://github.com/dotnet/core/blob/main/release- notes/10.0/10.0.4/10.0.104.md Runtime: https://github.com/dotnet/core/blob/main/release- notes/10.0/10.0.4/10.0.4.md -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 11 2026 Omair Majid - 10.0.104-1 - Update to .NET SDK 10.0.104 and Runtime 10.0.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2446423 - CVE-2026-26130 dotnet10.0: ASP.NET Core: Denial of Service via uncontrolled resource allocation [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2446423 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade--advisory FEDORA-2026-48e73ed6b8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 28, 2026
•Important
Fedora
89
security advisoryfedoraupdate advisoryFedora 43 rust-crypto-auditing Type Confusion CVE-2026-25537 DoS Advisory
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f400579a21 2026-02-10 01:31:32.937525+00:00 -------------------------------------------------------------------------------- Name : rust-crypto-auditing-event-broker Product : Fedora 43 Version : 0.2.4 Release : 2.fc43 URL : https://crates.io/crates/crypto-auditing-event-broker Summary : Event broker for crypto-auditing project Description : Event broker for crypto-auditing project. -------------------------------------------------------------------------------- Update Information: Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 7 2026 Fabio Valentini - 0.2.4-2 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437470 [ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437472 [ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438104 [ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438135 [ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438138 [ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438149 [ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438158 [ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438164 [ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438165 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 10, 2026
•Important
Fedora
89
security advisoryfedoracode executionFedora 42: python-socketio Critical RCE Fix FEDORA-2025-96c38634c7
Release 5.14.1 - 2025-10-02 Restore support for rediss:// URLs, and add support for valkeys:// as well Add support for Redis connections using unix sockets Release 5.14.0 - 2025-09-30 Replace pickle with json in message queue communications. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-96c38634c7 2025-10-11 00:56:43.169085+00:00 -------------------------------------------------------------------------------- Name : python-socketio Product : Fedora 42 Version : 5.14.1 Release : 1.fc42 URL : https://github.com/miguelgrinberg/python-socketio Summary : Socket.IO server Description : Socket.IO is a transport protocol that enables real-time bidirectional event-based communication between clients (typically, though not always, web browsers) and a server. The official implementations of the client and server components are written in JavaScript. This package provides Python implementations of both, each with standard and asyncio variants. -------------------------------------------------------------------------------- Update Information: Release 5.14.1 - 2025-10-02 Restore support for rediss:// URLs, and add support for valkeys:// as well Add support for Redis connections using unix sockets Release 5.14.0 - 2025-09-30 Replace pickle with json in message queue communications Add support for Valkey in the Redis client managers Keep track of which namespaces failed to connect Fixed transport property of the simple clients to be a string as documented SimpleClient.call does not raise TimeoutError on timeout Wait for client to end background tasks on disconnect Better error logging for the Redis managers Channel was not properly initialized in several pubsub client managers Add message queue deployment recommendations for security Add missing async on session examples for the async server Add SPDX licenseidentifier -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 2 2025 Packit - 5.14.1-1 - Update to 5.14.1 upstream release - Resolves: rhbz#2401144 * Tue Sep 30 2025 Packit - 5.14.0-1 - Update to 5.14.0 upstream release - Resolves: rhbz#2400545 * Fri Sep 19 2025 Python Maint - 5.13.0-7 - Rebuilt for Python 3.14.0rc3 bytecode * Fri Aug 15 2025 Python Maint - 5.13.0-6 - Rebuilt for Python 3.14.0rc2 bytecode * Fri Jul 25 2025 Fedora Release Engineering - 5.13.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Fri Jun 27 2025 Benjamin A. Beasley - 5.13.0-4 - Re-enable uvicorn test dependency * Thu Jun 12 2025 Benjamin A. Beasley - 5.13.0-3 - Omit tests that need uvicorn on Python 3.14 for now - Fixes RHBZ#2372142 * Thu May 8 2025 Benjamin A. Beasley - 5.13.0-2 - F41+: Use the provisional pyproject declarative buildsystem -------------------------------------------------------------------------------- References: [ 1 ] Bug #2401144 - python-socketio-5.14.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2401144 [ 2 ] Bug #2401937 - CVE-2025-61765 python-socketio: python-socketio code execution (RCE) via pickle deserialization [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2401937 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-96c38634c7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announcemailing list --
Oct 11, 2025
•Critical
Fedora
89
security advisoryfedorasoftware patchFedora 42: python-nh3 Security Update RUSTSEC-2025-0071
Update the ammonia crate to version 4.0.1 and rebuild python-nh3 to apply fixes for RUSTSEC-2025-0071.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-7ec84ba6e9 2025-10-01 14:43:51.750497+00:00 -------------------------------------------------------------------------------- Name : python-nh3 Product : Fedora 42 Version : 0.2.21 Release : 2.fc42 URL : https://github.com/messense/nh3 Summary : Python binding to Ammonia HTML sanitizer Rust crate Description : Python binding to Ammonia HTML sanitizer Rust crate. -------------------------------------------------------------------------------- Update Information: Update the ammonia crate to version 4.0.1 and rebuild python-nh3 to apply fixes for RUSTSEC-2025-0071. -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 22 2025 Fabio Valentini - 0.2.21-2 - Rebuild with ammonia 4.0.1 for RUSTSEC-2025-0071 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-7ec84ba6e9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Oct 01, 2025
•Important
Fedora
100
security advisorysusepath traversalSUSE: 2024:395-2 Important: suse/mysql Directory Traversal Update
The container suse/postgres was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:394-1 Container Tags : suse/postgres:16 , suse/postgres:16-5.9 , suse/postgres:16.1 , suse/postgres:16.1-5.9 , suse/postgres:latest Container Release : 5.9 Severity : moderate Type : security References : 1218571 CVE-2023-7207 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:238-1 Released: Fri Jan 26 10:56:41 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction (bsc#1218571). The following package changes have been done: - libuuid1-2.37.4-150500.9.3.1 updated - libsmartcols1-2.37.4-150500.9.3.1 updated - libblkid1-2.37.4-150500.9.3.1 updated - libfdisk1-2.37.4-150500.9.3.1 updated - cpio-2.13-150400.3.3.1 updated - libmount1-2.37.4-150500.9.3.1 updated - util-linux-2.37.4-150500.9.3.1 updated - container:sles15-image-15.0.0-36.5.77 updated . SUSE Container Update Advisory provides information regarding the suse/postgres image, addressing security vulnerability CVE-2023-7207, classified with a moderate severity level.. SUSE Container Update, suse/postgres, security patch, path traversal, update advisory. . LinuxSecurity.com Team
Jan 28, 2024
SuSE
89
security advisoryfedoracriticalFedora 37 Suricata: FEDORA-2023-4e2fe2ebac Critical Security Fix
This is a security release, fixing a number of important issues.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-4e2fe2ebac 2023-11-04 03:45:00.543275 -------------------------------------------------------------------------------- Name : suricata Product : Fedora 37 Version : 6.0.15 Release : 1.fc37 URL : Summary : Intrusion Detection System Description : The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic Protocol Detection (IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP Matching, and GeoIP identification. -------------------------------------------------------------------------------- Update Information: This is a security release, fixing a number of important issues. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 24 2023 Steve Grubb 6.0.15-1 - New security and bugfix release * Tue Sep 19 2023 Steve Grubb 6.0.14-1 - New security and bugfix release * Sat Jul 22 2023 Fedora Release Engineering - 6.0.13-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-4e2fe2ebac' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 04, 2023
•Critical
Fedora
89
security advisorybuffer overflowFedoraFedora 38 Update Advisory: Netconsole Daemon Critical Buffer Overrun
Update to prevent invalid fragment values from leading to a buffer overrun. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-2c9ef9e004 2023-09-07 01:27:49.830091 -------------------------------------------------------------------------------- Name : netconsd Product : Fedora 38 Version : 0.3 Release : 1.fc38 URL : Summary : The Netconsole Daemon Description : This is a daemon for receiving and processing logs from the Linux Kernel, as emitted over a network by the kernel's netconsole module. It supports both the old "legacy" text-only format, and the new extended format added in v4.4. The core of the daemon does nothing but process messages and drop them: in order to make the daemon useful, the user must supply one or more "output modules". These modules are shared object files which expose a small ABI that is called by netconsd with the content and metadata for netconsole messages it receives. -------------------------------------------------------------------------------- Update Information: Update to prevent invalid fragment values from leading to a buffer overrun -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 6 2023 Michel Lind - 0.3-1 - Update to 0.3 - Prevent invalid fragment values from leading to a buffer overrun - Use SPDX license identifier * Thu Jul 20 2023 Fedora Release Engineering - 0.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-2c9ef9e004' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by theFedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Sep 07, 2023
•Critical
Fedora
100
security advisorymoderatesecurity updateSUSE: 2023:2224-1 High: Bci/Dotnet Runtime Security Update
The container bci/dotnet-runtime was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2223-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-8.5 , bci/dotnet-runtime:6.0.19 , bci/dotnet-runtime:6.0.19-8.5 Container Release : 8.5 Severity : moderate Type : security References : 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). The following package changes have been done: - libcap2-2.63-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.10 updated . SUSE Container Update Notification for bci/dotnet-runtime includes critical fixes addressing vulnerabilities of moderate intensity.. bci/dotnet-runtime security, SUSE container update, libcap security patches. . LinuxSecurity.com Team
Jul 05, 2023
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!