Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 32 articles for you...
89
security advisoryfedoracriticalFedora 41: podman-tui Critical Memory Leak Issue FEDORA-2025-b529f6bfed
podman-tui release 1.8.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-b529f6bfed 2025-09-22 01:16:18.145093+00:00 -------------------------------------------------------------------------------- Name : podman-tui Product : Fedora 41 Version : 1.8.0 Release : 1.fc41 URL : https://github.com/containers/podman-tui Summary : Podman Terminal User Interface Description : podman-tui is a terminal user interface for Podman v4 and v5. podman-tui is using podman.socket service to communicate with podman environment and SSH to connect to remote podman machines. -------------------------------------------------------------------------------- Update Information: podman-tui release 1.8.0 -------------------------------------------------------------------------------- ChangeLog: * Sat Sep 13 2025 Navid Yaghoobi - 1.8.0-1 - Release v1.8.0 * Fri Aug 15 2025 Maxwell G - 1.7.0-3 - Rebuild for golang-1.25.0 * Fri Jul 25 2025 Fedora Release Engineering - 1.7.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2391605 - CVE-2025-58058 podman-tui: github.com/ulikunitz/xz leaks memory [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2391605 [ 2 ] Bug #2391613 - CVE-2025-58058 podman-tui: github.com/ulikunitz/xz leaks memory [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2391613 [ 3 ] Bug #2391638 - CVE-2025-58058 podman-tui: github.com/ulikunitz/xz leaks memory [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2391638 [ 4 ] Bug #2391670 - CVE-2025-58058 podman-tui: github.com/ulikunitz/xz leaks memory [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2391670 -------------------------------------------------------------------------------- This update can be installed with the "dnf" updateprogram. Use su -c 'dnf upgrade --advisory FEDORA-2025-b529f6bfed' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Sep 22, 2025
•Critical
Fedora
100
security advisorymoderate severityupdate instructionSUSE: 2025:20037-1 moderate: python-urllib3 Cross-Origin Issue
* bsc#1226469 Cross-References: * CVE-2024-37891 . # Security update for python-urllib3 Announcement ID: SUSE-SU-2025:20037-1 Release Date: 2025-02-03T08:53:14Z Rating: moderate References: * bsc#1226469 Cross-References: * CVE-2024-37891 CVSS scores: * CVE-2024-37891 ( SUSE ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-urllib3 fixes the following issues: * CVE-2024-37891: Fixed issue where proxy-authorization request header was not stripped during cross-origin redirects (bsc#1226469) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-36=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * python311-urllib3-2.1.0-2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-37891.html * https://bugzilla.suse.com/show_bug.cgi?id=1226469 . A medium-impact security flaw in python-urllib3 has been resolved. Please ensure you update your SUSE Linux Micro to enhance protection.. SUSE Linux Micro, python-urllib3 security, security update SUSE, cross-origin vulnerability. . LinuxSecurity.com Team
Jun 04, 2025
SuSE
100
security advisorymoderatefixesSUSE Linux Micro: 2025:20018-1 moderate: kernel-firmware fixes
* bsc#1219458 * bsc#1222319 * bsc#1225600 * bsc#1225601 . # Security update for kernel-firmware Announcement ID: SUSE-SU-2025:20018-1 Release Date: 2025-02-03T08:48:39Z Rating: moderate References: * bsc#1219458 * bsc#1222319 * bsc#1225600 * bsc#1225601 Cross-References: * CVE-2023-38417 * CVE-2023-47210 CVSS scores: * CVE-2023-38417 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-47210 ( SUSE ): 4.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities and has two fixes can now be installed. ## Description: This update for kernel-firmware fixes the following issues: Update to version 20240712: * amdgpu: update DMCUB to v0.0.225.0 for Various AMDGPU Asics * qcom: add gpu firmwares for x1e80100 chipset (bsc#1219458) * linux-firmware: add firmware for qat_402xx devices * amdgpu: update raven firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update SDMA 6.0.3 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update vega20 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update PSP 13.0.8 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update SDMA 6.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update picasso firmware * amdgpu: update beige goby firmware * amdgpu: update vangogh firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update navy flounder firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update green sardine firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update SDMA 6.0.1 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update VPE 6.1.1 firmware * amdgpu: update VCN4.0.6 firmware * amdgpu: update SDMA 6.1.1 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update SDMA 6.1.0 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update navi14 firmware * amdgpu: update renoir firmware * amdgpu: update navi12 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update SMU 13.0.7 firmware * amdgpu: update SDMA 6.0.2 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update navi10 firmware * amdgpu: update raven2 firmware * amdgpu: update aldebaran firmware * linux-firmware: Update AMD cpu microcode * linux-firmware: Add ISH firmware file for Intel Lunar Lake platform * amdgpu: update DMCUB to v0.0.224.0 for Various AMDGPU Asics * cirrus: cs35l41: Update various firmware for ASUS laptops using CS35L41 * amdgpu: Update ISP FW for isp v4.1.1 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-20=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * kernel-firmware-mediatek-20240728-1.1 * kernel-firmware-mellanox-20240728-1.1 * kernel-firmware-atheros-20240728-1.1 * kernel-firmware-chelsio-20240728-1.1 * kernel-firmware-prestera-20240728-1.1 * kernel-firmware-brcm-20240728-1.1 * kernel-firmware-radeon-20240728-1.1 * kernel-firmware-sound-20240728-1.1 * kernel-firmware-i915-20240728-1.1 * kernel-firmware-platform-20240728-1.1 * kernel-firmware-nvidia-20240728-1.1 * kernel-firmware-iwlwifi-20240728-1.1 * kernel-firmware-ath11k-20240728-1.1 * kernel-firmware-ath10k-20240728-1.1 *kernel-firmware-liquidio-20240728-1.1 * kernel-firmware-ueagle-20240728-1.1 * kernel-firmware-marvell-20240728-1.1 * kernel-firmware-mwifiex-20240728-1.1 * kernel-firmware-intel-20240728-1.1 * kernel-firmware-nfp-20240728-1.1 * kernel-firmware-ath12k-20240728-1.1 * kernel-firmware-dpaa2-20240728-1.1 * kernel-firmware-realtek-20240728-1.1 * kernel-firmware-network-20240728-1.1 * ucode-amd-20240728-1.1 * kernel-firmware-qcom-20240728-1.1 * kernel-firmware-all-20240728-1.1 * kernel-firmware-bluetooth-20240728-1.1 * kernel-firmware-bnx2-20240728-1.1 * kernel-firmware-usb-network-20240728-1.1 * kernel-firmware-media-20240728-1.1 * kernel-firmware-ti-20240728-1.1 * kernel-firmware-amdgpu-20240728-1.1 * kernel-firmware-qlogic-20240728-1.1 * kernel-firmware-serial-20240728-1.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38417.html * https://www.suse.com/security/cve/CVE-2023-47210.html * https://bugzilla.suse.com/show_bug.cgi?id=1219458 * https://bugzilla.suse.com/show_bug.cgi?id=1222319 * https://bugzilla.suse.com/show_bug.cgi?id=1225600 * https://bugzilla.suse.com/show_bug.cgi?id=1225601 . Patch release for kernel enhancements improving stability and security on SUSE Linux Micro systems. Ensure your systems remain secure!. kernel firmware, SUSE updates, security patches, firmware fixes, Linux security. . LinuxSecurity.com Team
Jun 04, 2025
SuSE
100
security advisorySUSE Linuxpath traversalSUSE: 2025:01695-1 important: Path Traversal in python-setuptools
* bsc#1243313 Cross-References: * CVE-2025-47273 . # Security update for python-setuptools Announcement ID: SUSE-SU-2025:01695-1 Release Date: 2025-05-23T12:50:56Z Rating: important References: * bsc#1243313 Cross-References: * CVE-2025-47273 CVSS scores: * CVE-2025-47273 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-47273 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-47273 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-setuptools fixes the following issues: * CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write(bsc#1243313). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2025-1695=1 * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-1695=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1695=1 ## Package List: * Public Cloud Module 12 (noarch) * python-setuptools-40.6.2-4.27.1 * python3-setuptools-40.6.2-4.27.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * python-setuptools-40.6.2-4.27.1 * python3-setuptools-40.6.2-4.27.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * python-setuptools-40.6.2-4.27.1 * python3-setuptools-40.6.2-4.27.1 ## References: * https://www.suse.com/security/cve/CVE-2025-47273.html * https://bugzilla.suse.com/show_bug.cgi?id=1243313 . Significant security enhancement released for python-setuptools tackling severe path traversal vulnerabilities on SUSE platforms.. python setuptools update, SUSE updates, security announcement, path traversal security. . Severity: Important. LinuxSecurity.com Team
May 23, 2025
•Important
SuSE
172
security advisorydenial of serviceUbuntuUbuntu 25.04 Advisory USN-7482-1: OpenJDK 17 multiple threats fixed
Several security issues were fixed in OpenJDK 17.. ========================================================================== Ubuntu Security Notice USN-7482-1 May 06, 2025 openjdk-17 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in OpenJDK 17. Software Description: - openjdk-17: Open Source Java implementation Details: Alicja Kario discovered that the JSSE component of OpenJDK 17 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587) It was discovered that the Compiler component of OpenJDK 17 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691) It was discovered that the 2D component of OpenJDK 17 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15 Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 openjdk-17-jdk 17.0.15+6~us1-0ubuntu1~25.04 openjdk-17-jdk-headless 17.0.15+6~us1-0ubuntu1~25.04 openjdk-17-jre 17.0.15+6~us1-0ubuntu1~25.04 openjdk-17-jre-headless 17.0.15+6~us1-0ubuntu1~25.04 openjdk-17-jre-zero 17.0.15+6~us1-0ubuntu1~25.04 Ubuntu 24.10 openjdk-17-jdk 17.0.15+6~us1-0ubuntu1~24.10 openjdk-17-jdk-headless 17.0.15+6~us1-0ubuntu1~24.10 openjdk-17-jre 17.0.15+6~us1-0ubuntu1~24.10 openjdk-17-jre-headless 17.0.15+6~us1-0ubuntu1~24.10 openjdk-17-jre-zero 17.0.15+6~us1-0ubuntu1~24.10 Ubuntu 24.04 LTS openjdk-17-jdk 17.0.15+6~us1-0ubuntu1~24.04 openjdk-17-jdk-headless 17.0.15+6~us1-0ubuntu1~24.04 openjdk-17-jre 17.0.15+6~us1-0ubuntu1~24.04 openjdk-17-jre-headless 17.0.15+6~us1-0ubuntu1~24.04 openjdk-17-jre-zero 17.0.15+6~us1-0ubuntu1~24.04 Ubuntu 22.04 LTS openjdk-17-jdk 17.0.15+6~us1-0ubuntu1~22.04 openjdk-17-jdk-headless 17.0.15+6~us1-0ubuntu1~22.04 openjdk-17-jre 17.0.15+6~us1-0ubuntu1~22.04 openjdk-17-jre-headless 17.0.15+6~us1-0ubuntu1~22.04 openjdk-17-jre-zero 17.0.15+6~us1-0ubuntu1~22.04 Ubuntu 20.04 LTS openjdk-17-jdk 17.0.15+6~us1-0ubuntu1~20.04 openjdk-17-jdk-headless 17.0.15+6~us1-0ubuntu1~20.04 openjdk-17-jre 17.0.15+6~us1-0ubuntu1~20.04 openjdk-17-jre-headless 17.0.15+6~us1-0ubuntu1~20.04 openjdk-17-jre-zero 17.0.15+6~us1-0ubuntu1~20.04 Ubuntu 18.04 LTS openjdk-17-jdk 17.0.15+6~us1-0ubuntu1~18.04 Available with Ubuntu Pro openjdk-17-jdk-headless 17.0.15+6~us1-0ubuntu1~18.04 Available with Ubuntu Pro openjdk-17-jre 17.0.15+6~us1-0ubuntu1~18.04 Available with Ubuntu Pro openjdk-17-jre-headless 17.0.15+6~us1-0ubuntu1~18.04 Available with Ubuntu Pro openjdk-17-jre-zero 17.0.15+6~us1-0ubuntu1~18.04 Available with Ubuntu Pro This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart Java applications to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7482-1 CVE-2025-21587, CVE-2025-30691, CVE-2025-30698 Package Information: https://launchpad.net/ubuntu/+source/openjdk-17/17.0.15+6~us1-0ubuntu1~25.04 https://launchpad.net/ubuntu/+source/openjdk-17/17.0.15+6~us1-0ubuntu1~24.10 https://launchpad.net/ubuntu/+source/openjdk-17/17.0.15+6~us1-0ubuntu1~24.04 https://launchpad.net/ubuntu/+source/openjdk-17/17.0.15+6~us1-0ubuntu1~22.04 https://launchpad.net/ubuntu/+source/openjdk-17/17.0.15+6~us1-0ubuntu1~20.04 . Important patches deployed for OpenJDK 17 impacting various Ubuntu editions and addressing serious vulnerabilities.. OpenJDK 17 Security, Ubuntu Updates, Denial of Service Fixes, Information Disclosure Patches. . Severity: Critical. LinuxSecurity.com Team
May 06, 2025
•Critical
Ubuntu
172
security advisoryUbuntuservice denialUbuntu 24.10: USN-7427-1 critical: dotnet denial of service
.NET could be made to crash or run programs if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-7427-1 April 08, 2025 dotnet8, dotnet9 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: .NET could be made to crash or run programs if it received specially crafted network traffic. Software Description: - dotnet8: .NET CLI tools and runtime - dotnet9: .NET CLI tools and runtime Details: James Newton-King discovered that .NET did not properly limit resource allocation when handling certain HTTP/3 requests. An attacker could possibly use this issue to cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 aspnetcore-runtime-8.0 8.0.15-0ubuntu1~24.10.1 aspnetcore-runtime-9.0 9.0.4-0ubuntu1~24.10.1 dotnet-host-8.0 8.0.15-0ubuntu1~24.10.1 dotnet-host-9.0 9.0.4-0ubuntu1~24.10.1 dotnet-hostfxr-8.0 8.0.15-0ubuntu1~24.10.1 dotnet-hostfxr-9.0 9.0.4-0ubuntu1~24.10.1 dotnet-runtime-8.0 8.0.15-0ubuntu1~24.10.1 dotnet-runtime-9.0 9.0.4-0ubuntu1~24.10.1 dotnet-sdk-8.0 8.0.115-0ubuntu1~24.10.1 dotnet-sdk-9.0 9.0.105-0ubuntu1~24.10.1 dotnet-sdk-aot-9.0 9.0.105-0ubuntu1~24.10.1 dotnet8 8.0.115-8.0.15-0ubuntu1~24.10.1 dotnet9 9.0.105-9.0.4-0ubuntu1~24.10.1 Ubuntu 24.04 LTS aspnetcore-runtime-8.0 8.0.15-0ubuntu1~24.04.1 dotnet-host-8.0 8.0.15-0ubuntu1~24.04.1 dotnet-hostfxr-8.0 8.0.15-0ubuntu1~24.04.1 dotnet-runtime-8.0 8.0.15-0ubuntu1~24.04.1 dotnet-sdk-8.0 8.0.115-0ubuntu1~24.04.1 dotnet8 8.0.115-8.0.15-0ubuntu1~24.04.1 Ubuntu 22.04 LTS aspnetcore-runtime-8.0 8.0.15-0ubuntu1~22.04.1 dotnet-host-8.0 8.0.15-0ubuntu1~22.04.1 dotnet-hostfxr-8.0 8.0.15-0ubuntu1~22.04.1 dotnet-runtime-8.0 8.0.15-0ubuntu1~22.04.1 dotnet-sdk-8.0 8.0.115-0ubuntu1~22.04.1 dotnet8 8.0.115-8.0.15-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes. References: CVE-2025-26682 Package Information: https://launchpad.net/ubuntu/+source/dotnet8/8.0.115-8.0.15-0ubuntu1~24.10.1 https://launchpad.net/ubuntu/+source/dotnet9/9.0.105-9.0.4-0ubuntu1~24.10.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.115-8.0.15-0ubuntu1~24.04.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.115-8.0.15-0ubuntu1~22.04.1 . Ubuntu Security Notice USN-7428-1 outlines a vulnerability in Python that could permit unauthorized access via manipulated requests.. dotnet security, Ubuntu update, denial of service, network traffic, .NET issue. . Severity: Critical. LinuxSecurity.com Team
Apr 08, 2025
•Critical
Ubuntu
172
security advisorydenial of servicecode executionUbuntu 14.04 LTS: USN-7107-1 critical: zlib denial of service
zlib could be made to crash or run programs if it received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-7107-1 November 13, 2024 zlib vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: zlib could be made to crash or run programs if it received specially crafted input. Software Description: - zlib: Lossless data-compression library Details: It was discovered that Minizip in zlib incorrectly handled certain zip header fields. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS lib32z1 1:1.2.8.dfsg-1ubuntu1.1+esm3 Available with Ubuntu Pro lib32z1-dev 1:1.2.8.dfsg-1ubuntu1.1+esm3 Available with Ubuntu Pro libx32z1 1:1.2.8.dfsg-1ubuntu1.1+esm3 Available with Ubuntu Pro libx32z1-dev 1:1.2.8.dfsg-1ubuntu1.1+esm3 Available with Ubuntu Pro zlib-bin 1:1.2.8.dfsg-1ubuntu1.1+esm3 Available with Ubuntu Pro zlib1g 1:1.2.8.dfsg-1ubuntu1.1+esm3 Available with Ubuntu Pro zlib1g-dev 1:1.2.8.dfsg-1ubuntu1.1+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7107-1 CVE-2023-45853 . Concerning the zlib vulnerability USN-7107-1 affecting Ubuntu systems: it’s crucial to implement updates to avert potential system failures as well as unauthorized code execution.. Ubuntu Security, zlib Advisory, Denial of Service, Code Execution, Software Update. . Severity: Critical. LinuxSecurity.com Team
Nov 13, 2024
•Critical
Ubuntu
172
security advisoryUbuntunetwork trafficUbuntu 24.04 LTS: USN-7031-1 critical: Puma header overwrite issue
Puma could be made to overwrite headers if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-7031-1 September 24, 2024 puma vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS Summary: Puma could be made to overwrite headers if it received specially crafted network traffic. Software Description: - puma: threaded HTTP 1.1 server for Ruby/Rack applications Details: It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to overwrite header values set by intermediate proxies by providing duplicate headers containing underscore characters. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS puma 6.4.2-4ubuntu4.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7031-1 CVE-2024-45614 Package Information: https://launchpad.net/ubuntu/+source/puma/6.4.2-4ubuntu4.3 . The persistent header replacement problem with Puma necessitates immediate patches for Ubuntu 24.04 LTS. Safeguard your system by installing the most recent updates.. Puma Security, Ubuntu Advisory, Network Vulnerability, Header Manipulation, Security Update. . Severity: Critical. LinuxSecurity.com Team
Sep 24, 2024
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!