Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
203
security advisorycriticalcommand injectionMageia 9 Vim Critical Command Injection Info MGASA-2026-0062 CVE-2026-33412
MGASA-2026-0062 - Updated vim packages fix security vulnerabilities. MGASA-2026-0062 - Updated vim packages fix security vulnerabilities Publication date: 24 Mar 2026 URL: https://advisories.mageia.org/MGASA-2026-0062.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-33412 Description: Command injection via newline in glob() affects Vim < 9.2.0202. (CVE-2026-33412) References: - https://bugs.mageia.org/show_bug.cgi?id=35239 - https://www.openwall.com/lists/oss-security/2026/03/19/10 - https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c - https://www.cve.org/CVERecord?id=CVE-2026-33412 SRPMS: - 9/core/vim-9.2.209-1.mga9 . Updated vim packages in Mageia address critical command injection issues affecting versions below 9.2.0202.. vim security, Mageia update, command injection threat, package vulnerability, security advisories. . Severity: Critical. LinuxSecurity.com Team
Mar 24, 2026
•Critical
Mageia
217
security advisoryimportantkernelOracle Linux 9: ELSA-2025-20609 Kernel Important Threat Remediation
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-20609 http://linux.oracle.com/errata/ELSA-2025-20609.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-5.15.0-312.187.5.3.el9uek.x86_64.rpm kernel-uek-5.15.0-312.187.5.3.el9uek.x86_64.rpm kernel-uek-core-5.15.0-312.187.5.3.el9uek.x86_64.rpm kernel-uek-debug-5.15.0-312.187.5.3.el9uek.x86_64.rpm kernel-uek-debug-core-5.15.0-312.187.5.3.el9uek.x86_64.rpm kernel-uek-debug-devel-5.15.0-312.187.5.3.el9uek.x86_64.rpm kernel-uek-debug-modules-5.15.0-312.187.5.3.el9uek.x86_64.rpm kernel-uek-debug-modules-extra-5.15.0-312.187.5.3.el9uek.x86_64.rpm kernel-uek-devel-5.15.0-312.187.5.3.el9uek.x86_64.rpm kernel-uek-doc-5.15.0-312.187.5.3.el9uek.noarch.rpm kernel-uek-modules-5.15.0-312.187.5.3.el9uek.x86_64.rpm kernel-uek-modules-extra-5.15.0-312.187.5.3.el9uek.x86_64.rpm kernel-uek-container-5.15.0-312.187.5.3.el9uek.x86_64.rpm kernel-uek-container-debug-5.15.0-312.187.5.3.el9uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-312.187.5.3.el9uek.src.rpm Related CVEs: CVE-2025-38264 CVE-2025-38494 CVE-2025-38495 CVE-2025-38499 CVE-2025-38618 Description of changes: [5.15.0-312.187.5.3.el9uek] - HID: core: do not bypass hid_hw_raw_request (Benjamin Tissoires) [Orabug: 38454666] {CVE-2025-38494} - vsock: Do not allow binding to VMADDR_PORT_ANY (Budimir Markovic) [Orabug: 38454665] {CVE-2025-38618} - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Al Viro) [Orabug: 38454664] {CVE-2025-38499} - HID: core: ensure the allocated report buffer can contain the reserved report ID (Benjamin Tissoires) [Orabug: 38454662] {CVE-2025-38495} - nvme-tcp: sanitize request list handling (Hannes Reinecke) [Orabug: 38454661] {CVE-2025-38264} - llist: add interface to check if a node is on a list. (NeilBrown) [Orabug:38454661] _______________________________________________ El-errata mailing list
Sep 24, 2025
•Important
Oracle
197
security advisorydebianremote executionDebian 8 Jessie: DLA-2065-1 Critical: Apache-Log4j1.2 Remote Code Execution
Included in Log4j 1.2, a logging library for Java, is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for . Package : apache-log4j1.2 Version : 1.2.17-5+deb8u1 CVE ID : CVE-2019-17571 Debian Bug : 947124 Included in Log4j 1.2, a logging library for Java, is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. For Debian 8 "Jessie", this problem has been fixed in version 1.2.17-5+deb8u1. We recommend that you upgrade your apache-log4j1.2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Enhance apache-log4j1.2 version to mitigate remote execution vulnerability referenced in CVE-2019-17571 within Debian LTS.. apache-log4j1.2, security update, Debian, remote execution, deserialization. . Severity: Critical. LinuxSecurity.com Team
Jan 12, 2020
•Critical
Debian LTS
98
security advisoryRed HatLinux supportRed Hat Enterprise Linux 6.5 TUS Retirement: Notice for RHSA-2017:3376-01
This is the final notification for the retirement of Red Hat Enterprise Linux 6.5 Telecommunications Update Support (TUS). This notification applies only to those customers subscribed to the Telecommunications Update Support (TUS) channel for Red Hat Enterprise Linux 6.5.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 6.5 TUS Retirement Notice Advisory ID: RHSA-2017:3376-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:3376 Issue date: 2017-12-04 ==================================================================== 1. Summary: This is the final notification for the retirement of Red Hat Enterprise Linux 6.5 Telecommunications Update Support (TUS). This notification applies only to those customers subscribed to the Telecommunications Update Support (TUS) channel for Red Hat Enterprise Linux 6.5. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.5) - x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Telecommunications Update Service for Red Hat Enterprise Linux 6.5 was retired as of November 30, 2017, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.5 TUS after November 30, 2017. In addition, on-going technical support through Red Hat's Customer Experience and Engagement will be limited as described under "non-current minor releases" in the Knowledge Base article located here https://access.redhat.com/articles/64664 after this date. We encourage customers to migrate from Red Hat Enterprise Linux 6.5 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscriptionmodel, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release package that provides a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Server AUS (v. 6.5): Source: redhat-release-server-6Server-6.5.0.3.el6_5.4.src.rpm x86_64: redhat-release-server-6Server-6.5.0.3.el6_5.4.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.5): Source: redhat-release-server-6Server-6.5.0.3.el6_5.4.src.rpm x86_64: redhat-release-server-6Server-6.5.0.3.el6_5.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFaJYcuXlSAg2UNWIIRAl4aAKCnhYrheq1/cpJNdSkOQKPVeMtKeQCguI4j RFcv2JgofuBfQ+O+gLvXtNE=SHV1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 04, 2017
•Low
Red Hat
200
security advisorymoderatesecurity issueScientific Linux: Updated Quagga Packages Resolve Moderate Threats
Updated quagga packages that fix several security . Date: Fri, 2 Jun 2006 16:41:22 -0500 Reply-To: Connie Sieh Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: ERRATA for "quagga" on SL 40,41,42,43 i386,x86_64 now available Comments: To: scientific The ERRATA for SL 40,41,42,43 i386,x86_64 are now available from: Synopsis: Updated quagga packages that fix several security vulnerabilities are now available Severity: moderate Issued on: 2006-06-01 CVEs: CVE-2006-2276 CVE-2006-2223 CVE-2006-2224 SRPMS quagga-0.98.3-2.4E.src.rpm i386 quagga-0.98.3-2.4E.i386.rpm quagga-contrib-0.98.3-2.4E.i386.rpm quagga-devel-0.98.3-2.4E.i386.rpm x86_64 quagga-0.98.3-2.4E.x86_64.rpm quagga-contrib-0.98.3-2.4E.x86_64.rpm quagga-devel-0.98.3-2.4E.x86_64.rpm --Connie Sieh --Troy Dawson . Enhanced quagga updates address vulnerabilities in Scientific Linux versions 40-43 on both i386 and x86_64 architectures.. Quagga Packages, Scientific Linux Security, Security Fix, Updated Software. . Severity: Important. LinuxSecurity.com Team
Jun 02, 2006
•Important
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!