Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 6 articles for you...
87

Debian Oldstable Keystone Important Access Issues Fixed DSA-6331-1

Multiple vulnerabilities were discovered in Keystone, the OpenStack identity service, which may result in authorisation bypass, privilege escalation, user impersonation or incomplete termination of access privileges. For the oldstable distribution (bookworm), these problems have been fixed. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6331-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff June 08, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : keystone CVE ID : CVE-2026-42998 CVE-2026-42999 CVE-2026-43000 CVE-2026-43001 CVE-2026-44394 Multiple vulnerabilities were discovered in Keystone, the OpenStack identity service, which may result in authorisation bypass, privilege escalation, user impersonation or incomplete termination of access privileges. For the oldstable distribution (bookworm), these problems have been fixed in version 2:22.0.2-0+deb12u3. This update also include two fixes already uploaded to be included in the final Bookworm point release (CVE-2026-40683, CVE-2026-33551). For the stable distribution (trixie), these problems have been fixed in version 2:27.0.0-3+deb13u4. This update also include two fixes already uploaded to be included in the next Trixie point release (CVE-2026-40683, CVE-2026-33551). We recommend that you upgrade your keystone packages. For the detailed security status of keystone please refer to its security tracker page at: https://security-tracker.debian.org/tracker/keystone Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Multiple vulnerabilities in Keystone for Debian fixed to prevent authorization bypass and userimpersonation.. Debian Keystone Privilege Escalation Authorization Bypass. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 08, 2026 Important Debian
87

Debian: python-keystonemiddleware Security Flaw DSA-6104-1 CVE-2026-22797

Grzegorz Grasza discovered a vulnerability in the Openstack middleware to provide authentication and authorization features to web services other than Keystone: If an external OAuth provider is configured, authentication headers are insufficiently sanitised, which could result in privilege escalation or user impersonation.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6104-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff January 20, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-keystonemiddleware CVE ID : CVE-2026-22797 Grzegorz Grasza discovered a vulnerability in the Openstack middleware to provide authentication and authorization features to web services other than Keystone: If an external OAuth provider is configured, authentication headers are insufficiently sanitised, which could result in privilege escalation or user impersonation. The oldstable distribution (bookworm) is not affected. For the stable distribution (trixie), this problem has been fixed in version 10.9.0-2+deb13u1. We recommend that you upgrade your python-keystonemiddleware packages. For the detailed security status of python-keystonemiddleware please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/python-keystonemiddleware Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . A critical flaw in python-keystonemiddleware could lead to user impersonation and privilege escalation. Upgrade necessary.. Debian Security Advisory, python-keystonemiddleware, privilege escalation, user impersonation, authentication issue. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jan 20, 2026 Critical Debian
197

Debian: DLA-3049-1 Critical Mailman Update: User Impersonation Risk

Several vulnerabilities were discovered in Mailman, a web-based mailing list manager. An attacker could impersonate more privileged accounts through different vectors. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3049-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Sylvain Beucler June 09, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : mailman Version : 1:2.1.23-1+deb9u8 CVE ID : CVE-2021-43331 CVE-2021-43332 CVE-2021-44227 Debian Bug : 1000367 1001685 Several vulnerabilities were discovered in Mailman, a web-based mailing list manager. An attacker could impersonate more privileged accounts through different vectors. CVE-2021-43331 A crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. (Closes: #1000367) CVE-2021-43332 The CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack. CVE-2021-44227 A list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. For Debian 9 stretch, these problems have been fixed in version 1:2.1.23-1+deb9u8. We recommend that you upgrade your mailman packages. For the detailed security status of mailman please refer to its security tracker page at: Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The latest security patch for Debian LTS addressed multiple vulnerabilities and concerns within the vital mailing list application, Mailman.. Mailman Security, Debian LTS, Security Update, Attack Vector, User Impersonation.. Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 09, 2022 Critical Debian LTS
87

Debian: DSA-4985-1 Moderate: Wordpress XSS and User Impersonation Issues

Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform Cross-Site Scripting (XSS) attacks or impersonate other users. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4985-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Sebastien Delafond October 14, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress CVE ID : CVE-2021-39200 CVE-2021-39201 Debian Bug : 994059 994060 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform Cross-Site Scripting (XSS) attacks or impersonate other users. For the oldstable distribution (buster), these problems have been fixed in version 5.0.14+dfsg1-0+deb10u1. For the stable distribution (bullseye), these problems have been fixed in version 5.7.3+dfsg1-0+deb11u1. We recommend that you upgrade your wordpress packages. For the detailed security status of wordpress please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/wordpress Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Several security flaws in WordPress have enabled remote attackers to carry out XSS exploits or take on the identities of other users. Please update immediately.. Wordpress Security, Debian Update, XSS Attacks, Remote Exploits, User Impersonation. . LinuxSecurity.com Team

Calendar%202 Oct 14, 2021 Debian
87

Debian: DSA-4943-1 Critical: Lemonldap-ng User Impersonation Risk

Several vulnerabilities were discovered in lemonldap-ng, a Web-SSO system. The flaws could result in information disclosure, authentication bypass, or could allow an attacker to increase its authentication level or impersonate another user, especially when lemonldap-ng is configured . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4943-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso July 23, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : lemonldap-ng CVE ID : CVE-2021-35472 Several vulnerabilities were discovered in lemonldap-ng, a Web-SSO system. The flaws could result in information disclosure, authentication bypass, or could allow an attacker to increase its authentication level or impersonate another user, especially when lemonldap-ng is configured to increase authentication level for users authenticated via a second factor. For the stable distribution (buster), these problems have been fixed in version 2.0.2+ds-7+deb10u6. We recommend that you upgrade your lemonldap-ng packages. For the detailed security status of lemonldap-ng please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/lemonldap-ng Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Advisory DSA-4944-1 tackles vulnerabilities in roundcube to avert credential theft and data breaches.. lemonldap-ng update, Debian advisory, web SSO security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 23, 2021 Critical Debian
197

Debian: DLA-2707-1 Critical: SOGo Authentication Issue Affecting Users

One security issue has been discovered in sogo. SOGo does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2707-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Anton Gladky July 12, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : sogo Version : 3.2.6-2+deb9u1 CVE ID : CVE-2021-33054 One security issue has been discovered in sogo. SOGo does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. For Debian 9 stretch, this problem has been fixed in version 3.2.6-2+deb9u1. We recommend that you upgrade your sogo packages. ATTENTION! If you are using SAML authentication, use sogo-tool to immediately delete users sessions and force all users to visit the login page: sogo-tool -v expire-sessions 1 systemctl restart memcached For the detailed security status of sogo please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/sogo Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Significant vulnerability rectified in SOGo package within Debian LTS. An upgrade is advised to maintain system integrity and safeguard user information.. Debian Security,SOGo Update,User Impersonation Fix,Authentication Issue. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 12, 2021 Critical Debian LTS
87

Debian: DSA-4926-1 Critical: Lasso User Impersonation Risk Mitigated

It was discovered that lasso, a library which implements SAML 2.0 and Liberty Alliance standards, did not properly verify that all assertions in a SAML response were properly signed, allowing an attacker to impersonate users or bypass access control. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4926-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso June 03, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : lasso CVE ID : CVE-2021-28091 It was discovered that lasso, a library which implements SAML 2.0 and Liberty Alliance standards, did not properly verify that all assertions in a SAML response were properly signed, allowing an attacker to impersonate users or bypass access control. For the stable distribution (buster), this problem has been fixed in version 2.6.0-2+deb10u1. We recommend that you upgrade your lasso packages. For the detailed security status of lasso please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/lasso Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The latest Debian Security Advisory DSA-4927-1 addresses an important wpa_supplicant patch aimed at mitigating potential network access vulnerabilities.. Debian Security Update, Lasso Library, SAML Security Fix, Access Control Issues. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 03, 2021 Critical Debian
87

Debian: DSA-4660-1 Critical: Awl Session Management Threat

Andrew Bartlett discovered that awl, DAViCal Andrew's Web Libraries, did not properly handle session management: this would allow a malicious user to impersonate other sessions or users. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4660-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Sebastien Delafond April 21, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : awl CVE ID : CVE-2020-11728 CVE-2020-11729 Debian Bug : 956650 Andrew Bartlett discovered that awl, DAViCal Andrew's Web Libraries, did not properly handle session management: this would allow a malicious user to impersonate other sessions or users. For the oldstable distribution (stretch), these problems have been fixed in version 0.57-1+deb9u1. For the stable distribution (buster), these problems have been fixed in version 0.60-1+deb10u1. We recommend that you upgrade your awl packages. For the detailed security status of awl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/awl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Advisory DSA-4661-2 tackles vulnerabilities in xyz application to thwart unauthorized access.. Debian Security Advisory, awl update, session management flaw. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 21, 2020 Critical Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200