Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -7 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorySQL Injectionfedora

Fedora 42 python-django4.2 Vital SQL Injection DoS FEDORA-2026-ca3d81129a

Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI Fixes CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ca3d81129a 2026-03-01 16:57:37.779658+00:00 -------------------------------------------------------------------------------- Name : python-django4.2 Product : Fedora 42 Version : 4.2.28 Release : 1.fc42 URL : https://www.djangoproject.com/ Summary : A high-level Python Web framework Description : Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. -------------------------------------------------------------------------------- Update Information: Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI Fixes CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS Fixes CVE-2026-1285: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods Fixes CVE-2026-1287: Potential SQL injection in column aliases via control characters Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 19 2026 Michel Lind - 4.2.28-1 - Update to version 4.2.28 - Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler - Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI - FixesCVE-2026-1207: Potential SQL injection via raster lookups on PostGIS - Fixes CVE-2026-1285: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods - Fixes CVE-2026-1287: Potential SQL injection in column aliases via control characters - Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation -------------------------------------------------------------------------------- References: [ 1 ] Bug #2436703 - CVE-2026-1287 python-django4.2: Django: SQL Injection via crafted column aliases [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2436703 [ 2 ] Bug #2436705 - CVE-2026-1312 python-django4.2: Django: SQL injection via crafted column aliases in QuerySet.order_by() [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2436705 [ 3 ] Bug #2436711 - CVE-2026-1285 python-django4.2: Django: Denial of Service via crafted HTML inputs [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2436711 [ 4 ] Bug #2436720 - CVE-2025-14550 python-django4.2: Django: Denial of Service via crafted request with duplicate headers [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2436720 [ 5 ] Bug #2436722 - CVE-2026-1207 python-django4.2: Django: SQL Injection via RasterField band index parameter [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2436722 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ca3d81129a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical security patch for Python Django in Fedora 42 addresses SQL injection, DoS, and username enumeration issues. Install now!. Fedora Python Django Update Critical SQL Injection DoS. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 01, 2026 Critical Fedora
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorysecurity updatedirectory traversal

SUSE: 2024:2577-1 Important: Python-Django DoS And User Enumeration Threats

* bsc#1227590 * bsc#1227593 * bsc#1227594 * bsc#1227595 . # Security update for python-Django Announcement ID: SUSE-SU-2024:2577-1 Rating: important References: * bsc#1227590 * bsc#1227593 * bsc#1227594 * bsc#1227595 Cross-References: * CVE-2024-38875 * CVE-2024-39329 * CVE-2024-39330 * CVE-2024-39614 CVSS scores: * CVE-2024-38875 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39329 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-39330 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-39614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves four vulnerabilities can now be installed. ## Description: This update for python-Django fixes the following issues: * CVE-2024-38875: Fixed potential denial-of-service attack via certain inputs with a very large number of brackets (bsc#1227590) * CVE-2024-39329: Fixed username enumeration through timing difference for users with unusable passwords (bsc#1227593) * CVE-2024-39330: Fixed potential directory traversal in django.core.files.storage.Storage.save() (bsc#1227594) * CVE-2024-39614: Fixed potential denial-of-service through django.utils.translation.get_supported_language_variant() (bsc#1227595) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2577=1 SUSE-2024-2577=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2577=1 ## Package List: * openSUSELeap 15.6 (noarch) * python311-Django-4.2.11-150600.3.3.1 * SUSE Package Hub 15 15-SP6 (noarch) * python311-Django-4.2.11-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-38875.html * https://www.suse.com/security/cve/CVE-2024-39329.html * https://www.suse.com/security/cve/CVE-2024-39330.html * https://www.suse.com/security/cve/CVE-2024-39614.html * https://bugzilla.suse.com/show_bug.cgi?id=1227590 * https://bugzilla.suse.com/show_bug.cgi?id=1227593 * https://bugzilla.suse.com/show_bug.cgi?id=1227594 * https://bugzilla.suse.com/show_bug.cgi?id=1227595 . Significant update to Python-Django addresses multiple security issues, encompassing potential DoS attacks and user enumeration flaws.. Python-Django Update, Security Advisory, SUSE Linux News. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 22, 2024 Important SuSE
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here