Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
202
security advisorymoderateOpenSUSEopenSUSE libsodium Vulnerabilities in Cryptographic Logic 2026-0453-2
An update that solves two vulnerabilities can now be installed.. # Security update for libsodium Announcement ID: SUSE-SU-2026:0368-1 Release Date: 2026-02-03T13:41:03Z Rating: moderate References: * bsc#1255764 * bsc#1256070 Cross-References: * CVE-2025-15444 * CVE-2025-69277 CVSS scores: * CVE-2025-15444 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-15444 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-69277 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-69277 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2025-69277 ( NVD ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for libsodium fixes the following issues: * CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070). * CVE-2025-69277: Fixed incorrect validation of elliptic curve points in crypto_core_ed25519_is_valid_point function (bsc#1255764). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-368=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patchSUSE-SLE-Micro-5.3-2026-368=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-368=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-368=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-368=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-368=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-368=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-368=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-368=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libsodium23-debuginfo-1.0.18-150000.4.14.1 * libsodium23-1.0.18-150000.4.14.1 * libsodium-devel-1.0.18-150000.4.14.1 * libsodium-debugsource-1.0.18-150000.4.14.1 * openSUSE Leap 15.6 (x86_64) * libsodium23-32bit-1.0.18-150000.4.14.1 * libsodium23-32bit-debuginfo-1.0.18-150000.4.14.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libsodium23-debuginfo-1.0.18-150000.4.14.1 * libsodium23-1.0.18-150000.4.14.1 * libsodium-debugsource-1.0.18-150000.4.14.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libsodium23-debuginfo-1.0.18-150000.4.14.1 * libsodium23-1.0.18-150000.4.14.1 * libsodium-debugsource-1.0.18-150000.4.14.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libsodium23-debuginfo-1.0.18-150000.4.14.1 * libsodium23-1.0.18-150000.4.14.1 * libsodium-debugsource-1.0.18-150000.4.14.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libsodium23-debuginfo-1.0.18-150000.4.14.1 * libsodium23-1.0.18-150000.4.14.1 * libsodium-debugsource-1.0.18-150000.4.14.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libsodium23-debuginfo-1.0.18-150000.4.14.1 *libsodium23-1.0.18-150000.4.14.1 * libsodium-debugsource-1.0.18-150000.4.14.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libsodium23-debuginfo-1.0.18-150000.4.14.1 * libsodium23-1.0.18-150000.4.14.1 * libsodium-devel-1.0.18-150000.4.14.1 * libsodium-debugsource-1.0.18-150000.4.14.1 * Basesystem Module 15-SP7 (x86_64) * libsodium23-32bit-1.0.18-150000.4.14.1 * libsodium23-32bit-debuginfo-1.0.18-150000.4.14.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libsodium23-debuginfo-1.0.18-150000.4.14.1 * libsodium23-1.0.18-150000.4.14.1 * libsodium-debugsource-1.0.18-150000.4.14.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libsodium23-debuginfo-1.0.18-150000.4.14.1 * libsodium23-1.0.18-150000.4.14.1 * libsodium-debugsource-1.0.18-150000.4.14.1 ## References: * https://www.suse.com/security/cve/CVE-2025-15444.html * https://www.suse.com/security/cve/CVE-2025-69277.html * https://bugzilla.suse.com/show_bug.cgi?id=1255764 * https://bugzilla.suse.com/show_bug.cgi?id=1256070 . Install the latest openSUSE libsodium update addressing critical issues and enhance system security promptly.. Update libsodium openSUSE Security Issues. . LinuxSecurity.com Team
Feb 03, 2026
OpenSUSE
198
security advisorysecurity updatemedium severityArch Linux: 202107-60 Medium: lib32-curl Information Disclosure Issues
The package lib32-curl before version 7.78.0-1 is vulnerable to multiple issues including information disclosure and insufficient validation. . Arch Linux Security Advisory ASA-202107-60 ========================================= Severity: Medium Date : 2021-07-21 CVE-ID : CVE-2021-22924 CVE-2021-22925 Package : lib32-curl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2195 Summary ====== The package lib32-curl before version 7.78.0-1 is vulnerable to multiple issues including information disclosure and insufficient validation. Resolution ========= Upgrade to 7.78.0-1. # pacman -Syu "lib32-curl> =7.78.0-1" The problems have been fixed upstream in version 7.78.0. Workaround ========= CVE-2021-22925 can be mitigated by avoiding to use CURLOPT_TELNETOPTIONS. No known workaround exists for CVE-2021-22924. Description ========== - CVE-2021-22924 (insufficient validation) A security issue has been found in curl before version 7.78.0. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function did not take 'issuer cert' into account and it compared the involved paths case insensitively, which could lead to libcurl reusing wrong connections. File paths are, or can be, case sensitive on many systems but not all, and can even vary depending on used file systems. The comparison also didn't include the 'issuer cert' which a transfer can set to qualify how to verify the server certificate. - CVE-2021-22925 (information disclosure) A security issue has been found in curl before version 7.78.0. curl supports the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl. This rarely used option is used to send variable=content pairsto TELNET servers. Due to flaw in the option parser for sending NEW_ENV variables, libcurl before version 7.78.0 could be made to pass on uninitialized data from a stack based buffer to the server.Therefore potentially revealing sensitive internal information to the server using a clear-text network protocol. This could happen because curl did not call and use sscanf() correctly when parsing the string provided by the application. The previous curl security vulnerability CVE-2021-22898 is almost identical to this one but the fix was insufficient so this security vulnerability remained. Impact ===== libcurl could disclose potentially sensitive memory contents to a remote server when an uncommon option for TELNET servers is used. Additionally, libcurl did not sufficiently verify the 'issuer cert' when reusing connections. References ========= https://curl.se/docs/CVE-2021-22924.html https://github.com/curl/curl/commit/5ea3145850ebff1dc2b13d17440300a01ca38161 https://curl.se/docs/CVE-2021-22925.html https://github.com/curl/curl/commit/894f6ec730597eb243618d33cc84d71add8d6a8a https://security.archlinux.org/CVE-2021-22924 https://security.archlinux.org/CVE-2021-22925 . Upgrade lib32-curl on Arch Linux to fix medium-severity vulnerabilities CVE-2021-22924 and CVE-2021-22925 with this command in your terminal. lib32-curl, Arch Linux, security update, information disclosure, validation issue. . Severity: Medium. LinuxSecurity.com Team
Jul 22, 2021
•Medium
ArchLinux
198
security advisorymedium severityremote attackArch Linux: ASA-202107-15 PHP DoS and Validation Issues Medium Severity
The package php before version 8.0.8-1 is vulnerable to multiple issues including denial of service and insufficient validation. . Arch Linux Security Advisory ASA-202107-15 ========================================= Severity: Medium Date : 2021-07-06 CVE-ID : CVE-2021-21704 CVE-2021-21705 Package : php Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2132 Summary ====== The package php before version 8.0.8-1 is vulnerable to multiple issues including denial of service and insufficient validation. Resolution ========= Upgrade to 8.0.8-1. # pacman -Syu "php> =8.0.8-1" The problems have been fixed upstream in version 8.0.8. Workaround ========= None. Description ========== - CVE-2021-21704 (denial of service) Multiple bugs in the pdo_firebase module allow a malicious firebase server or man-in-the-middle attacker to crash PHP before versions 8.0.8 and 7.4.21. - CVE-2021-21705 (insufficient validation) A security issue was found in the php_url_parse_ex() function in PHP before versions 8.0.8 and 7.4.21, which leads to FILTER_VALIDATE_URL accepting URLs with invalid userinfo, a different issue from CVE-2020-7071. Impact ===== A remote user could bypass URL validation. Furthermore, a malicious firebase server or man-in-the-middle attacker could crash aPHP application. References ========= https://www.php.net/ChangeLog-8.php#8.0.8 https://www.php.net/ChangeLog-7.php#7.4.21 https://bugs.php.net/bug.php?id=76448 https://bugs.php.net/bug.php?id=76449 https://bugs.php.net/bug.php?id=76450 https://bugs.php.net/bug.php?id=76452 https://github.com/php/php-src/commit/1edd284cd56ce4c23f6fdf66050e4a722e6515c5 https://github.com/php/php-src/commit/8cb87aabba0b2e284428aabca13401d1ad54bc97 https://github.com/php/php-src/commit/921f320ec2baabd24e5ff182d9fb73092eb28676 https://github.com/php/php-src/commit/c8620a753114fac789016a4e6ae9c9b1210be10f https://github.com/php/php-src/commit/1d4c3114afe8f7dde51f917cd14dc4600a3a40f0 https://github.com/php/php-src/commit/922ea3419923c74471f01ff8c6ea30f0a07d8e19 https://github.com/php/php-src/commit/08fc2960bccd4f04031d10099c82cf8d76cfa501 https://github.com/php/php-src/commit/e92d5edeeeed809bc3a06b165e4f0a63bcabdb92 https://bugs.php.net/bug.php?id=81122 https://github.com/php/php-src/commit/5a1fe88ac120d71064bdd314dce1e49c86ff0585 https://github.com/php/php-src/commit/5cea97e083448aaa2352320612541c895178b3b5 https://security.archlinux.org/CVE-2021-21704 https://security.archlinux.org/CVE-2021-21705 . Multiple vulnerabilities have been discovered in PHP versions before 8.0.8-1 on Arch Linux, posing risks to system integrity and security.. Arch Linux Security, PHP DoS, Update Instructions, Medium Severity, Security Advisory. . Severity: Medium. LinuxSecurity.com Team
Jul 09, 2021
•Medium
ArchLinux
202
security advisorycriticalpatchopenSUSE Leap 15.2, openSUSE-SU-2021:0522-1 Critical fwupd Validation Issue
An update that solves one vulnerability and has one errata is now available. . openSUSE Security Update: Security update for fwupd ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0522-1 Rating: important References: #1172643 #1182057 Cross-References: CVE-2020-10759 CVSS scores: CVE-2020-10759 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2020-10759 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for fwupd fixes the following issues: - Update to version 1.2.14: (bsc#1182057) - Add SBAT section to EFI images (bsc#1182057) - CVE-2020-10759: Validate that gpgme_op_verify_result() returned at least one signature (bsc#1172643) This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-522=1 Package List: - openSUSE Leap 15.2 (x86_64): dfu-tool-1.2.14-lp152.3.9.1 dfu-tool-debuginfo-1.2.14-lp152.3.9.1 fwupd-1.2.14-lp152.3.9.1 fwupd-debuginfo-1.2.14-lp152.3.9.1 fwupd-debugsource-1.2.14-lp152.3.9.1 fwupd-devel-1.2.14-lp152.3.9.1 libfwupd2-1.2.14-lp152.3.9.1 libfwupd2-debuginfo-1.2.14-lp152.3.9.1 typelib-1_0-Fwupd-2_0-1.2.14-lp152.3.9.1 - openSUSE Leap 15.2 (noarch): fwupd-lang-1.2.14-lp152.3.9.1 References: https://www.suse.com/security/cve/CVE-2020-10759.html https://bugzilla.suse.com/1172643 https://bugzilla.suse.com/1182057 . The latest patch addresses a crucial vulnerability in fwupd for openSUSE Leap 15.2, enhancing both security measures and overall system stability.. openSUSE fwupd update, important update security, software validation fix, fwupd security patch. . Severity: Important. LinuxSecurity.com Team
Apr 09, 2021
•Important
OpenSUSE
87
security advisorydebianpdns-recursorDebian: DSA-4691-1 Critical Update for PDNS Recursor Security Flaws
Two vulnerabiliites have been discovered in PDNS Recursor, a resolving name server; a traffic amplification attack against third party authoritative name servers (NXNSAttack) and insufficient validation of NXDOMAIN responses lacking an SOA. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4691-1
May 21, 2020
•Critical
Debian
198
security advisorymultiple flawsaccess restrictionArch Linux: 201901-13 Medium: Powerdns-Recursor Access Issues
The package powerdns-recursor before version 4.1.9-1 is vulnerable to multiple issues including insufficient validation and access restriction bypass. . Arch Linux Security Advisory ASA-201901-13 ========================================= Severity: Medium Date : 2019-01-24 CVE-ID : CVE-2019-3806 CVE-2019-3807 Package : powerdns-recursor Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-856 Summary ====== The package powerdns-recursor before version 4.1.9-1 is vulnerable to multiple issues including insufficient validation and access restriction bypass. Resolution ========= Upgrade to 4.1.9-1. # pacman -Syu "powerdns-recursor> =4.1.9-1" The problems have been fixed upstream in version 4.1.9. Workaround ========= None. Description ========== - CVE-2019-3806 (access restriction bypass) An issue has been found in PowerDNS Recursor before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua. - CVE-2019-3807 (insufficient validation) An issue has been found in PowerDNS Recursor before 4.1.9 where records in the answer section of responses received from authoritative serverswith the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation. Impact ===== A remote attacker can bypass access restrictions by doing a TCP query or bypass DNSSEC validation for records where the AA flag was not set. References ========= https://blog.powerdns.com/2019/01/21/powerdns-recursor-4-1-9-released https://security.archlinux.org/CVE-2019-3806 https://security.archlinux.org/CVE-2019-3807 . Arch Linux Advisory addressing possible vulnerabilities within powerdns-recursor, emphasizing concerns regarding access controls and integrity checks.. Security Advisory, Arch Linux, PowerDNS, Access Restriction Issues, Validation Flaws. . Severity: Medium. LinuxSecurity.com Team
Jan 27, 2019
•Medium
ArchLinux
198
security advisorymedium severityxss issueArch Linux: 201807-1 Medium: GitLab XSS and Validation Issues
The package gitlab before version 11.0.1-1 is vulnerable to multiple issues including cross-site scripting and insufficient validation. . Arch Linux Security Advisory ASA-201807-1 ======================================== Severity: Medium Date : 2018-07-04 CVE-ID : CVE-2018-3740 CVE-2018-12606 CVE-2018-12607 Package : gitlab Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-726 Summary ====== The package gitlab before version 11.0.1-1 is vulnerable to multiple issues including cross-site scripting and insufficient validation. Resolution ========= Upgrade to 11.0.1-1. # pacman -Syu "gitlab> =11.0.1-1" The problems have been fixed upstream in version 11.0.1. Workaround ========= None. Description ========== - CVE-2018-3740 (insufficient validation) A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. - CVE-2018-12606 (cross-site scripting) The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature. - CVE-2018-12607 (cross-site scripting) The charts feature contained a persistent XSS issue due to a lack of output encoding. Impact ===== An attacker is able to use a GitLab server to execute malicious Javascript code on its users via a crafted HTML chart or specific markdown features. References ========= https://security.archlinux.org/CVE-2018-3740 https://security.archlinux.org/CVE-2018-12606 https://security.archlinux.org/CVE-2018-12607 . To enhance security, upgrade GitLab on Arch Linux to version 11.0.1-1, tackling various moderate severity concerns linked to cross-site scripting (XSS) vulnerabilities.. GitLab Security Issues, Arch Linux Upgrade, XSS Exploit Fixes. . Severity: Medium. LinuxSecurity.com Team
Jul 04, 2018
•Medium
ArchLinux
91
security advisorygentoocommand executionGentoo: GLSA 200508-09 High: Bluetooth Device Name Execution Risk
Improper validation of Bluetooth device names can lead to arbitrary command execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200508-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: bluez-utils: Bluetooth device name validation vulnerability Date: August 17, 2005 Bugs: #101557 ID: 200508-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Improper validation of Bluetooth device names can lead to arbitrary command execution. Background ========= bluez-utils are the utilities for use with the BlueZ implementation of the Bluetooth wireless standards for Linux. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-wireless/bluez-utils < 2.19 > = 2.19 Description ========== The name of a Bluetooth device is improperly validated by the hcid utility when a remote device attempts to pair itself with a computer. Impact ===== An attacker could create a malicious device name on a Bluetooth device resulting in arbitrary commands being executed as root upon attempting to pair the device with the computer. Workaround ========= There are no known workarounds at this time. Resolution ========= All bluez-utils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-wireless/bluez-utils-2.19" References ========= [ 1 ] CAN-2005-2547 https://www.cve.org/CVERecord?id=CAN-2005-2547 [ 2 ] bluez-utils ChangeLog https://sourceforge.net/projects/bluez/;view=markup Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200508-09 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Aug 17, 2005
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!