Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -3 articles for you...
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorydenial of serviceUbuntu

Ubuntu 24.10: USN-7115-1 critical: waitress denial of service

Several security issues were fixed in Waitress.. ========================================================================== Ubuntu Security Notice USN-7115-1 November 19, 2024 Waitress vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Waitress. Software Description: - waitress: production-quality pure-Python WSGI server Details: It was discovered that Waitress could process follow up requests when receiving a specially crafted message. An attacker could use this issue to have the server process inconsistent client requests. (CVE-2024-49768) Dylan Jay discovered that Waitress could be lead to write to an unexisting socket after closing the remote connection. An attacker could use this issue to increase resource utilization leading to a denial of service. (CVE-2024-49769) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 python3-waitress 3.0.0-1ubuntu0.1 Ubuntu 24.04 LTS python3-waitress 2.1.2-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS python3-waitress 1.4.4-1.1ubuntu1.1 Ubuntu 20.04 LTS python3-waitress 1.4.1-1ubuntu0.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7115-1 CVE-2024-49768, CVE-2024-49769 Package Information: https://launchpad.net/ubuntu/+source/waitress/1.4.4-1.1ubuntu1.1 . Keep abreast of Ubuntu Security Notice USN-7115-2 addressing issues related to Waitress vulnerabilities impacting severalversions.. waitress security, Ubuntu updates, service threats. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 19, 2024 Critical Ubuntu
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisoryDebianDoS

Debian 11: DLA-3955-1 moderate: fix for waitress DoS vulnerability

DoS due to resource exhaustion has been fixed in waitress, a Python Web Server Gateway Interface. For Debian 11 bullseye, this problem has been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3955-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Adrian Bunk November 16, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : waitress Version : 1.4.4-1.1+deb11u2 CVE ID : CVE-2024-49769 Debian Bug : 1086468 DoS due to resource exhaustion has been fixed in waitress, a Python Web Server Gateway Interface. For Debian 11 bullseye, this problem has been fixed in version 1.4.4-1.1+deb11u2. We recommend that you upgrade your waitress packages. For the detailed security status of waitress please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/waitress Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-3956-1 resolves security vulnerabilities in flask. Users are urged to update their Debian installations.. Debian LTS, waitress security, DoS fix, package upgrade, security advisory. . LinuxSecurity.com Team

Calendar 2 Nov 16, 2024 Debian LTS
Banner 2 1028x280 1708121730 1 1771599631
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryupdatecritical

Debian: DSA-5138-1 Critical: Waitress Request Smuggling Patch

It was discovered that the Waitress WSGI server was susceptible to HTTP request smuggling in some scenarios when used behind a proxy. For the oldstable distribution (buster), this problem has been fixed . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5138-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff May 17, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : waitress CVE ID : CVE-2022-24761 Debian Bug : 1008013 It was discovered that the Waitress WSGI server was susceptible to HTTP request smuggling in some scenarios when used behind a proxy. For the oldstable distribution (buster), this problem has been fixed in version 1.2.0~b2-2+deb10u1. For the stable distribution (bullseye), this problem has been fixed in version 1.4.4-1.1+deb11u1. We recommend that you upgrade your waitress packages. For the detailed security status of waitress please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/waitress Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Urgent Debian notice DSA-5139-2 for waiter; resolution for HTTP smuggling vulnerability in legacy and current versions.. Waitress Security Update, Debian Advisory, HTTP Risks. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 17, 2022 Critical Debian
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycriticaldebian

Debian 9 Stretch DLA-3000-1 Critical: Waitress Request Smuggling Issue

Waitress is a Python WSGI server, an application server for Python web apps. Security updates to fix request smuggling bugs, when combined with another http proxy that interprets requests differently. This can lead to a potential for . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3000-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Stefano Rivera May 12, 2022 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : waitress Version : 1.0.1-1+deb9u1 CVE ID : CVE-2019-16785 CVE-2019-16786 CVE-2019-16789 CVE-2019-16792 CVE-2022-24761 Debian Bug : 1008013 Waitress is a Python WSGI server, an application server for Python web apps. Security updates to fix request smuggling bugs, when combined with another http proxy that interprets requests differently. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This can result in cache poisoning or unexpected information disclosure. CVE-2019-16785 Only recognise CRLF as a line-terminator, not a plain LF. Before this change waitress could see two requests where the front-end proxy only saw one. CVE-2019-16786 Waitress would parse the Transfer-Encoding header and only look for a single string value, if that value was not "chunked" it would fall through and use the Content-Length header instead. This could allow for Waitress to treat a single request as multiple requests in the case of HTTP pipelining. CVE-2019-16789 Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header isconsidered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or unexpected information disclosure. CVE-2019-16792 If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. CVE-2022-24761 There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: 1. The use of Python's int() to parse strings into integers, leading to +10 to be parsed as 10, or 0x01 to be parsed as 1, where as the standard specifies that the string should contain only digits or hex digits. 2. Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. For Debian 9 stretch, these problems have been fixed in version 1.0.1-1+deb9u1. We recommend that you upgrade your waitress packages. For the detailed security status of waitress please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/waitress Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS has rolled out patches for Gunicorn addressing potential request smuggling flaws. It is advised to update for enhanced security measures.. Python Application Server, Waitress Security, Debian Bugs. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 12, 2022 Critical Debian LTS
Banner 2 1028x280 1708121730 1 1771599631
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisoryinformation leakcritical

Ubuntu 21.10 & 20.04 LTS USN-5364-1 Critical Waitress Information Leak

waitress could be made to expose sensitive information if it received a specially crafted request.. =========================================================================Ubuntu Security Notice USN-5364-1 April 05, 2022 waitress vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS Summary: waitress could be made to expose sensitive information if it received a specially crafted request. Software Description: - waitress: production-quality pure-Python WSGI server (documentation) Details: It was discovered that Waitress incorrectly handled certain requests. An attacker could possibly use this issue to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: python3-waitress 1.4.4-1.1ubuntu0.1 Ubuntu 20.04 LTS: python3-waitress 1.4.1-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5364-1 CVE-2022-24761 Package Information: https://launchpad.net/ubuntu/+source/waitress/1.4.4-1.1ubuntu0.1 https://launchpad.net/ubuntu/+source/waitress/1.4.1-1ubuntu0.1 . Fedora Security Advisory FSA-1234-2 discusses the server vulnerability resulting in potential data leaks.. Waitress Security, Ubuntu Update, Information Exposure. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 05, 2022 Critical Ubuntu
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorysecurity issueDebian

Debian: DLA-2056-1 Critical: Waitress HTTP Request Smuggling Issue

It was discovered that there was a HTTP request smuggling vulnerability in waitress, pure-Python WSGI server. If a proxy server is used in front of waitress, an invalid request . Package : waitress Version : 0.8.9-2+deb8u1 Debian Bug : #765126 It was discovered that there was a HTTP request smuggling vulnerability in waitress, pure-Python WSGI server. If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for request smuggling. Specially crafted requests containing special whitespace charactersin the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or information disclosure. For Debian 8 "Jessie", this issue has been fixed in waitress version 0.8.9-2+deb8u1. We recommend that you upgrade your waitress packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Regards, - -- ,'`. : :' : Chris Lamb `. `'` This email address is being protected from spambots. You need JavaScript enabled to view it. / chris-lamb.co.uk `- . The express package received an update to fix a vulnerability linked to cross-site scripting for Ubuntu 20.. waitress Security, Debian 8 Update, HTTP Request Smuggling, Debian LTS Advisory, Request Handling. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 01, 2020 Critical Debian LTS
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here