Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -1 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraupdate

Fedora 42 nginx-mod-naxsi Critical Update for CVE-2026-42926 and Others

nginx-mod-vts: Rebuild for 1.30.1 nginx-mod-fancyindex: Rebuild for 1.30.1 nginx-mod-naxsi:. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-38623b4fed 2026-05-15 22:44:59.632855+00:00 -------------------------------------------------------------------------------- Name : nginx-mod-naxsi Product : Fedora 42 Version : 1.6 Release : 17.fc42 URL : https://github.com/wargio/naxsi Summary : nginx web application firewall module Description : naxsi is an nginx module that provides score based Web Application Firewall (WAF) abilities in a highly granular fashion. -------------------------------------------------------------------------------- Update Information: nginx-mod-vts: Rebuild for 1.30.1 nginx-mod-fancyindex: Rebuild for 1.30.1 nginx-mod-naxsi: Rebuild for 1.30.1 nginx-mod-headers-more: Rebuild for 1.30.1 nginx-mod-brotli: Rebuild for 1.30.1 nginx-mod-modsecurity: Rebuild for 1.30.1 nginx: update to 1.30.1 fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934, CVE-2026-40460 and CVE-2026-40701 -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2026 Felix Kaechele - 1.6-17 - Rebuild for 1.30.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2477413 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-38623b4fed' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPGkeys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . nginx-mod-naxsi security update for Fedora addresses critical issues with new 1.30.1 release. Learn more about the fixes implemented.. nginx-mod-naxsi security update Fedora critical fixes WAF. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 15, 2026 Critical Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraarbitrary code execution

Fedora 43 nginx-mod-naxsi 1.30.1 Critical Updates CVE-2026-42926 & Others

nginx-mod-brotli: Rebuild for 1.30.1 nginx-mod-vts: Rebuild for 1.30.1 nginx-mod-modsecurity:. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-fb53cb4d67 2026-05-15 21:09:28.748523+00:00 -------------------------------------------------------------------------------- Name : nginx-mod-naxsi Product : Fedora 43 Version : 1.6 Release : 17.fc43 URL : https://github.com/wargio/naxsi Summary : nginx web application firewall module Description : naxsi is an nginx module that provides score based Web Application Firewall (WAF) abilities in a highly granular fashion. -------------------------------------------------------------------------------- Update Information: nginx-mod-brotli: Rebuild for 1.30.1 nginx-mod-vts: Rebuild for 1.30.1 nginx-mod-modsecurity: Rebuild for 1.30.1 nginx-mod-fancyindex: Rebuild for 1.30.1 nginx-mod-headers-more: Rebuild for 1.30.1 nginx-mod-naxsi: Rebuild for 1.30.1 nginx: update to 1.30.1 fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934, CVE-2026-40460 and CVE-2026-40701 -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2026 Felix Kaechele - 1.6-17 - Rebuild for 1.30.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2477413 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-fb53cb4d67' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details onthe GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . This advisory addresses updates to the nginx-mod-naxsi module in Fedora 43 and critical security flaws fixed in version 1.30.1.. Fedora nginx-mod-naxsi security update 2026 update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 15, 2026 Critical Fedora
Banner 4 1028x280 1708121825 1771600306
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorymoderatedebian

Debian 11 modsecurity-crs Moderate Content-Type Attack Bypass DLA-4488-1

Multiple issues have been fixed in modsecurity-crs, a set of generic attack detection rules for use with ModSecurity. CVE-2023-38199 Coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4488-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Tobias Frost February 22, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : modsecurity-crs Version : 3.3.4-1~deb11u2 CVE ID : CVE-2023-38199 CVE-2026-21876 Debian Bug : 1041109 1125084 Multiple issues have been fixed in modsecurity-crs, a set of generic attack detection rules for use with ModSecurity. CVE-2023-38199 Coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the web application relies on only the last Content-Type header. Other platforms may reject the additional Content-Type header or merge conflicting headers, leading to detection as a malformed header. CVE-2026-21876 The current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a collection (like `MULTIPART_PART_HEADERS`), the capture variables (`TX:0`, `TX:1`) get overwritten with each iteration. Only the last captured value is available to the chained rule, which means malicious charsets in earlier parts can be missed if a later part has a legitimate charset. For Debian 11 bullseye, these problems have been fixed in version 3.3.4-1~deb11u2. We recommend that you upgradeyour modsecurity-crs packages. For the detailed security status of modsecurity-crs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/modsecurity-crs Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Security issues fixed in ModSecurity's attack detection rules affecting multiple Content-Type headers.. modsecurity-crs attack detection Debian 11 security rules. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Feb 22, 2026 Important Debian LTS
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoracritical

Fedora 41: FEDORA-2025-66ebd291f8 Critical: nginx TLS Session Bypass

Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-66ebd291f8 2025-02-15 02:35:33.711202+00:00 -------------------------------------------------------------------------------- Name : nginx-mod-naxsi Product : Fedora 41 Version : 1.6 Release : 9.fc41 URL : https://github.com/wargio/naxsi Summary : nginx web application firewall module Description : naxsi is an nginx module that provides score based Web Application Firewall (WAF) abilities in a highly granular fashion. -------------------------------------------------------------------------------- Update Information: Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module. Thanks to Nils Bars. *) Workaround: "gzip filter failed to use preallocated memory" alerts appeared in logs when using zlib-ng. *) Bugfix: nginx could not build libatomic library using the library sources if the --with-libatomic=DIR option was used. *) Bugfix: nginx now ignores QUIC version negotiation packets from clients. *) Bugfix: nginx could not be built on Solaris 10 and earlier with the ngx_http_v3_module. *) Bugfixes in HTTP/3. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 6 2025 Felix Kaechele - 1.6-9 - Rebuild for nginx 1.26.3 * Fri Jan 17 2025 Fedora Release Engineering - 1.6-8 - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Mon Aug 26 2024 Felix Kaechele - 1.6-7 - Rebuild for nginx 1.26.2... again. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2277663 - please switch to using systemd-sysusers to create the nginx user https://bugzilla.redhat.com/show_bug.cgi?id=2277663 [ 2 ] Bug #2344198 - CVE-2025-23419 nginx: TLS Session Resumption Vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2344198 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-66ebd291f8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . The latest security advisory for Fedora 41 regarding Nginx fixes significant vulnerabilities related to the management of TLS connections. Comprehensive information is provided.. Fedora 41 Security, Nginx Updates, Web Application Firewall, TLS Issues, Nginx Mod Naxsi. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 15, 2025 Critical Fedora
Banner 4 1028x280 1708121825 1771600306
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryupdatecritical

Fedora 40: 2025-016ed44ddc critical: nginx TLS session bypass

Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-016ed44ddc 2025-02-15 02:22:06.812098+00:00 -------------------------------------------------------------------------------- Name : nginx-mod-naxsi Product : Fedora 40 Version : 1.6 Release : 9.fc40 URL : https://github.com/wargio/naxsi Summary : nginx web application firewall module Description : naxsi is an nginx module that provides score based Web Application Firewall (WAF) abilities in a highly granular fashion. -------------------------------------------------------------------------------- Update Information: Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module. Thanks to Nils Bars. *) Workaround: "gzip filter failed to use preallocated memory" alerts appeared in logs when using zlib-ng. *) Bugfix: nginx could not build libatomic library using the library sources if the --with-libatomic=DIR option was used. *) Bugfix: nginx now ignores QUIC version negotiation packets from clients. *) Bugfix: nginx could not be built on Solaris 10 and earlier with the ngx_http_v3_module. *) Bugfixes in HTTP/3. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 6 2025 Felix Kaechele - 1.6-9 - Rebuild for nginx 1.26.3 * Fri Jan 17 2025 Fedora Release Engineering - 1.6-8 - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Mon Aug 26 2024 Felix Kaechele - 1.6-7 - Rebuild for nginx 1.26.2... again. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2277663 - please switch to using systemd-sysusers to create the nginx user https://bugzilla.redhat.com/show_bug.cgi?id=2277663 [ 2 ] Bug #2344197 - CVE-2025-23419 nginx: TLS Session Resumption Vulnerability [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2344197 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-016ed44ddc' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . An upgrade for Fedora 40 resolves a vulnerability in TLS session resumption, bolstering the security of nginx-based web application firewalls.. nginx vulnerability,Fedora security advisory,web application firewall,TLS session issues,nginx update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 15, 2025 Critical Fedora
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentoolow severity

Gentoo: GLSA 202305-25 Low Severity: OWASP ModSecurity Issues

Multiple vulnerabilities have been discovered in ModSecurity Core Rule Set, the worst of which could result in bypassing the WAF.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202305-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities Date: May 21, 2023 Bugs: #822003, #872077 ID: 202305-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in ModSecurity Core Rule Set, the worst of which could result in bypassing the WAF. Background ========= Modsecurity Core Rule Set is the OWASP ModSecurity Core Rule Set. Affected packages ================ Package Vulnerable Unaffected -------------------------- ------------ ------------ www-apache/modsecurity-crs < 3.3.4 > = 3.3.4 Description ========== Multiple vulnerabilities have been discovered in OWASP ModSecurity Core Rule Set. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All OWASP ModSecurity Core Rule Set users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apache/modsecurity-crs-3.3.4" References ========= [ 1 ] CVE-2021-35368 https://nvd.nist.gov/vuln/detail/CVE-2021-35368 [ 2 ] CVE-2022-39955 https://nvd.nist.gov/vuln/detail/CVE-2022-39955 [ 3 ] CVE-2022-39956 https://nvd.nist.gov/vuln/detail/CVE-2022-39956 [ 4 ] CVE-2022-39957 https://nvd.nist.gov/vuln/detail/CVE-2022-39957 [ 5 ] CVE-2022-39958 https://nvd.nist.gov/vuln/detail/CVE-2022-39958 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202305-25 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . The Gentoo Linux Security Advisory GLSA 202305-25 has been released, tackling critical flaws in ModSecurity, an essential web application firewall for HTTP traffic security. ModSecurity Issues,Gentoo Security Update,OWASP Core Rule Set,Web App Protection. . Severity: Low. LinuxSecurity.com Team

Calendar 2 May 21, 2023 Low Gentoo
Banner 4 1028x280 1708121825 1771600306
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydebianapache

Debian 10: DLA-3283-1 Moderate: Modsecurity-Apache Security Fix

Multiple issues were found in modsecurity-apache, open source, cross platform web application firewall (WAF) engine for Apache which allows remote attackers to bypass the applications firewall and other unspecified impact. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3283-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Tobias Frost January 26, 2023 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : modsecurity-apache Version : 2.9.3-1+deb10u2 CVE ID : CVE-2022-48279 CVE-2023-24021 Debian Bug : 1029329 Multiple issues were found in modsecurity-apache, open source, cross platform web application firewall (WAF) engine for Apache which allows remote attackers to bypass the applications firewall and other unspecified impact. CVE-2022-48279 In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity(C language) codebase. CVE-2023-24021 Incorrect handling of null-bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer iverflows on the Web Application Firewall when executing rules reading the FILES_TMP_CONTENT collection. For Debian 10 buster, these problems have been fixed in version 2.9.3-1+deb10u2. We recommend that you upgrade your modsecurity-apache packages. For the detailed security status of modsecurity-apache please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/modsecurity-apache Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice USN-4963-1 provides solutions for various vulnerabilities in the APT package manager to strengthen system package management safety.. Debian Security Updates, ModSecurity Apache Patch, Firewall Management. . LinuxSecurity.com Team

Calendar 2 Jan 26, 2023 Debian LTS
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoracritical

Fedora Core 6 Critical: FEDORA-2007-514 Tomcat Cache Poisoning

Several security issues were reported to be fixed in releases prior to tomcat5.5.23 Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. . ---------------------------------------------------------------------Fedora Update Notification FEDORA-2007-514 2007-05-21 ---------------------------------------------------------------------Product : Fedora Core 6 Name : jakarta-commons-modeler Version : 1.1 Release : 8jpp.2.fc6 Summary : Jakarta Commons Modeler Package Description : The Modeler project shall create and maintain a set of Java classes to provide the facilities described in the preceeding section, plus unit tests and small examples of using these facilities to instrument Java classes with Model MBean support. ---------------------------------------------------------------------Update Information: Several security issues were reported to be fixed in releases prior to 5.5.23 (https://tomcat.apache.org/security-5.html) Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. (CVE-2005-2090) Tomcat permitted various characters as path delimiters. If Tomcat was used behind certain proxies and configured to only proxy some contexts, an attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content. (CVE-2007-0450) The implict-objects.jsp file distributed in the examples webapp displayed a number of unfiltered header values. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks. (CVE-2006-7195) Users should upgrade to these erratum packages which contain an update to Tomcat that resolves these issues.Updated jakarta-commons-modeler packages are also included which correct a bug when used with Tomcat 5.5.23. ---------------------------------------------------------------------* Sun Apr 29 2007 Vivek Lakshmanan - 0:1.1-8jpp.2 - Add patch to fix jira task: MODELER-15 to allow tomcat5 5.5.23 to build against j-c-modeler - Resolves: bug 237704 ---------------------------------------------------------------------This update can be downloaded from: dad1218b669850e79dbd5d467c95ed95301b8d34 SRPMS/jakarta-commons-modeler-1.1-8jpp.2.fc6.src.rpm dad1218b669850e79dbd5d467c95ed95301b8d34 noarch/jakarta-commons-modeler-1.1-8jpp.2.fc6.src.rpm 8dd80a01e127b5d40d732ce2e75c5c04e2000421 ppc/jakarta-commons-modeler-javadoc-1.1-8jpp.2.fc6.ppc.rpm dd1ab4ed4a18518210a3609441d3c337a2dd5a69 ppc/debug/jakarta-commons-modeler-debuginfo-1.1-8jpp.2.fc6.ppc.rpm 7f4b54c6922fb76248bafd205e14119183ea99df ppc/jakarta-commons-modeler-1.1-8jpp.2.fc6.ppc.rpm 2a629ca2249b3012627ce9cea4ef89eee957f82a x86_64/jakarta-commons-modeler-javadoc-1.1-8jpp.2.fc6.x86_64.rpm c397048d0562227811fb735b49acb0bda2c68511 x86_64/debug/jakarta-commons-modeler-debuginfo-1.1-8jpp.2.fc6.x86_64.rpm 2aa455ba7eb7d52799a3c0d93dab468cefa96c9e x86_64/jakarta-commons-modeler-1.1-8jpp.2.fc6.x86_64.rpm ba5a53f53d214e199394ea50cdf2306b049e9085 i386/debug/jakarta-commons-modeler-debuginfo-1.1-8jpp.2.fc6.i386.rpm 501ec172627d91dbcabb7134d3b5b3c10f256e06 i386/jakarta-commons-modeler-javadoc-1.1-8jpp.2.fc6.i386.rpm faee0b25204c51e08dd19930cf2c81880ce9bc23 i386/jakarta-commons-modeler-1.1-8jpp.2.fc6.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . ---------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailinglist This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Essential patches for security vulnerabilities within Jakarta Commons Modeler in Fedora Core 6, addressing risks related to Tomcat exposure.. Fedora Core 6, Jakarta Commons Modeler, Tomcat, Web Security, Application Firewall. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 21, 2007 Critical Fedora
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here