Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H800
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 21 articles for you...
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticaldebian

Debian: Rails Severe Command Manipulation DSA-6090-2 CVE-2025-24294

Multiple security issues were discovered in the Rails web framework which could result in command injection or logging of unescaped ANSI sequences. For the oldstable distribution (bookworm), these problems have been fixed in version 2:6.1.7.10+dfsg-1~deb12u2.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6090-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff December 21, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rails CVE ID : CVE-2025-24293 CVE-2025-55193 Multiple security issues were discovered in the Rails web framework which could result in command injection or logging of unescaped ANSI sequences. For the oldstable distribution (bookworm), these problems have been fixed in version 2:6.1.7.10+dfsg-1~deb12u2. For the stable distribution (trixie), these problems have been fixed in version 2:7.2.2.2+dfsg-2~deb13u1. We recommend that you upgrade your rails packages. For the detailed security status of rails please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/rails Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Security advisory for the Rails web framework highlights critical command injection issues and updates for Debian distributions. Upgrade now!. Rails Web Framework, Debian Security, Command Injection, Security Issues, Version Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Dec 21, 2025 Critical Debian
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorymoderateruby

openSUSE: Advisory 2025:15587-1 for ruby3.4-rubygem-rack CVE-2025-59830

An update that solves one vulnerability can now be installed.. # ruby3.4-rubygem-rack-2.2-2.2.18-1.1 on GA media Announcement ID: openSUSE-SU-2025:15587-1 Rating: moderate Cross-References: * CVE-2025-59830 CVSS scores: * CVE-2025-59830 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the ruby3.4-rubygem-rack-2.2-2.2.18-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * ruby3.4-rubygem-rack-2.2 2.2.18-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59830.html . An update for ruby3.4-rubygem-rack on openSUSE addresses a moderate severity issue and enhances system security.. openSUSE security update,ruby3.4,rubygem,rack,security advisory. . LinuxSecurity.com Team

Calendar 2 Sep 30, 2025 OpenSUSE
Banner 1 1028x280 1708121660 1771599717
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisoryDebianSQL injection

Debian 11: DLA-4189-1 critical: web.py SQL injection issue

PostgreSQL SQL injection has been fixed in web.py, a Web framework for Python applications. For Debian 11 bullseye, this problem has been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4189-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Adrian Bunk May 29, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : webpy Version : 1:0.61-1+deb11u1 CVE ID : CVE-2025-3818 Debian Bug : 1103780 PostgreSQL SQL injection has been fixed in web.py, a Web framework for Python applications. For Debian 11 bullseye, this problem has been fixed in version 1:0.61-1+deb11u1. We recommend that you upgrade your webpy packages. For the detailed security status of webpy please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/webpy Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian 11's Web.py patch tackles critical PostgreSQL SQL injection risk. Update immediately for improved protection.. Debian Security, web框架, SQL注入解决方案, 更新建议. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 29, 2025 Critical Debian LTS
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoraweb framework

Fedora 41: perl-Mojolicious 9.39 critical: HMAC secret issue

Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. Mojolicious 9.39 added EXPERIMENTAL support for encrypted session cookies. This feature is much more secure than signed cookies and can be enabled by installing CryptX and setting the encrypted attribute.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c38fd06bec 2025-05-21 02:04:40.357842+00:00 -------------------------------------------------------------------------------- Name : perl-Mojolicious Product : Fedora 41 Version : 9.39 Release : 1.fc41 URL : https://metacpan.org/dist/Mojolicious Summary : A next generation web framework for Perl Description : Back in the early days of the web there was this wonderful Perl library called CGI, many people only learned Perl because of it. It was simple enough to get started without knowing much about the language and powerful enough to keep you going, learning by doing was much fun. While most of the techniques used are outdated now, the idea behind it is not. Mojolicious is a new attempt at implementing this idea using state of the art technology. -------------------------------------------------------------------------------- Update Information: Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. Mojolicious 9.39 added EXPERIMENTAL support for encrypted session cookies. This feature is much more secure than signed cookies and can be enabled by installing CryptX and setting the encrypted attribute. -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 24 2024 Emmanuel Seyman - 9.39-1 - Update to 9.39 * Sun Sep 1 2024 Emmanuel Seyman - 9.38-1 - Update to9.38 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2364057 - CVE-2024-58134 perl-Mojolicious: Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2364057 [ 2 ] Bug #2364058 - CVE-2024-58134 perl-Mojolicious: Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2364058 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c38fd06bec' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . Mojolicious editions ranging from 0.999922 to 9.39 in Perl contain a built-in session key, with a fix accessible.. perl, Mojolicious, security advisory, session cookies. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 21, 2025 Critical Fedora
Banner 1 1028x280 1708121660 1771599717
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorysecurity updateXSS

Debian 11: DLA-4124-1 critical: bootstrap3 XSS vulnerabilities

Bootstrap (formerly Twitter Bootstrap), a free and open-source CSS framework, was affected by XSS vulnerabilities. If you use bootstrap through a module bundler, you may need to rebuild your . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4124-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Bastien Roucariès April 13, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : twitter-bootstrap3 Version : 3.4.1+dfsg-2+deb11u1 CVE ID : CVE-2024-6484 CVE-2024-6485 Debian Bug : 1084060 Bootstrap (formerly Twitter Bootstrap), a free and open-source CSS framework, was affected by XSS vulnerabilities. If you use bootstrap through a module bundler, you may need to rebuild your application. For Debian 11 bullseye, these problems have been fixed in version 3.4.1+dfsg-2+deb11u1. We recommend that you upgrade your twitter-bootstrap3 packages. For the detailed security status of twitter-bootstrap3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/twitter-bootstrap3 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Enhance your Debian bootstrap3 libraries to resolve severe XSS vulnerabilities and maintain the integrity of web applications.. Debian LTS, Bootstrap Framework, XSS Issues. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 13, 2025 Critical Debian LTS
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydebianweb framework

Debian LTS: DLA-4007-1 python-tornado critical redirect issue

Tornado is a scalable, non-blocking Python web framework and asynchronous networking library. CVE-2023-28370 . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4007-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Daniel Leidert January 01, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : python-tornado Version : 6.1.0-1+deb11u1 CVE ID : CVE-2023-28370 CVE-2024-52804 Debian Bug : 1036875 1088112 Tornado is a scalable, non-blocking Python web framework and asynchronous networking library. CVE-2023-28370 An open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having the user access a specially crafted URL. CVE-2024-52804 The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. For Debian 11 bullseye, these problems have been fixed in version 6.1.0-1+deb11u1. We recommend that you upgrade your python-tornado packages. For the detailed security status of python-tornado please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/python-tornado Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-4008-2 releases updates for python-flask that mitigate potential security issues and weaknesses in the application.. python tornado security, debian updates, webframework vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 01, 2025 Critical Debian LTS
Banner 1 1028x280 1708121660 1771599717
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoramoderate severity

Fedora 37: 2023-e72bf7b92e Moderate: rust-axum Web Framework Update

- Update the axum crate to version 0.6.20. - Update the tokio-tungstenite crate to version 0.20.1. - Update the tungstenite crate to version 0.20.1. - Port warp from tungstenite v0.18 to v0.20. Version 0.20.1 of the tungstenite crate includes a fix for CVE-2023-43669. No dependent applications need to be rebuilt since none of them use the WebSocket functionality of axum or warp.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-e72bf7b92e 2023-10-03 00:43:11.265398 -------------------------------------------------------------------------------- Name : rust-axum Product : Fedora 37 Version : 0.6.20 Release : 1.fc37 URL : Summary : Web framework that focuses on ergonomics and modularity Description : Web framework that focuses on ergonomics and modularity. -------------------------------------------------------------------------------- Update Information: - Update the axum crate to version 0.6.20. - Update the tokio-tungstenite crate to version 0.20.1. - Update the tungstenite crate to version 0.20.1. - Port warp from tungstenite v0.18 to v0.20. Version 0.20.1 of the tungstenite crate includes a fix for CVE-2023-43669. No dependent applications need to be rebuilt since none of them use the WebSocket functionality of axum or warp. -------------------------------------------------------------------------------- ChangeLog: * Sun Sep 24 2023 Fabio Valentini - 0.6.20-1 - Update to version 0.6.20; Fixes RHBZ#2230184 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-e72bf7b92e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . The recent Fedora release featuring the rust-axum package resolves CVE-2023-43669, alongside enhancements to various dependencies.. Fedora Update,rust-axum,cve fix,web framework,dependency updates. . LinuxSecurity.com Team

Calendar 2 Oct 03, 2023 Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedorasoftware upgrade

Fedora 39: 2023-91a66898d2 Moderate: rust-axum Software Update

- Update the axum crate to version 0.6.20. - Update the tokio-tungstenite crate to version 0.20.1. - Update the tungstenite crate to version 0.20.1. - Port warp from tungstenite v0.18 to v0.20. Version 0.20.1 of the tungstenite crate includes a fix for CVE-2023-43669. No dependent applications need to be rebuilt since none of them use the WebSocket functionality of axum or warp.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-91a66898d2 2023-09-29 00:18:30.090040 -------------------------------------------------------------------------------- Name : rust-axum Product : Fedora 39 Version : 0.6.20 Release : 1.fc39 URL : Summary : Web framework that focuses on ergonomics and modularity Description : Web framework that focuses on ergonomics and modularity. -------------------------------------------------------------------------------- Update Information: - Update the axum crate to version 0.6.20. - Update the tokio-tungstenite crate to version 0.20.1. - Update the tungstenite crate to version 0.20.1. - Port warp from tungstenite v0.18 to v0.20. Version 0.20.1 of the tungstenite crate includes a fix for CVE-2023-43669. No dependent applications need to be rebuilt since none of them use the WebSocket functionality of axum or warp. -------------------------------------------------------------------------------- ChangeLog: * Sun Sep 24 2023 Fabio Valentini - 0.6.20-1 - Update to version 0.6.20; Fixes RHBZ#2230184 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-91a66898d2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Fedora Patch for rust-axum: Upgrade packages and address security vulnerabilities promptly to enhance system stability and safety. rust-axum, crate upgrade, software enhancement. . LinuxSecurity.com Team

Calendar 2 Sep 29, 2023 Fedora
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here