Explore top 10 tips to secure your open-source projects now. Read More
×Too many changes to list. See: https://github.com/domoticz/domoticz/blob/2026.1/History.txt This also fixes a security vulnerability.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-627f2db2b7 2026-04-04 01:02:26.879212+00:00 -------------------------------------------------------------------------------- Name : domoticz Product : Fedora 42 Version : 2026.1 Release : 1.fc42 URL : http://www.domoticz.com Summary : Open source Home Automation System Description : Domoticz is a Home Automation System that lets you monitor and configure various devices like: Lights, Switches, various sensors/meters like Temperature, Rain, Wind, UV, Electra, Gas, Water and much more. Notifications/Alerts can be sent to any mobile device -------------------------------------------------------------------------------- Update Information: Too many changes to list. See: https://github.com/domoticz/domoticz/blob/2026.1/History.txt This also fixes a security vulnerability. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 25 2026 Michael Cronenworth - 2026.1-1 - New stable release * Sun Mar 22 2026 Bjrn Esser - 2025.2-6 - Rebuild (jsoncpp) * Fri Feb 27 2026 Tom Callaway - 2025.2-5 - rebuild for lua 5.5 * Fri Jan 16 2026 Fedora Release Engineering - 2025.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering - 2025.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Wed Jan 14 2026 Michael Cronenworth - 2025.2-2 - Rebuilt for Boost 1.90 * Thu Jan 8 2026 Michael Cronenworth - 2025.2-1 - New stable release * Fri Sep 19 2025 Python Maint - 2025.1-4 - Rebuilt for Python 3.14.0rc3 bytecode * Fri Aug 15 2025 Python Maint - 2025.1-3 - Rebuilt for Python 3.14.0rc2 bytecode * Wed Jul 23 2025 Fedora Release Engineering - 2025.1-2 - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2451138 - domoticz-2026.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451138 [ 2 ] Bug #2451506 - CVE-2026-1001 domoticz: Domoticz: Arbitrary script execution via stored cross-site scripting in web interface [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2451506 [ 3 ] Bug #2451508 - CVE-2026-1001 domoticz: Domoticz: Arbitrary script execution via stored cross-site scripting in web interface [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2451508 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-627f2db2b7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Stay updated on Fedora 42 Domoticz critical XSS fix with security advisory 2026-627f2db2b7 addressing risks.. Domoticz Patch, Fedora Security, XSS Threat, Home Automation Update, Critical Security Fix. . Severity: Important. LinuxSecurity.com Team
Too many changes to list. See: https://github.com/domoticz/domoticz/blob/2026.1/History.txt This also fixes a security vulnerability.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-45d8852ca3 2026-04-04 00:48:12.438594+00:00 -------------------------------------------------------------------------------- Name : domoticz Product : Fedora 43 Version : 2026.1 Release : 1.fc43 URL : http://www.domoticz.com Summary : Open source Home Automation System Description : Domoticz is a Home Automation System that lets you monitor and configure various devices like: Lights, Switches, various sensors/meters like Temperature, Rain, Wind, UV, Electra, Gas, Water and much more. Notifications/Alerts can be sent to any mobile device -------------------------------------------------------------------------------- Update Information: Too many changes to list. See: https://github.com/domoticz/domoticz/blob/2026.1/History.txt This also fixes a security vulnerability. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 25 2026 Michael Cronenworth - 2026.1-1 - New stable release * Sun Mar 22 2026 Bjrn Esser - 2025.2-6 - Rebuild (jsoncpp) * Fri Feb 27 2026 Tom Callaway - 2025.2-5 - rebuild for lua 5.5 * Fri Jan 16 2026 Fedora Release Engineering - 2025.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering - 2025.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Wed Jan 14 2026 Michael Cronenworth - 2025.2-2 - Rebuilt for Boost 1.90 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2451138 - domoticz-2026.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451138 [ 2 ] Bug #2451507 - CVE-2026-1001 domoticz: Domoticz: Arbitrary script execution via stored cross-site scripting in web interface [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2451507 [ 3 ] Bug #2451509 - CVE-2026-1001 domoticz: Domoticz: Arbitrary script execution via stored cross-site scripting in web interface [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2451509 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-45d8852ca3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update fixes critical vulnerability in Fedora 43 Domoticz, addressing arbitrary script execution in web interface.. Domoticz Update, Fedora Security, Script Execution Risk, Cross-Site Scripting. . Severity: Critical. LinuxSecurity.com Team
A cross-site scripting vulnerability was discovered in hgweb, the integrated stand-alone web interface of the Mercurial version control system. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4094-1
Multiple security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in cross-site scripting, SQL injection, or command injection. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5862-1
phpMyAdmin 5.2.2 is released Welcome to the release of phpMyAdmin version 5.2.2, the "I should have released this sooner" release. This is primarily a bugfix release but also contains a few security fixes as noted below. fix possible security issue in sql-parser which could cause long execution times. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-4b8ab3834c 2025-01-31 03:06:46.144908+00:00 -------------------------------------------------------------------------------- Name : phpMyAdmin Product : Fedora 41 Version : 5.2.2 Release : 1.fc41 URL : https://www.phpmyadmin.net/ Summary : A web interface for MySQL and MariaDB Description : phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and is available in 50 languages -------------------------------------------------------------------------------- Update Information: phpMyAdmin 5.2.2 is released Welcome to the release of phpMyAdmin version 5.2.2, the "I should have released this sooner" release. This is primarily a bugfix release but also contains a few security fixes as noted below. fix possible security issue in sql-parser which could cause long execution times that could create a DOS attack (thanks to Maximilian Krög) fix an XSS vulnerability in the check tables feature (PMASA-2025-1, thanks to bluebird) fix an XSS vulnerability in the Insert tab (PMASA-2025-2, thanks to frequent contributor Kamil Tekiela) fix possible security issue with library code slim/psr7 (CVE-2023-30536) fix possible security issue relating to iconv (CVE-2024-2961, PMASA-2025-3) fix a full path disclosure in the Monitoring tab issue #18268 Fix UI issue the theme manager is disabled issue Allow opening server breadcrumb links in new tab withCtrl/Meta key issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent cookie smuggling issue #18106 Fix renaming database with a view issue #18120 Fix bug with numerical tables during renaming database issue #16851 Fix ($cfg['Order']) default column order doesn't have have any effect since phpMyAdmin 4.2.0 issue #18258 Speed improvements when exporting a database issue #18769 Improved collations support for MariaDB 10.10 There are many, many more fixes that you can see in the ChangeLog file included with this release or online -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 22 2025 Remi Collet - 5.2.2-1 - update to 5.2.2 (2025-01-21, security and bugfix release) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2327066 - CVE-2023-44270 phpMyAdmin: Improper input validation in PostCSS [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2327066 [ 2 ] Bug #2331110 - CVE-2024-55565 phpMyAdmin: nanoid mishandles non-integer values [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2331110 [ 3 ] Bug #2334300 - CVE-2024-56522 phpMyAdmin: unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2334300 [ 4 ] Bug #2334303 - CVE-2024-56519 phpMyAdmin: setSVGStyles does not sanitize the SVG font-family attribute [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2334303 [ 5 ] Bug #2334305 - CVE-2024-56521 phpMyAdmin: CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely when libcurl is used [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2334305 [ 6 ] Bug #2334346 - CVE-2024-56527 phpMyAdmin: Error function lacks an htmlspecialchars call for the error message. [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2334346 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4b8ab3834c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . The latest release of phpMyAdmin 5.2.2 in Fedora 41 comes with essential security updates that target several vulnerabilities.. phpMyAdmin Update, Fedora Security, Web Application Updates, PHP Security Risks. . Severity: Critical. LinuxSecurity.com Team
A flaw was found in Sympaâs web interface, a modern mailing list manager. An attacker may bypass authentication by using an arbitrary e-mail address when the generic SSO loging feature was enabled. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4027-1
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for qbittorrent ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0358-1 Rating: moderate References: #1232731 Cross-References: CVE-2024-51774 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for qbittorrent fixes the following issues: - Update to version 5.0.1 (fixes boo#1232731 CVE-2024-51774) Added features: * Add "Simple pread/pwrite" disk IO type Bug fixes: * Don't ignore SSL errors (boo#1232731 CVE-2024-51774) * Don't try to apply Mark-of-the-Web to nonexistent files * Disable "Move to trash" option by default * Disable the ability to create torrents with a piece size of 256MiB * Allow to choose Qt style * Always notify user about duplicate torrent * Correctly handle "torrent finished after move" event * Correctly apply filename filter when `!qB` extension is enabled * Improve color scheme change detection * Fix button state for SSL certificate check Web UI: * Fix CSS that results in hidden torrent list in some browsers * Use proper text color to highlight items in all filter lists * Fix 'rename files' dialog cannot be opened more than once * Fix UI of Advanced Settings to show all settings * Free resources allocated by web session once it is destructed Search: * Import correct libraries Other changes: * Sync flag icons with upstream Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-358=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64): qbittorrent-5.0.1-bp156.3.6.1 qbittorrent-nox-5.0.1-bp156.3.6.1 References: https://www.suse.com/security/cve/CVE-2024-51774.html https://bugzilla.suse.com/1232731 . OpenSUSE has released a security update for qbittorrent, addressing several moderate vulnerabilities, while improving the functionality of the web interface and resolving various bugs.. openSUSE patch, qbittorrent update, software security fix. . LinuxSecurity.com Team
The GUI portion of Piranha may allow any remote attacker to execute commands on the server. . -----BEGIN PGP SIGNED MESSAGE------ --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Piranha web GUI exposure Advisory ID: RHSA-2000:014-16 Issue date: 2000-04-18 Updated on: 2000-04-26 Product: Red Hat Linux Keywords: piranha Cross references: php - ---------------------------------------------------------------------1. Topic: The GUI portion of Piranha may allow any remote attacker to execute commands on the server. This may allow a remote attacker to launch additional exploits against a web site from inside the web server. This is an updated release that disables Piranha's web GUI interface unless the site administrator enables it explicitly. 2. Relevant releases/architectures: Red Hat Linux 6.2 - i386 alpha sparc 3. Problem description: When Piranha is installed, it generates a 'secure' web interface ID using the HTML .htaccess method. The information for the account is placed in /home/httpd/html/piranha/secure/passwords which was supposed to be released with a blank password. Unfortunately, the password that is actually on the CD is 'Q'. The original intent was that, when the administrator installed Piranha rpms onto their box, that they would change the default blank password to a password of their own choosing. This is not a hidden account. Its only use is to protect the web pages from unauthorized access. The security problem arises from the file. It is possible to execute commands by entering 'blah;some-command' into the password fields. Everything after the semicolon is executed with the same privilege as the webserver. Because of this, it is possible to compromise the webserver or do serious damage to files on the site that are owned by the user 'nobody' or to export a shell using xterm. Updated piranha packagesreleased as version 0.14.3-1 fixed the security vulnerability while still require for the default behavior of requiring the web administrator to reset the password before making the web site public. Because of the security concerns from the community and in order to protect innocent administrators that might not be aware of the need to change the password for Piranha's interface before going live on the Internet, Red Hat is releasing a new set of packages that disable the piranha web interface by default. The site administrator will have to enable the service from the command line by resetting the password as detailed on the main page of the piranha utility. The new packages that include these changes are known as version piranha-0.4.14-1. Users of Red Hat Linux 6.2 are strongly encouraged to upgrade to the new packages if they are actively using piranha on their system (upgrade instructions follow) or to remove the piranha-gui package altogether by issuing the following command: rpm -e piranha-gui 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. When you install the update for the piranha-gui, please take a moment to review the instructions presented on the following URL (). This should guide you through the process of installing a password for use with the GUI. 5. Bug IDs fixed ( for more info): N/A 6. Obsoleted by: N/A 7. Conflicts with: N/A 8. RPMs required: Red Hat Linux 6.2: intel: alpha: sparc: sources: 9. Verification: MD5 sum Package Name - --------------------------------------------------------------------------7c9cad243857f3e90cb73457619ad3a0 6.2/SRPMS/piranha-0.4.14-1.src.rpm 179e502f88f149fe3bfb285af851a6d3 6.2/alpha/piranha-0.4.14-1.alpha.rpm 881622bc6403c2af38834c0deaf05d44 6.2/alpha/piranha-docs-0.4.14-1.alpha.rpm 7ffc63ec6f236afc0b19298ec29e6774 6.2/alpha/piranha-gui-0.4.14-1.alpha.rpm 1e04357c0ebb004185b834152667c644 6.2/i386/piranha-0.4.14-1.i386.rpm 5b6649f14979e1b2fbdb763d88e9a3ac 6.2/i386/piranha-docs-0.4.14-1.i386.rpm 1a49816f280dc7a9b83ba9bab42a247f 6.2/i386/piranha-gui-0.4.14-1.i386.rpm 4153b861f030a17745463c1749732b58 6.2/sparc/piranha-0.4.14-1.sparc.rpm dc964993d9a3b6c967e5c4455bc24221 6.2/sparc/piranha-docs-0.4.14-1.sparc.rpm 97071e07e2f34fecf80ba48f61e70ba6 6.2/sparc/piranha-gui-0.4.14-1.sparc.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 10. References: This vulnerability was discovered and researched by Allen Wilson and Dan Ingevaldson of Internet Security Systems. Red Hat would like to thank ISS for the assistance in getting this problem fixed quickly. Cristian - --- ----------------------------------------------------------------------Cristian Gafton --
Get the latest Linux and open source security news straight to your inbox.