Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -1 articles for you...
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydebianmoderate threat

Debian: DLA-3435-1 Moderate: Rainloop XSS Security Issues

Cross-site scripting (XSS) vulnerabilities were found in rainloop, a web-based email client, which could lead to information disclosure including passphrase leak. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3435-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Guilhem Moulin May 28, 2023 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : rainloop Version : 1.12.1-2+deb10u1 CVE ID : CVE-2019-13389 CVE-2022-29360 Debian Bug : 1004548 Cross-site scripting (XSS) vulnerabilities were found in rainloop, a web-based email client, which could lead to information disclosure including passphrase leak. CVE-2019-13389 It was discovered that RainLoop Webmail lacked XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header. CVE-2022-29360 Simon Scannell discovered that RainLoop's Email Viewer allows XSS via a crafted text/html email message. For Debian 10 buster, these problems have been fixed in version 1.12.1-2+deb10u1. We recommend that you upgrade your rainloop packages. For the detailed security status of rainloop please refer to its security tracker page at: Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu LTS Advisory USA-4820-1 highlights vulnerabilities in rainloop's security features and urges users to apply patches. Find out more.. rainloop security, XSS issues, Debian advisory, web client security. . LinuxSecurity.com Team

Calendar 2 May 27, 2023 Debian LTS
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoramoderate severity

Fedora 26: FEDORA-2017-1560290881 Moderate: Roundcube File Disclosure Issue

Upstream announcement for **version 1.3.3** This is a security update to the stable version 1.3. It primarily fixes a recently discovered file disclosure vulnerability caused by insufficient input validation in conjunction with file- based attachment plugins, which are used by default. More details will be published under CVE-2017-16651. We strongly recommend to update all productive. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-1560290881 2017-11-19 22:25:37.444141 --------------------------------------------------------------------------------Name : roundcubemail Product : Fedora 26 Version : 1.3.3 Release : 1.fc26 URL : https://roundcube.net/ Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. --------------------------------------------------------------------------------Update Information: Upstream announcement for **version 1.3.3** This is a security update to the stable version 1.3. It primarily fixes a recently discovered file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default. More details will be published under CVE-2017-16651. We strongly recommend to update all productive installations of Roundcube. Please do backup your data before updating! **Changelog** - Fix decoding of mailto: links with + character in HTML messages (#6020) - Fix false reporting of failed upgrade in installto.sh (#6019) - Fix file disclosurevulnerability caused by insufficient input validation **CVE-2017-16651** (#6026) - Fix mangled non-ASCII characters in links in HTML messages (#6028) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade roundcubemail' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . A security patch for Fedora 26's Roundcube addresses a vulnerability related to file exposure. Users are strongly advised to upgrade without delay.. Fedora 26, Roundcube Update, Email Client Security. . LinuxSecurity.com Team

Calendar 2 Nov 19, 2017 Fedora
Banner 4 1028x280 1708121825 1771600306
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedorasquirrelmail

Fedora 25: 2017-f85c37ae3d moderate: Squirrelmail Insufficient Escaping

fix insufficient escaping of user-supplied data (CVE-2017-7692). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-f85c37ae3d 2017-06-02 17:35:06.903270 --------------------------------------------------------------------------------Name : squirrelmail Product : Fedora 25 Version : 1.4.22 Release : 19.fc25 URL : https://www.squirrelmail.org/ Summary : webmail client written in php Description : SquirrelMail is a basic webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. --------------------------------------------------------------------------------Update Information: fix insufficient escaping of user-supplied data (CVE-2017-7692) --------------------------------------------------------------------------------References: [ 1 ] Bug #1445165 - CVE-2017-7692 squirrelmail: Insufficient escaping of user-supplied data https://bugzilla.redhat.com/show_bug.cgi?id=1445165 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade squirrelmail' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Addresses a vulnerabilityrelated to inadequate escaping in SquirrelMail for Fedora 25. Implemented improvements to bolster security measures.. Fedora Updates, Squirrelmail Security, PHP Webmail Protection. . LinuxSecurity.com Team

Calendar 2 Jun 03, 2017 Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoraXSS

Fedora 23 Roundcubemail Security Advisory: Critical XSS and CSRF Issues

**Release 1.1.5** * Plugin API: Added html2text hook * Plugin API: Added addressbook_export hook * Fix missing emoticons on html-to-text conversion * Fix random "access to this resource is secured against CSRF" message at logout (#4956) * Fix missing language name in "Add to Dictionary" request in HTML mode (#4951) * Enable use of TLSv1.1 and TLSv1.2 for IMAP (#4955) * Fix. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-69eb7f9fb2 2016-04-30 18:27:34.312285 -------------------------------------------------------------------------------- Name : roundcubemail Product : Fedora 23 Version : 1.1.5 Release : 1.fc23 URL : https://roundcube.net/ Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. -------------------------------------------------------------------------------- Update Information: **Release 1.1.5** * Plugin API: Added html2text hook * Plugin API: Added addressbook_export hook * Fix missing emoticons on html-to-text conversion * Fix random "access to this resource is secured against CSRF" message at logout (#4956) * Fix missing language name in "Add to Dictionary" request in HTML mode (#4951) * Enable use of TLSv1.1 and TLSv1.2 for IMAP (#4955) * Fix XSS issue in SVG images handling (#4949) * Fix (again) security issue in DBMail driver of password plugin (CVE-2015-2181) (#4958) * Fix bug in long recipients list parsing for cases where recipient name contained @-char (#4964) * Fixadditional_message_headers plugin compatibility with Mail_Mime > = 1.9 (#4966) * Hide DSN option in Preferences when smtp_server is not used (#4967) * Protect download urls against CSRF using unique request tokens (#4957) * newmail_notifier Plugin: Refactored desktop notifications * Fix so contactlist_fields option can be set via config file * Fix so SPECIAL-USE assignments are forced only until user sets special folders (#4782) * Fix performance in reverting order of THREAD result * Fix converting mail addresses with www. into mailto links (#5197) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1330084 - CVE-2015-2181 CVE-2015-8864 CVE-2016-4068 CVE-2016-4069 roundcubemail: security issues fixed in version 1.0.9 https://bugzilla.redhat.com/show_bug.cgi?id=1330084 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update roundcubemail' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/ . Fedora 23 Roundcube Mail security patch addresses flaws and enhances plugin API capabilities, critical for webmail protection.. Roundcube, Fedora 23, Email Security, CSRF Protection, XSS Fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 30, 2016 Critical Fedora
Banner 4 1028x280 1708121825 1771600306
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorymoderateupdate

Fedora: FEDORA-2006-134 Moderate: SquirrelMail Language Support Issue

Nicholas Mailhot discovered that the previous squirrelmail update broke several non-English languages. This update fixes that issue.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2006-134 2006-03-06 ---------------------------------------------------------------------Product : Fedora Core 4 Name : squirrelmail Version : 1.4.6 Release : 3.fc4 Summary : SquirrelMail webmail client Description : SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation. ---------------------------------------------------------------------Update Information: Nicholas Mailhot discovered that the previous squirrelmail update broke several non-English languages. This update fixes that issue. ---------------------------------------------------------------------* Fri Mar 3 2006 Warren Togami 1.4.6-3 - Fix regex in doc mangling (#183943 Michal Jaegermann) * Fri Mar 3 2006 David Woodhouse 1.4.6-2 - Add a %build section, move the file mangling to it. (#162852 Nicolas Mailhot) ---------------------------------------------------------------------This update can be downloaded from: c1959843c6096ad6925869e5b07f944395c2ad18 SRPMS/squirrelmail-1.4.6-3.fc4.src.rpm d1d37a5dd0f4646e73d657921b77ea810f5c130d ppc/squirrelmail-1.4.6-3.fc4.noarch.rpm d1d37a5dd0f4646e73d657921b77ea810f5c130d x86_64/squirrelmail-1.4.6-3.fc4.noarch.rpm d1d37a5dd0f4646e73d657921b77ea810f5c130d i386/squirrelmail-1.4.6-3.fc4.noarch.rpm This update can be installed with the 'yum' update program. Use 'yumupdate package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . ----------------------------------------------------------------------- fedora-announce-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . The most recent Fedora Core 4 patch for SquirrelMail addresses previous language compatibility problems, enhancing user experience across various locales.. SquirrelMail Fix, Fedora Security Update, Language Support, PHP Webmail. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Mar 06, 2006 Important Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorysquirrelmailFedora Core

Fedora Core 2 FEDORA-2005-259 Critical: SquirrelMail Upgrade Issues

Multiple issues in squirrelmail (CAN-2005-0104) Upgrade to 1.4.4. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-259 2005-03-28 ---------------------------------------------------------------------Product : Fedora Core 2 Name : squirrelmail Version : 1.4.4 Release : 1.FC2 Summary : SquirrelMail webmail client Description : SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation. ---------------------------------------------------------------------Update Information: Multiple issues in squirrelmail (CAN-2005-0104) Upgrade to 1.4.4 ---------------------------------------------------------------------* Thu Jan 27 2005 Warren Togami 1.4.4-2 - 1.4.4 - re-include translations and Provide squirrelmail-i18n better compatible with upstream, but we cannot split sub-package due to support of existing distributions - remove unnecessary .po files ---------------------------------------------------------------------This update can be downloaded from: a238db60bcad582241e36e125eb2888a SRPMS/squirrelmail-1.4.4-1.FC2.src.rpm 196e34e86ad654beb1f44462c6148e99 x86_64/squirrelmail-1.4.4-1.FC2.noarch.rpm 196e34e86ad654beb1f44462c6148e99 i386/squirrelmail-1.4.4-1.FC2.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Various bugs addressed in squirrelmail following the upgrade toversion 1.4.4 for Fedora Core 2 users. Upgrade immediately!. squirrelmail, webmail issues, Fedora update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 28, 2005 Critical Fedora
Banner 4 1028x280 1708121825 1771600306
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorymoderatesecurity issue

Debian GNU/Linux 3.1: 2005-290 Critical: Roundcube Update to 0.1.2

Multiple issues in squirrelmail (CAN-2005-0104) Upgrade to 1.4.4. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-260 2005-03-28 ---------------------------------------------------------------------Product : Fedora Core 3 Name : squirrelmail Version : 1.4.4 Release : 1.FC3 Summary : SquirrelMail webmail client Description : SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation. ---------------------------------------------------------------------Update Information: Multiple issues in squirrelmail (CAN-2005-0104) Upgrade to 1.4.4 ---------------------------------------------------------------------* Thu Jan 27 2005 Warren Togami 1.4.4-2 - 1.4.4 - re-include translations and Provide squirrelmail-i18n better compatible with upstream, but we cannot split sub-package due to support of existing distributions - remove unnecessary .po files ---------------------------------------------------------------------This update can be downloaded from: b62f0fe0b26a125239e4897a1aef60d8 SRPMS/squirrelmail-1.4.4-1.FC3.src.rpm 4df4db9e6f9b4278615c5d6189427f7a x86_64/squirrelmail-1.4.4-1.FC3.noarch.rpm 4df4db9e6f9b4278615c5d6189427f7a i386/squirrelmail-1.4.4-1.FC3.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Fedora Core 3 has released a new update resolving severalvulnerabilities in squirrelmail, advising users to upgrade to version 1.4.4 to enhance security.. Fedora Core 3, SquirrelMail Upgrade, Webmail Security, PHP Mail Client. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 28, 2005 Critical Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorymoderatefedora

Fedora Core 3 FEDORA-2004-472 Moderate: XSS Vulnerability in SquirrelMail

CAN-2004-1036 Cross Site Scripting in encoded text. --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-472 2004-11-28 --------------------------------------------------------------------- Product : Fedora Core 3 Name : squirrelmail Version : 1.4.3a Release : 6.FC3 Summary : SquirrelMail webmail client Description : SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation. --------------------------------------------------------------------- * Fri Nov 19 2004 Warren Togami 1.4.3a-6.FC3 - FC3 * Fri Nov 19 2004 Warren Togami 1.4.3a-7 - CAN-2004-1036 Cross Site Scripting in encoded text - #112769 updated splash screens --------------------------------------------------------------------- This update can be downloaded from: f3214fb13b71f13ac46fe6c440c09ad4 SRPMS/squirrelmail-1.4.3a-6.FC3.src.rpm e0ff639d45092e5c1130c35b0dd6fbea x86_64/squirrelmail-1.4.3a-6.FC3.noarch.rpm e0ff639d45092e5c1130c35b0dd6fbea i386/squirrelmail-1.4.3a-6.FC3.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- fedora-announce-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. fedora-announce-list Info Page . Enhance SquirrelMail security on Fedora Core 3 by backing up, updating to the latest version, testing functionality, and applying system updates for safety. Fedora, SquirrelMail Update, Cross Site Scripting. . LinuxSecurity.com Team

Calendar 2 Nov 28, 2004 Fedora
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here