Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 568
Alerts This Week
Warning Icon 1 568

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":50,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 4 articles for you...
91

Gentoo: GLSA-202402-31 Critical: Glances Remote Code Exec Flaw Found

A vulnerability has been found in Glances which may lead to arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202402-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Glances: Arbitrary Code Execution Date: February 26, 2024 Bugs: #791565 ID: 202402-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been found in Glances which may lead to arbitrary code execution. Background ========== Glances is an open-source system cross-platform monitoring tool. It allows real-time monitoring of various aspects of your system such as CPU, memory, disk, network usage etc. Affected packages ================= Package Vulnerable Unaffected ------------------- ------------ ------------ sys-process/glances < 3.1.7 > = 3.1.7 Description =========== A vulnerability in XML parsing may lead to a variety of XML attacks. Impact ====== A vulnerability in XML parsing may lead to a variety of XML attacks. Workaround ========== There is no known workaround at this time. Resolution ========== All Glances users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-process/glances-3.1.7" References ========== Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202402-30 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bugat https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Gentoo Linux Alert GLSA 202402-31 highlights a security vulnerability in Glances leading to potential arbitrary code execution. Updating is advised.. Gentoo Linux, Glances, Code Execution Risk, Security Advisory. . LinuxSecurity.com Team

Calendar%202 Feb 26, 2024 Gentoo
87

Debian: DSA-5066-1 Critical: Ruby2.5 Severe XML Attack & DoS

Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result on result in XML roundtrip attacks, the execution of arbitrary code, information disclosure, StartTLS stripping in IMAP or denial of service. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5066-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff February 03, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby2.5 CVE ID : CVE-2021-28965 CVE-2021-31799 CVE-2021-31810 CVE-2021-41817 CVE-2021-41819 CVE-2021-32066 Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result on result in XML roundtrip attacks, the execution of arbitrary code, information disclosure, StartTLS stripping in IMAP or denial of service. For the oldstable distribution (buster), these problems have been fixed in version 2.5.5-3+deb10u4. We recommend that you upgrade your ruby2.5 packages. For the detailed security status of ruby2.5 please refer to its security tracker page at: Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Update ruby2.5 to address vulnerabilities such as XML injection, arbitrary code execution, and unauthorized data exposure.. Debian Security,Ruby Security,DoS Protection,XML Attacks. . LinuxSecurity.com Team

Calendar%202 Feb 03, 2022 Debian
172

Ubuntu 20.04 USN-4922-2 Moderate Warning: Ruby XML Security Patch

Ruby incorrectly handled XML documents.. =========================================================================Ubuntu Security Notice USN-4922-2 April 26, 2021 ruby2.7 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 Summary: Ruby incorrectly handled XML documents. Software Description: - ruby2.7: Object-oriented scripting language Details: USN-4922-1 fixed a vulnerability in Ruby. This update provides the corresponding update for Ubuntu 21.04. Original advisory details: Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04: libruby2.7 2.7.2-4ubuntu1.1 ruby2.7 2.7.2-4ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4922-2 https://ubuntu.com/security/notices/USN-4922-1 CVE-2021-28965 Package Information: https://launchpad.net/ubuntu/+source/ruby2.7/2.7.2-4ubuntu1.1 . Python improperly processes JSON files exposing users to possible vulnerabilities. Upgrade Fedora to counter online exploitation risks.. ruby XML Security, Ubuntu Updates, Ruby Threats. . LinuxSecurity.com Team

Calendar%202 Apr 26, 2021 Ubuntu
203

Mageia 7: 2021-0133 Moderate: Quartz Scheduler XXE Issue

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description (CVE-2019-13990). References: . MGASA-2021-0133 - Updated quartz packages fix a security vulnerability Publication date: 14 Mar 2021 URL: https://advisories.mageia.org/MGASA-2021-0133.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-13990 initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description (CVE-2019-13990). References: - https://bugs.mageia.org/show_bug.cgi?id=26481 - https://lists.suse.com/pipermail/sle-security-updates/2020-April/006708.html - https://www.cve.org/CVERecord?id=CVE-2019-13990 SRPMS: - 7/core/quartz-2.2.1-9.1.mga7 . Fedora 2021-0325 addresses critical vulnerabilities with the release of new patches. Release date: 22 Apr 2021.. Quartz Security Fix, Mageia Update, XML Scheduling Vulnerability. . LinuxSecurity.com Team

Calendar%202 Mar 14, 2021 Mageia
89

Fedora 32: FEDORA-2021-1d8254899c Critical: jackson-databind XML Attack

Update to version 2.10.5.1. Resolves CVE-2020-25649.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-1d8254899c 2021-02-10 01:29:03.465586 --------------------------------------------------------------------------------Name : jackson-databind Product : Fedora 32 Version : 2.10.5.1 Release : 1.fc32 URL : https://github.com/FasterXML/jackson-databind Summary : General data-binding package for Jackson (2.x) Description : The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration. --------------------------------------------------------------------------------Update Information: Update to version 2.10.5.1. Resolves CVE-2020-25649. --------------------------------------------------------------------------------ChangeLog: * Mon Feb 1 2021 Fabio Valentini - 2.10.5.1-1 - Update to version 2.10.5.1. --------------------------------------------------------------------------------References: [ 1 ] Bug #1887779 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1887779 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-1d8254899c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . New version launched for jackson-databind in Fedora 32, addressing the XML external entity vulnerability CVE-2020-25649.. Fedora Update, Jackson Databind Fix, Security Patch. . LinuxSecurity.com Team

Calendar%202 Feb 09, 2021 Fedora
100

SUSE: 2020:1009-1 Moderate: Quartz XML External Entity Fix

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for quartz ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1009-1 Rating: moderate References: #1143227 Cross-References: CVE-2019-13990 Affected Products: SUSE Manager Server 3.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for quartz fixes the following issues: - CVE-2019-13990: Fixed XML External Entity attack in initDocumentParser (bsc#1143227). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2020-1009=1 Package List: - SUSE Manager Server 3.2 (noarch): quartz-2.3.0-14.3.1 References: https://www.suse.com/security/cve/CVE-2019-13990.html https://bugzilla.suse.com/1143227 _______________________________________________ sle-security-updates mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. http://lists.suse.com/mailman/listinfo/sle-security-updates . SUSE Security Patch for quartz addresses a significant vulnerability related to XML External Entity exploitation. Detailed guidance provided.. SUSE Manager, Security Update, XML Attack, Patch Instructions, Quartz. . LinuxSecurity.com Team

Calendar%202 Apr 16, 2020 SuSE
89

Fedora: 2019-88f53a7433 Critical: Pdfbox XML Attack and DoS Issues

Update to 2.0.16. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-88f53a7433 2019-09-14 16:29:06.039336 --------------------------------------------------------------------------------Name : pdfbox Product : Fedora 31 Version : 2.0.16 Release : 1.fc31 URL : https://pdfbox.apache.org/ Summary : Apache PDFBox library for working with PDF documents Description : Apache PDFBox is an open source Java PDF library for working with PDF documents. This project allows creation of new PDF documents, manipulation of existing documents and the ability to extract content from documents. Apache PDFBox also includes several command line utilities. Apache PDFBox is published under the Apache License v2.0. --------------------------------------------------------------------------------Update Information: Update to 2.0.16 --------------------------------------------------------------------------------References: [ 1 ] Bug #1699742 - CVE-2019-0228 pdfbox: XML External Entity (XXE) attacks via a crafted XFDF [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1699742 [ 2 ] Bug #1637494 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1637494 [ 3 ] Bug #1597491 - CVE-2018-8036 pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1597491 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-88f53a7433' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the FedoraProject can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Upgrading to Apache PDFBox 2.0.16 addresses significant security issues found in the Fedora 31 operating system.. Pdfbox Security Update,Fedora 31 PDFBox,Open Source PDF Library. . LinuxSecurity.com Team

Calendar%202 Sep 14, 2019 Fedora
89

Debian 10: DEBIAN-2019-8c5d4b1528 Critical: Ghostscript Security Flaw

Update to 2.0.16. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-9e91afa2be 2019-09-09 07:33:00.555973 --------------------------------------------------------------------------------Name : pdfbox Product : Fedora 30 Version : 2.0.16 Release : 1.fc30 URL : https://pdfbox.apache.org/ Summary : Apache PDFBox library for working with PDF documents Description : Apache PDFBox is an open source Java PDF library for working with PDF documents. This project allows creation of new PDF documents, manipulation of existing documents and the ability to extract content from documents. Apache PDFBox also includes several command line utilities. Apache PDFBox is published under the Apache License v2.0. --------------------------------------------------------------------------------Update Information: Update to 2.0.16 --------------------------------------------------------------------------------ChangeLog: * Sat Aug 31 2019 Orion Poplawski - 2.0.16-1 - Update to 2.0.16 (CVE-2018-8036, CVE-2018-11797, CVE-2019-0228) * Fri Jul 26 2019 Fedora Release Engineering - 2.0.9-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1699742 - CVE-2019-0228 pdfbox: XML External Entity (XXE) attacks via a crafted XFDF [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1699742 [ 2 ] Bug #1637494 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1637494 [ 3 ] Bug #1597491 - CVE-2018-8036 pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1597491 --------------------------------------------------------------------------------This update can be installed with the"dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-9e91afa2be' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . The update for pdfbox 2.0.16 in Fedora 30 addresses multiple security issues that could potentially impact users.. Fedora PDFBox Update, Apache PDFBox, Security Issues, PDF Document Management. . LinuxSecurity.com Team

Calendar%202 Sep 09, 2019 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":50,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200