Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 526
Alerts This Week
Warning Icon 1 526

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 14 articles for you...
172

Ubuntu 22.04 LTS USN-6550-1 moderate: postfixadmin denial of service

Several security issues were fixed in PostfixAdmin.. ========================================================================== Ubuntu Security Notice USN-6550-1 December 12, 2023 postfixadmin vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS (Available with Ubuntu Pro) - Ubuntu 20.04 LTS (Available with Ubuntu Pro) - Ubuntu 18.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in PostfixAdmin. Software Description: - postfixadmin: Virtual mail hosting interface for Postfix Details: It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. (CVE-2022-29221) It was discovered that Moment.js, that is integrated in the PostfixAdmin code, was using an inefficient parsing algorithm when processing date strings in the RFC 2822 standard. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-31129) It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly escaping JavaScript code. An attacker could possibly use this issue to conduct cross-site scripting attacks (XSS). (CVE-2023-28447) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS (Available with Ubuntu Pro): postfixadmin 3.3.10-2ubuntu0.1~esm1 Ubuntu 20.04 LTS (Available with Ubuntu Pro): postfixadmin 3.2.1-3ubuntu0.1~esm1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): postfixadmin 3.0.2-2ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6550-1 CVE-2022-29221, CVE-2022-31129, CVE-2023-28447 . Ubuntu Security Advisory USN-6571-1addresses security flaws found in Phabricator affecting several Ubuntu releases.. PostfixAdmin Security, Denial of Service Threats, XSS Attacks. . LinuxSecurity.com Team

Calendar%202 Dec 12, 2023 Ubuntu
197

Debian DLA-3225-1 Moderate: AWStats XSS Issue and Mitigation

AWStats, a powerful and featureful web server log analyzer, allowed XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. . - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3225-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Utkarsh Gupta December 05, 2022 https://wiki.debian.org/LTS - ----------------------------------------------------------------------- Package : awstats Version : 7.6+dfsg-2+deb10u2 CVE ID : CVE-2022-46391 Debian Bug : 1025410 AWStats, a powerful and featureful web server log analyzer, allowed XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. For Debian 10 buster, this problem has been fixed in version 7.6+dfsg-2+deb10u2. We recommend that you upgrade your awstats packages. For the detailed security status of awstats please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/awstats Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Notice DLA-3226-2 addresses CSRF vulnerabilities in the Joomla plugin; users are advised to update for improved safety.. AWStats Update, Debian Security, Web Server Logging, XSS Mitigation. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 05, 2022 Important Debian LTS
197

Debian 10: DLA-3074-1 High: Epiphany Browser XSS Threats

Several issues were discovered in Epiphany, the GNOME web browser, allowing XSS attacks by malicious websites, or memory corruption and application crash by a page with a very long title. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3074-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 18, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : epiphany-browser Version : 3.32.1.2-3~deb10u2 CVE ID : CVE-2021-45085 CVE-2021-45087 CVE-2021-45088 CVE-2022-29536 Debian Bug : 1009959 Several issues were discovered in Epiphany, the GNOME web browser, allowing XSS attacks by malicious websites, or memory corruption and application crash by a page with a very long title. For Debian 10 buster, these problems have been fixed in version 3.32.1.2-3~deb10u2. We recommend that you upgrade your epiphany-browser packages. For the detailed security status of epiphany-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/epiphany-browser Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Latest Epiphany browser upgrade tackles XSS vulnerabilities and memory leaks, enhancing security for Ubuntu users against potential risks.. Debian LTS, Epiphany Security, Browser Update. . LinuxSecurity.com Team

Calendar%202 Aug 18, 2022 Debian LTS
172

Ubuntu 20.04 LTS USN-5552-1 Critical: phpLiteAdmin XSS Attack

phpLiteAdmin could allow cross-site scripting (XSS) attacks.. =========================================================================Ubuntu Security Notice USN-5552-1 August 08, 2022 phpliteadmin vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: phpLiteAdmin could allow cross-site scripting (XSS) attacks. Software Description: - phpliteadmin: web-based SQLite database admin tool Details: It was discovered that phpLiteAdmin incorrectly handled certain GET requests. An attacker could possibly use this issue to perform cross-site scripting (XSS) attacks. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: phpliteadmin 1.9.8.2-1ubuntu0.20.04.1 Ubuntu 18.04 LTS: phpliteadmin 1.9.7.1-1ubuntu0.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5552-1 CVE-2021-46709 Package Information: https://launchpad.net/ubuntu/+source/phpliteadmin/1.9.8.2-1ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/phpliteadmin/1.9.7.1-1ubuntu0.3 . phpLiteAdmin has a vulnerability that exposes it to cross-site scripting (XSS) threats. Ensure your Ubuntu installation is updated to secure your system.. phpLiteAdmin,XSS Attack,Ubuntu Security,Web Application. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Aug 08, 2022 Critical Ubuntu
100

SUSE OpenStack Cloud: 2022:0285-1 Important: Python-Django1 XSS & DoS

An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for python-Django1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0285-1 Rating: important References: #1195086 #1195088 Cross-References: CVE-2022-22818 CVE-2022-23833 CVSS scores: CVE-2022-22818 (SUSE): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-23833 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-Django1 fixes the following issues: - CVE-2022-22818: Fixed possible XSS via {% debug %} template tag (bsc#1195086) - CVE-2022-23833: Fixed denial-of-service possibility in file uploads. (bsc#1195088) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-285=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-285=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-Django1-1.11.29-3.37.1 - SUSE OpenStack Cloud 9 (noarch): python-Django1-1.11.29-3.37.1 venv-openstack-barbican-x86_64-7.0.1~dev24-3.30.1 venv-openstack-cinder-x86_64-13.0.10~dev23-3.33.1 venv-openstack-designate-x86_64-7.0.2~dev2-3.30.1 venv-openstack-glance-x86_64-17.0.1~dev30-3.28.1 venv-openstack-heat-x86_64-11.0.4~dev4-3.30.1 venv-openstack-horizon-x86_64-14.1.1~dev11-4.34.2 venv-openstack-ironic-x86_64-11.1.5~dev17-4.28.1 venv-openstack-keystone-x86_64-14.2.1~dev7-3.31.1 venv-openstack-magnum-x86_64-7.2.1~dev1-4.30.1 venv-openstack-manila-x86_64-7.4.2~dev60-3.36.1 venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.30.1 venv-openstack-monasca-x86_64-2.7.1~dev10-3.32.1 venv-openstack-neutron-x86_64-13.0.8~dev164-6.34.1 venv-openstack-nova-x86_64-18.3.1~dev91-3.34.1 venv-openstack-octavia-x86_64-3.2.3~dev7-4.30.1 venv-openstack-sahara-x86_64-9.0.2~dev15-3.30.1 venv-openstack-swift-x86_64-2.19.2~dev48-2.25.1 References: https://www.suse.com/security/cve/CVE-2022-22818.html https://www.suse.com/security/cve/CVE-2022-23833.html https://bugzilla.suse.com/1195086 https://bugzilla.suse.com/1195088 . A critical patch for python-Django1 tackles major security flaws within SUSE OpenStack. Ensure your protection!. Python Django XSS Fix, SUSE OpenStack Security, Denial of Service Update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 01, 2022 Important SuSE
87

Debian 11: DSA-5037-1 Critical: Roundcube XSS Threat Mitigated

It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize HTML messages. This would allow an attacker to perform Cross-Side Scripting (XSS) attacks. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5037-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Sebastien Delafond January 08, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : roundcube CVE ID : CVE-2021-46144 Debian Bug : 1003027 It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize HTML messages. This would allow an attacker to perform Cross-Side Scripting (XSS) attacks. For the oldstable distribution (buster), this problem has been fixed in version 1.3.17+dfsg.1-1~deb10u2. For the stable distribution (bullseye), this problem has been fixed in version 1.4.13+dfsg.1-1~deb11u1. We recommend that you upgrade your roundcube packages. For the detailed security status of roundcube please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/roundcube Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . An enhancement patch for Roundcube on Debian tackles XSS vulnerabilities caused by insufficient HTML cleaning. Upgrade is advised.. Debian Security Advisory, Roundcube Update, XSS Threat. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jan 08, 2022 Critical Debian
172

Ubuntu 20.10 USN-4758-1 Critical: Golang XSS Attack Alert

Go applications could be made to perform XSS attacks.. =========================================================================Ubuntu Security Notice USN-4758-1 March 08, 2021 golang-1.10, golang-1.14 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Go applications could be made to perform XSS attacks. Software Description: - golang-1.14: Go programming language compiler - golang-1.10: Go programming language compiler Details: It was discovered that Go applications incorrectly handled uploaded content. If a user were tricked into visiting a malicious page, a remote attacker could exploit this with a crafted file to conduct cross-site scripting (XSS) attacks. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: golang-1.14 1.14.7-2ubuntu1.1 golang-1.14-go 1.14.7-2ubuntu1.1 Ubuntu 20.04 LTS: golang-1.14 1.14.3-2ubuntu2~20.04.2 golang-1.14-go 1.14.3-2ubuntu2~20.04.2 Ubuntu 18.04 LTS: golang-1.10 1.10.4-2ubuntu1~18.04.2 golang-1.10-go 1.10.4-2ubuntu1~18.04.2 Ubuntu 16.04 LTS: golang-1.10 1.10.4-2ubuntu1~16.04.2 golang-1.10-go 1.10.4-2ubuntu1~16.04.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4758-1 CVE-2020-24553 Package Information: https://launchpad.net/ubuntu/+source/golang-1.14/1.14.7-2ubuntu1.1 https://launchpad.net/ubuntu/+source/golang-1.14/1.14.3-2ubuntu2~20.04.2 https://launchpad.net/ubuntu/+source/golang-1.10/1.10.4-2ubuntu1~18.04.2 https://launchpad.net/ubuntu/+source/golang-1.10/1.10.4-2ubuntu1~16.04.2 .Cross-site scripting vulnerability detected in Go programs, highlighted in Ubuntu Security Alert USN-4758-1 with corresponding patches available.. Ubuntu Security,Golang Update,XSS Threat,Security Notice,Go Packages. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Mar 08, 2021 Critical Ubuntu
91

Gentoo: GLSA-202101-35 Normal: phpMyAdmin Multiple XSS Issues

Multiple vulnerabilities have been found in phpMyAdmin, allowing remote attackers to conduct XSS.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202101-35 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: phpMyAdmin: Multiple vulnerabilities Date: January 27, 2021 Bugs: #747805 ID: 202101-35 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in phpMyAdmin, allowing remote attackers to conduct XSS. Background ========= phpMyAdmin is a web-based management tool for MySQL databases. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/phpmyadmin < 4.9.6:4.9.6 > = 4.9.6:4.9.6 Description ========== Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All phpMyAdmin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-db/phpmyadmin-4.9.6" References ========= [ 1 ] CVE-2020-26934 https://nvd.nist.gov/vuln/detail/CVE-2020-26934 [ 2 ] CVE-2020-26935 https://nvd.nist.gov/vuln/detail/CVE-2020-26935 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202101-35 Concerns? ======== Security is a primary focus of Gentoo Linux andensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . A critical security notification detailing various weaknesses in phpMyAdmin that affect Gentoo users, necessitating urgent updates.. Gentoo Security, phpMyAdmin Update, XSS Issues, Software Vulnerabilities. . LinuxSecurity.com Team

Calendar%202 Jan 27, 2021 Gentoo
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200