Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
89
security advisoryfedoraimportantFedora 41: log4cxx Important Improper JSON Output Vuln 2025-1b48c1a920
Update to 1.5.0, fix CVE-2025-54813, CVE-2025-22838. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-1b48c1a920 2025-10-12 01:09:51.211551+00:00 -------------------------------------------------------------------------------- Name : log4cxx Product : Fedora 41 Version : 1.5.0 Release : 1.fc41 URL : https://logging.apache.org/log4cxx/1.5.0/index.html Summary : A port to C++ of the Log4j project Description : Log4cxx is a popular logging package written in C++. One of its distinctive features is the notion of inheritance in loggers. Using a logger hierarchy it is possible to control which log statements are output at arbitrary granularity. This helps reduce the volume of logged output and minimize the cost of logging. -------------------------------------------------------------------------------- Update Information: Update to 1.5.0, fix CVE-2025-54813, CVE-2025-22838 -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 3 2025 Till Hofmann - 1.5.0-1 - Update to 1.5.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2393061 - CVE-2025-54812 log4cxx: Log4cxx HTMLLayout XSS Vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2393061 [ 2 ] Bug #2393132 - CVE-2025-54813 log4cxx: Log4cxx: Improper JSON Output Neutralization [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2393132 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-1b48c1a920' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keysused by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Oct 12, 2025
•Important
Fedora
89
security advisoryfedoraupdateFedora 39: FEDORA-2024-b60eb661a4 Critical XSS in Roundcube Webmail
Version 1.6.8 Managesieve: Protect special scripts in managesieve_kolab_master mode Fix newmail_notifier notification focus in Chrome (#9467) Fix fatal error when parsing some TNEF attachments (#9462) Fix double scrollbar when composing a mail with many plain text lines (#7760). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-b60eb661a4 2024-08-15 14:22:26.297565 -------------------------------------------------------------------------------- Name : roundcubemail Product : Fedora 39 Version : 1.6.8 Release : 1.fc39 URL : https://roundcube.net/ Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. -------------------------------------------------------------------------------- Update Information: Version 1.6.8 Managesieve: Protect special scripts in managesieve_kolab_master mode Fix newmail_notifier notification focus in Chrome (#9467) Fix fatal error when parsing some TNEF attachments (#9462) Fix double scrollbar when composing a mail with many plain text lines (#7760) Fix decoding mail parts with multiple base64-encoded text blocks (#9290) Fix bug where some messages could get malformed in an import from a MBOX file (#9510) Fix invalid line break characters in multi-line text in Sieve scripts (#9543) Fix bug where "with attachment" filter could fail on some fts engines (#9514) Fix bug where an unhandled exception was caused by an invalid image attachment (#9475) Fix bug where a long subject title could not bedisplayed in some cases (#9416) Fix infinite loop when parsing malformed Sieve script (#9562) Fix bug where imap_conn_option's 'socket' was ignored (#9566) Fix XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009 Fix XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008 Fix information leak (access to remote content) via insufficient CSS filtering CVE-2024-42010 -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 5 2024 Remi Collet - 1.6.8-1 - update to 1.6.8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2303070 - CVE-2024-42008 roundcubemail: A Cross-Site Scripting vulnerability in rcmail_action_mail_get-> run() in Roundcube [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2303070 [ 2 ] Bug #2303075 - CVE-2024-42009 roundcubemail: A Cross-Site Scripting vulnerability in Roundcube [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2303075 [ 3 ] Bug #2303095 - CVE-2024-42010 roundcubemail: information leak due to insufficient CSS filtering [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2303095 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-b60eb661a4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Aug 15, 2024
•Critical
Fedora
172
security advisorysoftware updateubuntuUbuntu 24.04 LTS: USN-6787-1 Moderate: Jinja2 XSS Security Alert
Jinja2 could allow cross-site scripting (XSS) attacks.. ========================================================================== Ubuntu Security Notice USN-6787-1 May 28, 2024 jinja2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Jinja2 could allow cross-site scripting (XSS) attacks. Software Description: - jinja2: small but fast and easy to use stand-alone template engine Details: It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting (XSS) attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS python3-jinja2 3.1.2-1ubuntu1.1 Ubuntu 23.10 python3-jinja2 3.1.2-1ubuntu0.23.10.2 Ubuntu 22.04 LTS python3-jinja2 3.0.3-1ubuntu0.2 Ubuntu 20.04 LTS python-jinja2 2.10.1-2ubuntu0.3 python3-jinja2 2.10.1-2ubuntu0.3 Ubuntu 18.04 LTS python-jinja2 2.10-1ubuntu0.18.04.1+esm2 Available with Ubuntu Pro python3-jinja2 2.10-1ubuntu0.18.04.1+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS python-jinja2 2.8-1ubuntu0.1+esm3 Available with Ubuntu Pro python3-jinja2 2.8-1ubuntu0.1+esm3 Available with Ubuntu Pro Ubuntu 14.04 LTS python-jinja2 2.7.2-2ubuntu0.1~esm3 Available with Ubuntu Pro python3-jinja2 2.7.2-2ubuntu0.1~esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6787-1 CVE-2024-34064 Package Information: https://launchpad.net/ubuntu/+source/jinja2/3.1.2-1ubuntu1.1 https://launchpad.net/ubuntu/+source/jinja2/3.1.2-1ubuntu0.23.10.2 https://launchpad.net/ubuntu/+source/jinja2/3.0.3-1ubuntu0.2 https://launchpad.net/ubuntu/+source/jinja2/2.10.1-2ubuntu0.3 . The Jinja2 security flaw exposes cross-site scripting risks; Ubuntu has released updates providing solutions to mitigate this vulnerability.. jinja2 security,xss threat,ubuntu advisory,software patch,update instructions. . Severity: Important. LinuxSecurity.com Team
May 29, 2024
•Important
Ubuntu
89
security advisoryfedorasoftware updateFedora 40: 2024-2c564b942d Moderate: XSS Threats in php-wikimedia
https://www.mediawiki.org/wiki/Release_notes/1.41. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-2c564b942d 2024-05-11 01:29:32.567764 -------------------------------------------------------------------------------- Name : php-wikimedia-utfnormal Product : Fedora 40 Version : 4.0.0 Release : 1.fc40 URL : http://www.mediawiki.org/wiki/Utfnormal Summary : Unicode normalization functions Description : utfnormal is a library that contains unicode normalization functions. It was split out of MediaWiki core during the 1.25 development cycle. -------------------------------------------------------------------------------- Update Information: https://www.mediawiki.org/wiki/Release_notes/1.41 -------------------------------------------------------------------------------- ChangeLog: * Fri May 3 2024 Michael Cronenworth - 4.0.0-1 - version update -------------------------------------------------------------------------------- References: [ 1 ] Bug #2240808 - CVE-2023-3550 mediawiki: stored XSS leads to privilege escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2240808 [ 2 ] Bug #2241397 - mediawiki-1.41.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2241397 [ 3 ] Bug #2247804 - CVE-2023-45360 mediawiki: XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247804 [ 4 ] Bug #2247806 - CVE-2023-45362 mediawiki: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247806 [ 5 ] Bug #2255583 - CVE-2023-51704 mediawiki: group-.*-member messages are not properly escaped on Special:log/rights [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2255583 [ 6 ] Bug #2261492 - php-oojs-oojs-ui: FTBFS in Fedorarawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261492 [ 7 ] Bug #2278773 - mediawiki: XSS in edit summary parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2278773 [ 8 ] Bug #2278774 - mediawiki: denial of service via GET request to Special:MovePage [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2278774 [ 9 ] Bug #2279230 - CVE-2024-34507 mediawiki: cross-site scripting [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2279230 [ 10 ] Bug #2279232 - CVE-2024-34506 mediawiki: denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2279232 [ 11 ] Bug #2279234 - CVE-2024-34500 mediawiki: XSS through interface message in UnlinkedWikibase [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2279234 [ 12 ] Bug #2279239 - CVE-2024-34502 mediawiki: MergeLexemes makes edits on GET requests without edit tokens [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2279239 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-2c564b942d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 11, 2024
Fedora
89
security advisoryfedorasevere issueFedora 36 FEDORA-2023-fda5480804 Severe: Awstats XSS Issue Fix
Security fix for CVE-2022-46391. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-fda5480804 2023-01-18 01:38:39.308169 --------------------------------------------------------------------------------Name : awstats Product : Fedora 36 Version : 7.8 Release : 9.fc36 URL : Summary : Advanced Web Statistics Description : Advanced Web Statistics is a powerful and full-featured tool that generates advanced web server graphical statistics. This server log analyzer works from the command line or as a CGI and shows all information your log contains, in graphical web pages. It can analyze a lot of web/wap/proxy servers such as Apache, IIS, Weblogic, Webstar, Squid, ... but also mail or FTP servers. This program can measure visits, unique visitors, authenticated users, pages, domains/countries, OS busiest times, robot visits, type of files, search engines/keywords used, visit duration, HTTP errors and more... Statistics can be updated from a browser or your scheduler. The program also supports virtual servers, plugins and a lot of features. With the default configuration, the statistics are available at: --------------------------------------------------------------------------------Update Information: Security fix for CVE-2022-46391 --------------------------------------------------------------------------------ChangeLog: * Mon Jan 9 2023 Tim Jackson - 7.8-9 - Fix CVE-2022-46391 (rhbz #2150632) - Clean up spec file, removing conditionals for now-obsolete releases * Wed Jul 20 2022 Fedora Release Engineering - 7.8-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Mon May 30 2022 Jitka Plesnikova - 7.8-7 - Perl 5.36 rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2150632 - CVE-2022-46391 awstats: XSS due to improper input checks https://bugzilla.redhat.com/show_bug.cgi?id=2150632 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-fda5480804' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jan 18, 2023
•Critical
Fedora
197
security advisorydebianmoderate severityDebian 10: DLA-3227-1 Moderate: ruby-rails-html-sanitizer XSS Fix
A potential cross-site scripting (XSS) vulnerability was discovered in ruby-rails-html-sanitizer, a library to clean (or "sanitize") HTML for rendering within Ruby on Rails web applications. . - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3227-1
Dec 07, 2022
•Important
Debian LTS
197
security advisorydebianxss threatUbuntu: USN-5299-1 low: php-horde-mime-viewer XSS vulnerability
It was discovered that there was a potential XSS vulnerability in php-horde-mime-viewer, a MIME viewer library for the Horde groupware platform. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3089-1
Aug 31, 2022
•Low
Debian LTS
89
security advisoryfedorasoftware updateFedora 26: FEDORA-2017-ca6f3b5770 Moderate: Horde Form XSS Fix
**Horde_Form 2.0.18** * [jan] SECURITY: Fix XSS vulnerability with form sections.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-ca6f3b5770 2017-08-10 15:18:13.065572 --------------------------------------------------------------------------------Name : php-horde-Horde-Form Product : Fedora 26 Version : 2.0.18 Release : 1.fc26 URL : http://pear.horde.org Summary : Horde Form API Description : The Horde_Form package provides form rendering, validation, and other functionality for the Horde Application Framework. --------------------------------------------------------------------------------Update Information: **Horde_Form 2.0.18** * [jan] SECURITY: Fix XSS vulnerability with form sections. --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade php-horde-Horde-Form' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Aug 10, 2017
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!