Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 0 articles for you...
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydebiancritical threat

Debian LTS DLA-4054-1 critical: Tryton Client zip bomb threat

Cédric Krier has found that trytond, the Tryton application server, accepts compressed content from unauthenticated requests which makes it vulnerable to zip bomb attacks (see DLA 4022-1). . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4054-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Daniel Leidert February 16, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : tryton-client Version : 5.0.33-1+deb11u1 CVE ID : not yet available Debian Bug : none Cédric Krier has found that trytond, the Tryton application server, accepts compressed content from unauthenticated requests which makes it vulnerable to zip bomb attacks (see DLA 4022-1). This update fixes a potential regression in tryton-client. It allows users only to send gzip content within a session. For Debian 11 bullseye, this problem has been fixed in version 5.0.33-1+deb11u1. We recommend that you upgrade your tryton-client packages. For the detailed security status of tryton-client please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/tryton-client Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-4060-1 warns of potential vulnerabilities in the zip tool and recommends upgrading the zip package.. Debian Security, Tryton Client, Zip Bomb Fix, Client Update, LTS Advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 16, 2025 Critical Debian LTS
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisoryupdateDebian

Debian 11: DLA-4022-1 critical: tryton-server zip bomb risk

Cédric Krier has found that trytond, the Tryton application server, accepts compressed content from unauthenticated requests which makes it vulnerable to zip bomb attacks. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4022-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Daniel Leidert January 19, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : tryton-server Version : 5.0.33-2+deb11u3 CVE ID : not yet available Debian Bug : none Cédric Krier has found that trytond, the Tryton application server, accepts compressed content from unauthenticated requests which makes it vulnerable to zip bomb attacks. The fix requires a small update to tryton-client as well to prevent a regression. For Debian 11 bullseye, this problem has been fixed in version 5.0.33-2+deb11u3 in tryton-server and in version 5.0.33-1+deb11u1 for tryton-client. We recommend that you upgrade your tryton-server and tryton-client packages. For the detailed security status of tryton-server please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/tryton-server Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-4022-2 tackles vulnerabilities in the tryton-server related to zip bombs; users should update for necessary security enhancements.. tryton-server security fix, Debian LTS update, unathorized access issue, zip bomb vulnerability. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 19, 2025 Critical Debian LTS
Banner 1 1028x280 1708121660 1771599717
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisoryDebianmoderate severity

Debian 10 Buster DLA-3854-1 Moderate: Tryton-Client Zip Bomb Threat

Cédric Krier has found that trytond, the Tryton application server, accepts compressed content from unauthenticated requests which makes it vulnerable to zip bomb attacks. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3854-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany June 30, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : tryton-client Version : 5.0.5-1+deb10u1 CVE ID : not yet available Cédric Krier has found that trytond, the Tryton application server, accepts compressed content from unauthenticated requests which makes it vulnerable to zip bomb attacks. This update fixes a potential regression in tryton-client. It allows users only to send gzip content within a session. For Debian 10 buster, this problem has been fixed in version 5.0.5-1+deb10u1. We recommend that you upgrade your tryton-client packages. For the detailed security status of tryton-client please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/tryton-client Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-3855-1 releases updates for tryton-server, fixing denial of service vulnerability and enhancing authentication measures.. Tryton Client, Debian Security, Zip Bomb Vulnerability, Authentication Issues, Application Server. . LinuxSecurity.com Team

Calendar 2 Jun 30, 2024 Debian LTS
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycriticaldebian

Debian 10 Buster DLA-3853-1: Critical Zip Bomb Risk in Tryton Server

Cédric Krier has found that trytond, the Tryton application server, accepts compressed content from unauthenticated requests which makes it vulnerable to zip bomb attacks. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3853-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany June 30, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : tryton-server Version : 5.0.4-2+deb10u3 CVE ID : not yet available Cédric Krier has found that trytond, the Tryton application server, accepts compressed content from unauthenticated requests which makes it vulnerable to zip bomb attacks. For Debian 10 buster, this problem has been fixed in version 5.0.4-2+deb10u3. We recommend that you upgrade your tryton-server packages. For the detailed security status of tryton-server please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/tryton-server Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Cédric Krier discovered a zip bomb exploit in the Tryton server, urging Debian 10 buster users to apply the latest upgrades.. Tryton Server Update, Debian Security Fix, Zip Bomb Attack, Securing Trytond, Debian LTS Advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 30, 2024 Critical Debian LTS
Banner 1 1028x280 1708121660 1771599717
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderatecontainer update

SUSE 2022:2423-1 Moderate: BCI/Rust Symlink Hijack and Zip Bomb

The container bci/rust was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2423-1 Container Tags : bci/rust:1.62 , bci/rust:1.62-2.39 , bci/rust:latest Container Release : 2.39 Severity : moderate Type : security References : 1201942 1203431 1203433 CVE-2022-36113 CVE-2022-36114 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3451-1 Released: Wed Sep 28 09:44:15 2022 Summary: Security update for rust1.62 Type: security Severity: moderate References: 1203431,1203433,CVE-2022-36113,CVE-2022-36114 This update for rust1.62 fixes the following issues: - CVE-2022-36113: Fixed symlink hijack vulnerability (bsc#1203433). - CVE-2022-36114: Fixed zip bomb vulnerability (bsc#1203431). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) The following package changes have been done: - glibc-2.31-150300.41.1 updated - glibc-devel-2.31-150300.41.1 updated - rust1.62-1.62.1-150300.7.7.1 updated - cargo1.62-1.62.1-150300.7.7.1 updated - container:sles15-image-15.0.0-27.11.28 updated . Recent security patches for bci/rust have been issued, focusing on mitigating symlink vulnerability risks and preventing zip bomb exploits.. bci/rust security, container updates, SUSE advisory. . LinuxSecurity.com Team

Calendar 2 Sep 30, 2022 SuSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderatesuse linux

SUSE: 2022:3451-1 Moderate: Symlink Hijack And Zip Bomb Fix

An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for rust1.62 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3451-1 Rating: moderate References: #1203431 #1203433 Cross-References: CVE-2022-36113 CVE-2022-36114 CVSS scores: CVE-2022-36113 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-36113 (SUSE): 5.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L CVE-2022-36114 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-36114 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update forrust1.62 fixes the following issues: - CVE-2022-36113: Fixed symlink hijack vulnerability (bsc#1203433). - CVE-2022-36114: Fixed zip bomb vulnerability (bsc#1203431). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3451=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3451=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3451=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3451=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cargo1.62-1.62.1-150300.7.7.1 cargo1.62-debuginfo-1.62.1-150300.7.7.1 rust1.62-1.62.1-150300.7.7.1 rust1.62-debuginfo-1.62.1-150300.7.7.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cargo1.62-1.62.1-150300.7.7.1 cargo1.62-debuginfo-1.62.1-150300.7.7.1 rust1.62-1.62.1-150300.7.7.1 rust1.62-debuginfo-1.62.1-150300.7.7.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): cargo1.62-1.62.1-150300.7.7.1 cargo1.62-debuginfo-1.62.1-150300.7.7.1 rust1.62-1.62.1-150300.7.7.1 rust1.62-debuginfo-1.62.1-150300.7.7.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): cargo1.62-1.62.1-150300.7.7.1 cargo1.62-debuginfo-1.62.1-150300.7.7.1 rust1.62-1.62.1-150300.7.7.1 rust1.62-debuginfo-1.62.1-150300.7.7.1 References: https://www.suse.com/security/cve/CVE-2022-36113.html https://www.suse.com/security/cve/CVE-2022-36114.html https://bugzilla.suse.com/1203431 https://bugzilla.suse.com/1203433 . SUSE SecurityUpdate for rust1.63 addresses symlink vulnerabilities and zip archive threats. Apply the recommended updates to reduce exposure.. SUSE Linux Enterprise,Rust 1.62,Security Update,Patch Management,Vulnerability Fix. . LinuxSecurity.com Team

Calendar 2 Sep 28, 2022 SuSE
Banner 1 1028x280 1708121660 1771599717
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorymoderateclamav

openSUSE Leap 15.0 Security Update: clamav Moderate Threat

An update that solves two vulnerabilities and has one errata is now available.. openSUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:2597-1 Rating: moderate References: #1144504 #1149458 #1151839 Cross-References: CVE-2019-12625 CVE-2019-12900 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for clamav fixes the following issues: Security issue fixed: - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed: - Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). - Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-2597=1 Package List: - openSUSE Leap 15.0 (x86_64): clamav-0.100.3-lp150.2.13.1 clamav-debuginfo-0.100.3-lp150.2.13.1 clamav-debugsource-0.100.3-lp150.2.13.1 clamav-devel-0.100.3-lp150.2.13.1 libclamav7-0.100.3-lp150.2.13.1 libclamav7-debuginfo-0.100.3-lp150.2.13.1 libclammspack0-0.100.3-lp150.2.13.1 libclammspack0-debuginfo-0.100.3-lp150.2.13.1 References: https://www.suse.com/security/cve/CVE-2019-12625.html https://www.suse.com/security/cve/CVE-2019-12900.html https://bugzilla.suse.com/1144504 https://bugzilla.suse.com/1149458 https://bugzilla.suse.com/1151839 -- . OpenSUSE addresses moderate threats in clamav with fixes for ZIP bomb and out-of-bounds write issues.. clamav Security Update, openSUSE Fix, Cumulative Patch, ZIP Bomb Issues. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Dec 01, 2019 Important OpenSUSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderatesecurity fix

SUSE: 2019:14231-1 Moderate: clamav Zip Bomb & Out-Of-Bounds Issues

An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14231-1 Rating: moderate References: #1144504 #1149458 Cross-References: CVE-2019-12625 CVE-2019-12900 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for clamav fixes the following issues: Security issues fixed: - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issue fixed: - Added the --max-scantime clamscan option and MaxScanTime clamd configuration option. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-clamav-14231=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-clamav-14231=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-clamav-14231=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-clamav-14231=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): clamav-0.100.3-0.20.26.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): clamav-0.100.3-0.20.26.1 - SUSELinux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): clamav-debuginfo-0.100.3-0.20.26.1 clamav-debugsource-0.100.3-0.20.26.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): clamav-debuginfo-0.100.3-0.20.26.1 clamav-debugsource-0.100.3-0.20.26.1 References: https://www.suse.com/security/cve/CVE-2019-12625.html https://www.suse.com/security/cve/CVE-2019-12900.html https://bugzilla.suse.com/1144504 https://bugzilla.suse.com/1149458 _______________________________________________ sle-security-updates mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. http://lists.suse.com/mailman/listinfo/sle-security-updates . Addresses several security flaws in clamav, improving SUSE's protective measures. Detailed installation guidelines are included.. SUSE Security Update, clamav vulnerabilities, systems patch, zip bomb fix. . LinuxSecurity.com Team

Calendar 2 Nov 26, 2019 SuSE
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here