Security Trends 
fedora security assessment
fedora security assessment A Fedora contributor account recently came under scrutiny for apparently AI-generated activity that disrupted the project's bug tracker. . Questionable Bugzilla comments, flawed patches, and improperly closed or reassigned bugs forced maintainers to spend time cleaning up the fallout. There is no evidence that malware was deployed or a backdoor reached production, but the incident exposed a different problem. Open-source projects can be disrupted without compromising a single line of code....
Jun 12, 2026 
Security Vulnerabilities security advisory critical
security advisory critical Attackers are actively exploiting a high-severity vulnerability in Langflow , an open-source platform used to build and run AI workflows. . The flaw turns a file upload into a filesystem write, allowing a user-controlled file to escape the application's intended upload directory and land in locations Langflow was never supposed to touch. The vulnerable upload endpoint permits path traversal through crafted filenames. From there, the impact depends heavily on how the platform is deployed. A...
Jun 11, 2026 
Vendors/Productssecurity advisory linux
security advisory linux With npm v12 , dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change expected to arrive in July 2026. . The announcement targets a part of the software supply chain that has repeatedly appeared in package registry abuse, credential theft, and CI/CD compromise investigations. A single npm install could trigger code...
Jun 11, 2026 
Security Vulnerabilities security advisory zero-day
security advisory zero-day CISA added CVE-2026-11645 to its Known Exploited Vulnerabilities catalog after Google confirmed active exploitation of the flaw. The bug sits in V8, the JavaScript engine behind Chrome and Chromium. . That's where this gets more interesting. Most coverage will focus on Chrome because that's where the patch landed. But the affected component is V8. Chromium relies on it. Electron relies on it. Plenty of desktop software Linux users interact with every day relies on it too, often without much...
Jun 10, 2026 
Network Securitysecurity advisory networking
security advisory networking For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift. . The problem is that most admins stick with IPv4 out of habit. They know it; it’s what their tooling defaults to, and they don’t see a reason to change. Some are overpaying for addresses they don’t need. Others would quietly break their scrapers, scripts, or...
Jun 09, 2026 
Refine news
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 5 articles for you...
78
malware protectionmandatory access controlLinux administrationNovell's AppArmor: A New Standard in Linux Security Controls
Novell plans to release software on Tuesday that is designed to make it harder for new attacks to compromise existing Linux-based computers. The software, called AppArmor, is one of several products in the security realm based on the idea of mandatory access controls. The technology limits a running software program's privileges only to those absolutely necessary. . Novell's chief rival, Red Hat, has been adding such features into its product through the use of SELinux, added to Red Hat Enterprise Linux in 2005. The AppArmor software is available for download and will be integrated into OpenSuse on Jan. 19, Novell said. It's based on software Novell obtained when it bought Immunix, a Linux security company, in 2005. AppArmor lets an administrator create a profile that describes which files a given application may use. The software then enforces that profile. Consquently, if a remote attacker takes over that application, it's more difficult for the attacker to use the application for malicious purposes, such as taking over the entire computer.. Explore the ways in which Red Hat's SELinux strengthens the security of Linux systems by implementing strict access controls to protect against cyber threats.. AppArmor Release, Novell Security, Mandatory Access Control, OpenSuse Integration. . LinuxSecurity.com Team
Jan 10, 2006 •
Vendors/Products 77
access controlkernel patchsecurity enhancementSecuring Linux Servers With LIDS: Effective Access Control Solutions
The Linux Intrusion Detection System (LIDS) is a kernel patch for both 2.4 and 2.6 kernels that adds Mandatory Access Control (MAC) and other security enhancements to the Linux kernel. The main feature of LIDS is its ability to limit the power of the root account. LIDS uses Access Control Lists (ACLs) to control access to files, processes, and network resources. Once these permissions are set, they cannot be overridden, even if a user or process has root privileges. You may be wondering why anyone would choose LIDS over its more popular counterpart, SELinux. Both have their advantages. Both add MAC and the ability to limit the damage that can be done by the root account. There are two reasons why you may want to consider LIDS instead of SELinux. . First, LIDS is easier to implement on a wide range of Linux distributions. This is because LIDS ACLs are easier to configure than SELinux policies. SELinux policies are notoriously hard to implement correctly. For many distributions, using SELinux will not be a realistic choice unless they ship with pre-defined SELinux policies. The link for this article located at Linux.com is no longer available. . LISP provides a streamlined method for managing safety on various Linux distributions by utilizing user-friendly ACL setups.. Linux Intrusion Detection System, Access Control Lists, Security Features, Kernel Security. . LinuxSecurity.com Team
Mar 21, 2005 • Server Security 
77
security toolmandatory access controlcyber defenseNSA's Enhanced Linux Improves Cyber Defense Through Access Controls
The National Security Agency built a version of Linux with more security tools that its technologists believe could help make the country's computing infrastructure less vulnerable. They won over the Linux developer community with the changes. But its success depends on the adoption by U.S. companies and government agencies, something that remains very much in doubt. . For more than a decade, the National Security Agency has worked on a way to use a computer's operating-systems to control where software applications and their users can access data within IT environments. The agency succeeded years ago in creating such "mandatory access control" features for specialized operating systems, but very few users had the access or inclination to deploy them. Taking a gamble in 2000 on the emerging Linux operating system, NSA started applying its security approach to the open-source code. The result is its Security Enhanced Linux technology, which it hopes can raise the nation's overall level of cybersecurity. The link for this article located at Information Week is no longer available. . Explore the NSA's contributions to Linux, revealing powerful features that boost resilience against cyber threats and enhance overall security in distributions. Linux Security Tools, NSA Cyber Defense, Mandatory Access, Open Source Security Enhancements. . LinuxSecurity.com Team
Mar 04, 2005 • Server Security 77
intrusion detectionmandatory access controlopen sourceEnhancing Linux Security With SELinux, RSBAC, And Other MAC Projects
Some in the security industry say that Linux is inherently insecure, that the way Linux enforces security decsions is fundamentally flawed, and the only way to change this is to redesign the kernel. Fortunately, there are a few projects aiming to solve this problem by providing a more robust security model for Linux by adding Mandatory Access Control (MAC) to the kernel. . The most well-known of these projects is Security Enhanced Linux (SELinux), which was developed by the U.S. National Security Agency (NSA). The Rule Set Based Access Control (RSBAC) project, the Linux Intrusion Detection System (LIDS), and grsecurity are other popular projects with the same goal. All of these projects are open-source and licensed under the GPL. The link for this article located at Linux.com is no longer available. . Mandatory Access Control (MAC) enhances Linux security through SELinux and RSBAC, enforcing strict management of user and process interactions with resources. Mandatory Access Control, SELinux, RSBAC, Open Source Security, Linux Projects. . LinuxSecurity.com Team
Feb 15, 2005 • Server Security 78
security advisoryRed HatFedoraRed Hat Fedora: SE Linux Integration and Security Improvements
Multitudes of bug fixes and feedback on Red Hat Inc.'s inclusion of Security-Enhanced Linux in the Fedora Project have been submitted from the Linux community since the test2 beta was released in late March. Suffice it to say that the returns have been far more beneficial to Red Hat than any controlled beta release could hope for. . . .. Multitudes of bug fixes and feedback on Red Hat Inc.'s inclusion of Security-Enhanced Linux in the Fedora Project have been submitted from the Linux community since the test2 beta was released in late March. Suffice it to say that the returns have been far more beneficial to Red Hat than any controlled beta release could hope for. Red Hat put SE Linux in Fedora, its openly developed and constantly changing version of Linux, in preparation for inclusion in the distributor's flagship server OS Red Hat Enterprise Linux 4.0 due in early 2005. SE Linux, developed by the National Security Agency, is an implementation of mandatory access control (MAC) in the Linux kernel that splits root functionality into roles. Red Hat said Friday it would incorporate the bug fixes and feedback into RHEL in order to correctly configure its policies. RHEL 4.0 will be the first Linux distribution to include SE Linux, and that along with several impending Common Criteria certifications should open many doors in the enterprise and government for Red Hat. "Achieving certification is important because it now enables Linux to penetrate markets where it was not able to penetrate before," said Paul Cormier, Red Hat executive vice president of engineering. "Linux has been used in the government for some time, but it can't get official contracts because it's not certified [Common Criteria]." Red Hat's inclusion of SE Linux as part and parcel of the operating system and not as an added feature is just part of the Raleigh, N.C. company's security road map for 2004. RHEL 3.0 is currently Common Criteria EAL 2 certified. It is currently working on EAL 3 and expects EAL 4 by the time RHEL 4.0 is released next year. The link for this article located at techtarget.com is no longer available. . Enhancements and troubleshooting for Red Hat's Security-Enhanced Linux focus on improving overall operating system security and ensuring compliance for enterprise certification.. Red Hat Enterprise Linux, Security-Enhanced Linux, Fedora Project. . LinuxSecurity.com Team
May 03, 2004 • Vendors/Products 79
security advisorysystem hardeningkernelNSA SELinux Update Enhances Linux Kernel Security Features
Most stories about government deployments of Linux involve a distributor helping various federal and municipal agencies install the open source operating system. But in this case, a federal agency is helping Linux. The U.S. National Security Agency (NSA), also known as the codemakers and codebreakers cryptologic division within the Department of Defense, has helped to harden Linux with newly-released Security Enhanced Linux (SELinux) kernel modifications. . . .. Most stories about government deployments of Linux involve a distributor helping various federal and municipal agencies install the open source operating system. But in this case, a federal agency is helping Linux. The U.S. National Security Agency (NSA), also known as the codemakers and codebreakers cryptologic division within the Department of Defense, has helped to harden Linux with newly-released Security Enhanced Linux (SELinux) kernel modifications. The latest release, which updates the base kernel to 2.6.3 and 2.4.24, contains numerous significant improvements to security in the open source operating system. The SELinux improvements mark a major breakthrough for Linux. Because of the NSA's contributions to the kernel, the new security features will now show up in mainstream distributions of Linux. "Conditional policies are significant and also networking hooks were added, which makes SElinux all that much more powerful," Joshua Brindle, hardened Gentoo Linux Project Leader and a listed contributor to NSA's SELinux, told internetnews.com. "They also exported AVC (define) controls to userland to facilitate strong X-based access control and privilege separation," he added. SELinux was released by the NSA under the GNU GPL open source license. SELinux is essentially a Linux Kernel with a number of utilities that provide enhanced security functionality. But the critical component of SELinux is how it implements and handles mandatory access controls. "SELinux is important because mandatory access controls are essential to limiting access to daemons andusers to only what they need. It also solves the age-old almighty powerful superuser problem in Linux," Gentoo's Brindle told internetnews.com. "We stress however that it isn't an end-all solution, that it must be combined with additional layers of protection." The link for this article located at InternetNews.com is no longer available. . Most stories about government deployments of Linux involve a distributor helping various federal and. stories, about, government, deployments, linux, involve, distributor, helping, various, federal. . LinuxSecurity.com Team
Feb 25, 2004 • Security Projects 77
access controlmandatory access controllinux security systemLinSec 2002 Release: Enhancing Linux With Mandatory Access Control
LinSec team is proud to announce the first stable release of LinSec. LinSec, as the name says, is Linux Security Protection System. The main aim of LinSec is to introduce Mandatory Access Control (MAC) mechanism into Linux (as opposed to existing Discretionary Access Control mechanism).. . .. LinSec team is proud to announce the first stable release of LinSec. LinSec, as the name says, is Linux Security Protection System. The main aim of LinSec is to introduce Mandatory Access Control (MAC) mechanism into Linux (as opposed to existing Discretionary Access Control mechanism). Date: Wed, 16 Oct 2002 18:37:13 +0200 (CEST) From: Bosko Radivojevic To: bugtraq@ Subject: Linux Security Protection System LinSec team is proud to announce the first stable release of LinSec. LinSec, as the name says, is Linux Security Protection System. The main aim of LinSec is to introduce Mandatory Access Control (MAC) mechanism into Linux (as opposed to existing Discretionary Access Control mechanism). LinSec model is based on: Capabilities Filesystem Access Domains IP Labeling Lists Socket Access Control As for Capabilities, LinSec heavily extends the Linux native capability model to allow fine grained delegation of individual capabilities to both users and programs on the system. No more allmighty root! Filesystem Access Domain subsystem allows restriction of accessible filesystem parts for both individual users and programs. Now you can restrict user activities to only its home, mailbox etc. Filesystem Access Domains works on device, dir and individual file granularity. IP Labeling lists enable restriction on allowed network connections on per program basis. From now on, you may configure your policy so that no one except your favorite MTA can connect to remote port 25 Socket Access Control model enables fine grained socket access control by associating, with each socket, a set of capabilities required for a local process to connect to the socket. LinSec consists of two parts: kernel patch(currently for 2.4.18) and userspace tools. Detailed documentation, download & mailing list information - . LinCore's stable launch improves Linux by introducing security features such as DAC and network connection oversight.. LinSec, Linux Security System, Mandatory Access Control, access management, kernel patch. . LinuxSecurity.com Team
Oct 16, 2002 • Server Security 77
access controlmandatory access controlsecurity architectureImplementing Mandatory Access Control in SE Linux for Enhanced Security
This article discusses implementing Mandatory Access Control in the SE Linux system. "The protection mechanisms of current mainstream operating systems are inadequate to support confidentiality and integrity requirements for end systems. Mandatory access control (MAC) is needed to address such requirements, . . . . This article discusses implementing Mandatory Access Control in the SE Linux system. "The protection mechanisms of current mainstream operating systems are inadequate to support confidentiality and integrity requirements for end systems. Mandatory access control (MAC) is needed to address such requirements, but the limitations of traditional MAC have inhibited its adoption into mainstream operating systems. The National Security Agency (NSA) worked with Secure Computing Corporation (SCC) to develop a flexible MAC architecture called Flask to overcome the limitations of traditional MAC. The NSA has implemented this architecture in the Linux operating system, producing a Security-Enhanced Linux (SELinux) prototype, to make the technology available to a wider community and to enable further research into secure operating systems. NAI Labs has developed an example security policy configuration to demonstrate the benefits of the architecture and to provide a foundation for others to use. This paper describes the security architecture, security mechanisms, application programming interface, security policy configuration, and performance of SELinux. The link for this article located at SELinux Project is no longer available. . This paper explores the application of Role-Based Access Control within the AppArmor framework to improve protective strategies.. Mandatory Access Control, SE Linux, SELinux, Security Policies, Access Control. . LinuxSecurity.com Team
Jul 01, 2002 • Server Security 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More