Amazon Linux 2023 : docker (ALAS2023-2025-934)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-934 advisory. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CVE-2025-22868 SSH servers which implement file transfer protocols are vulnerable ...

[SECURITY] [DSA 5900-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5900-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 12, 2025 https://www.debian.org/security/faq -...

DSA-5900-1 linux - security update

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2024-38797

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - EDK2 contains a vulnerability in the HashPeImageByType. A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent...

Debian dla-4114 : libnvpair3linux - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4114 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4114-1 [email protected]...

Amazon Linux 2023 : xorg-x11-server-common, xorg-x11-server-devel, xorg-x11-server-source (ALAS2023-2025-892)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-892 advisory. A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to...

Amazon Linux 2023 : java-23-amazon-corretto, java-23-amazon-corretto-devel, java-23-amazon-corretto-headless (ALAS2023-2025-904)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-904 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle...

SUSE SLES15: apache2-mod_php7 / php7 / php7-bcmath / php7-bz2 / php7-calendar / etc (SUSE-SU-2025:1026-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1026-1 advisory. - CVE-2024-11235: Fixed reference counting in phprequestshutdown causing Use-After-Free bsc1239666 - CVE-2025-1217: Fixed header...

The vulnerabilities of SELinux and SMACK components in the Linux operating system allow attackers to cause service failures.

The vulnerability of SELinux components and SMACK in Linux operating systems is related to improper blocking. Exploiting this vulnerability can allow a perpetrator to cause service failures...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-871)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-871 advisory. A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands...

Vulnerabilities of the functions rxrpc_open_socket(), rxrpc_encap_rcv(), and rxrpc_io_thread() in the Linux operating system, allowing a hacker to cause a service failure

The vulnerabilities of the functions rxrpcopensocket, rxrpcencaprcv, and rxrpciothread in the Linux operating system are related to synchronization errors when using shared resources. Exploiting these vulnerabilities can allow an attacker to cause service failures...

GHSA-28PG-93M7-9JMX vulnerabilities

Vulnerabilities for packages: linux...

GHSA-34X8-RWH3-J65F vulnerabilities

Vulnerabilities for packages: linux...

March Linux Patch Wednesday

MarchLinux Patch Wednesday. Total vulnerabilities: 1083. 879 in the Linux Kernel. Two vulnerabilities show signs of exploitation in the wild: Code Injection - GLPI CVE-2022-35914. An old vulnerability from CISA KEV, but first patched on March 3 in RedOS Linux. Memory Corruption - Safari...

netavark bug fix and enhancement update

An update is available for netavark. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.5...

golang bug fix update

An update is available for golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Bug Fixes:...

ksh bug fix update

An update is available for ksh. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list KornShell ksh is a Unix shell developed by AT&T Bell Laboratories, which is...

orc bug fix and enhancement update

An update is available for orc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.5...

RLSA-2024:9135 Moderate: toolbox security update

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in...

redis:7 security update

An update is available for module.redis, redis. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Redis is an advanced key-value store. It is often referred to as ...