Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 1 hour 53 min ago

Mageia 2021-0487: ansible security update>

8 hours 45 min ago
Do not include params in exception when a call to set_options fails. Additionally, block the exception that is returned from being displayed to stdout. (CVE-2021-3620) References:

Mageia 2021-0486: flatpak security update>

8 hours 45 min ago
Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process, by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp

Mageia 2021-0485: tomcat security update>

8 hours 45 min ago
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. (CVE-2021-30640) Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66

Mageia 2021-0484: docker-containerd security update>

8 hours 45 min ago
A bug was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky.

Fedora 33: libzapojit 2021-7f5a82ef57>

Friday 22nd of October 2021 11:25:57 PM
Security fix for CVE-2021-39360

Fedora 33: nodejs 2021-cbad295a90>

Friday 22nd of October 2021 11:25:54 PM
## 2021-10-12, Version 14.18.1 'Fermium' (LTS), @danielleadams This is a security release. ### Notable changes * **CVE-2021-22959**: HTTP Request Smuggling due to spaced in headers (Medium) * The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at

Fedora 33: vim 2021-84f4cf3244>

Friday 22nd of October 2021 11:25:44 PM
The newest upstream commit Security fix for CVE-2021-3778 Security fix for CVE-2021-3796 Security fix for CVE-2021-3875 Security fix for CVE-2021-3872

Fedora 34: libzapojit 2021-c3395a5df6>

Friday 22nd of October 2021 11:22:52 PM
Security fix for CVE-2021-39360

Fedora 34: nodejs 2021-9807b754d9>

Friday 22nd of October 2021 11:22:47 PM
## 2021-10-12, Version 14.18.1 'Fermium' (LTS), @danielleadams This is a security release. ### Notable changes * **CVE-2021-22959**: HTTP Request Smuggling due to spaced in headers (Medium) * The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at

Fedora 34: watchdog 2021-31748c40a6>

Friday 22nd of October 2021 11:22:20 PM
fix memory leak when verbose mode is on

Debian: DSA-4991-1: mailman security update>

Friday 22nd of October 2021 02:24:25 PM
Several vulnerabilities were discovered in mailman, a web-based mailing list manager, which could result in arbitrary content injection via the options and private archive login pages, and CSRF attacks or privilege escalation via the user options page.

Ubuntu 5121-1: Mailman vulnerabilities>

Friday 22nd of October 2021 01:57:20 AM
Several security issues were fixed in Mailman.

Ubuntu 5116-2: Linux kernel vulnerabilities>

Thursday 21st of October 2021 09:06:25 PM
Several security issues were fixed in the Linux kernel.

Ubuntu 5120-1: Linux kernel (Azure) vulnerabilities>

Thursday 21st of October 2021 08:31:46 PM
Several security issues were fixed in the Linux kernel.

ArchLinux: 202110-6: nodejs-lts-erbium: multiple issues>

Thursday 21st of October 2021 04:57:51 PM
The package nodejs-lts-erbium before version 12.22.7-1 is vulnerable to multiple issues including arbitrary code execution, url request injection and certificate verification bypass.

ArchLinux: 202110-5: nodejs-lts-fermium: multiple issues>

Thursday 21st of October 2021 04:57:40 PM
The package nodejs-lts-fermium before version 14.18.1-1 is vulnerable to multiple issues including arbitrary code execution, url request injection and certificate verification bypass.

ArchLinux: 202110-4: nodejs: url request injection>

Thursday 21st of October 2021 04:57:29 PM
The package nodejs before version 16.11.1-1 is vulnerable to url request injection.

ArchLinux: 202110-3: virtualbox: multiple issues>

Thursday 21st of October 2021 04:57:18 PM
The package virtualbox before version 6.1.28-1 is vulnerable to multiple issues including sandbox escape, denial of service and information disclosure.

ArchLinux: 202110-2: chromium: multiple issues>

Thursday 21st of October 2021 04:57:07 PM
The package chromium before version 95.0.4638.54-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and insufficient validation.

ArchLinux: 202110-1: apache: directory traversal>

Thursday 21st of October 2021 04:56:43 PM
The package apache before version 2.4.51-1 is vulnerable to directory traversal.

More in Tux Machines

Type Title Author Replies Last Postsort icon
Story Vizio Sued for GPL Violations Roy Schestowitz 5 23/10/2021 - 4:20pm
Story Security Leftovers Roy Schestowitz 23/10/2021 - 4:12pm
Story today's howtos Roy Schestowitz 23/10/2021 - 4:11pm
Story Trump's Social Media Platform and the Affero General Public License (of Mastodon) Roy Schestowitz 5 23/10/2021 - 3:59pm
Story Ubuntu 22.04 LTS (Jammy Jellyfish) Daily Builds Are Now Available for Download Marius Nestor 23/10/2021 - 3:09pm
Story This Raspberry Pi add-on lets you control Lego robots Roy Schestowitz 4 23/10/2021 - 2:00pm
Story OpenBSD 7.0 Roy Schestowitz 5 23/10/2021 - 1:36pm
Story Devuan GNU+Linux 4.0 “Chimaera” Released for Software Freedom Lovers, Based on Debian Bullseye Marius Nestor 7 23/10/2021 - 1:21pm
Story today's leftovers Roy Schestowitz 23/10/2021 - 1:00pm
Story Open Hardware/Modding: Game Boy, RISC-V, and More Roy Schestowitz 23/10/2021 - 12:46pm