Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 9,991 articles for you...
100
security advisorydenial of serviceSuSESUSE Linux Micro version 6.1 introduces a crucial fix for Salt DoS issue
An update that solves one vulnerability and has five fixes can now be installed.. # Security update for salt Announcement ID: SUSE-SU-2026:21993-1 Release Date: 2026-06-03T12:58:39Z Rating: important References: * bsc#1254629 * bsc#1254900 * bsc#1257583 * bsc#1257831 * bsc#1259554 * bsc#1259700 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability and has five fixes can now be installed. ## Description: This update for salt fixes the following issues: * Security issues fixed: * CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service (bsc#1259554) * Other updates and bugfixes: * Use non vendored Tornado with Python 3.11 (bsc#1257583, bsc#1259700) * Hardened Tornado from invalid HTTP reason phrases * Read full URI from ldap pillar config (bsc#1254900) * Fixed testsuite failures * Make users with backslash working for salt-ssh (bsc#1254629) * Fixed ansible.playbooks extra-vars quoting (bsc#1257831) * Fixed virtualenv call in test helper to use proper python version ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-561=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390xx86_64) * salt-transactional-update-3006.0-slfo.1.1_7.1 * python311-salt-3006.0-slfo.1.1_7.1 * salt-minion-3006.0-slfo.1.1_7.1 * salt-3006.0-slfo.1.1_7.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1254900 * https://bugzilla.suse.com/show_bug.cgi?id=1257583 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 * https://bugzilla.suse.com/show_bug.cgi?id=1259700 . SUSE issues an important security update for salt, addressing a denial of service vulnerability and five additional fixes.. SUSE Linux Micro 6.1,salt software update,denial of service CVE-2026-31958. . Severity: Important. LinuxSecurity.com Team
Jun 05, 2026
•Important
SuSE
172
security advisoryUbuntuimportantUbuntu 26.04 YARD Important Network Exposure Vulnerability USN-8394-1
YARD could be made to expose sensitive information over the network.. ========================================================================== Ubuntu Security Notice USN-8394-1 June 05, 2026 yard vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: YARD could be made to expose sensitive information over the network. Software Description: - yard: A documentation generation tool for the Ruby programming language Details: It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An attacker could possibly use this issue to read arbitrary files from the server host. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS yard 0.9.38-1ubuntu0.1~esm1 Available with Ubuntu Pro yard-doc 0.9.38-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 24.04 LTS yard 0.9.36-1ubuntu0.1~esm1 Available with Ubuntu Pro yard-doc 0.9.36-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS yard 0.9.26-1ubuntu0.1+esm1 Available with Ubuntu Pro yard-doc 0.9.26-1ubuntu0.1+esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS yard 0.9.24-1+deb11u1ubuntu0.1~esm1 Available with Ubuntu Pro yard-doc 0.9.24-1+deb11u1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS yard 0.9.12-2ubuntu0.1~esm2 Available with Ubuntu Pro yard-doc 0.9.12-2ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS yard 0.8.7.6+git20160220-3ubuntu0.1~esm2 Available with Ubuntu Pro yard-doc 0.8.7.6+git20160220-3ubuntu0.1~esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8394-1 CVE-2026-41493 . YARD on Ubuntu might expose sensitive data over the network, requiring updates to prevent information leaks and secure systems.. Ubuntu security, YARD vulnerability, network exposure, Linux updates, sensitive data. . Severity: Important. LinuxSecurity.com Team
Jun 05, 2026
•Important
Ubuntu
197
security advisorysecurity issuecriticalDebian 11 haveged Critical Local Privilege Escalation Vuln DLA-4616-1
Dirk Mueller discovered that a flaw in the function performing a credential check on the command socket of haveged, a userspace entropy daemon, may result in local privilege escalation. For Debian 11 bullseye, this problem has been fixed in version 1.9.14-1+deb11u1.. Debian LTS Advisory DLA-4616-1
Jun 05, 2026
•Critical
Debian LTS
197
security advisorycriticaldebianDebian 11 Exim4 Critical Update DLA-4615-1 CVE-2026-48840
Warisjeet Singh discovered that Exim, a mail transport agent, does not properly handle PROXY frames whose declared payload length is too short for the claimed address family, which may result in information disclosure in configurations with SUPPORT_PROXY and 'host_proxy' set. For Debian 11 bullseye, this problem has been fixed in version. Debian LTS Advisory DLA-4615-1
Jun 05, 2026
•Critical
Debian LTS
172
security advisorydenial of servicecriticalUbuntu 20.04 Postfix Critical Denial of Service USN-8253-2 CVE-2026-43964
Postfix could be made to crash if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-8253-2 June 03, 2026 postfix vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Postfix could be made to crash if it received specially crafted network traffic. Software Description: - postfix: High-performance mail transport agent Details: USN-8253-1 fixed a vulnerability in Postfix. This update provides the corresponding fix for Postfix on Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes. A remote attacker could possibly use this issue to cause Postfix to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS postfix 3.4.13-0ubuntu1.4+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS postfix 3.3.0-1ubuntu0.4+esm4 Available with Ubuntu Pro Ubuntu 16.04 LTS postfix 3.1.0-3ubuntu0.4+esm4 Available with Ubuntu Pro Ubuntu 14.04 LTS postfix 2.11.0-1ubuntu1.2+esm4 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8253-2 https://ubuntu.com/security/notices/USN-8253-1 CVE-2026-43964 . A critical update for Postfix helps mitigate denial of service on Ubuntu 14.04 to 20.04 LTS against crafted traffic.. Postfix Security Update, Ubuntu20.04 Advisory, Denial of Service Threat. . Severity: Critical. LinuxSecurity.com Team
Jun 05, 2026
•Critical
Ubuntu
172
security advisorycriticalarbitrary code executionUbuntu 26.04 Robocode Critical Network Attack and Code Exec Vuln USN-8385-1
Several security issues were fixed in Robocode.. ========================================================================== Ubuntu Security Notice USN-8385-1 June 04, 2026 robocode vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Robocode. Software Description: - robocode: An engaging and educational programming game Details: It was discovered that Robocode could be tricked into making network requests to attacker-controlled systems. An attacker could possibly use this issue to cause external service interaction, resulting in information disclosure. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-10648) Lim Sim Yee discovered that Robocode did not properly validate file paths in the CacheCleaner component. An attacker could possibly use this issue to delete arbitrary files. (CVE-2025-14306) Lim Sim Yee discovered that Robocode did not securely create temporary files in the AutoExtract component. An attacker could possibly use this issue to manipulate temporary files, resulting in arbitrary code execution. (CVE-2025-14307) Lim Sim Yee discovered that Robocode did not properly validate data lengths in the Buffer class. An attacker could possibly use this issue to trigger an integer overflow, resulting in arbitrary code execution. (CVE-2025-14308) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS robocode 1.9.3.9-4ubuntu0.26.04.1~esm1 Available with Ubuntu Pro Ubuntu 24.04 LTS robocode 1.9.3.9-3ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS robocode 1.9.3.9-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS robocode 1.9.3.7-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS robocode 1.9.3.1-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS robocode 1.9.2.5-2ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8385-1 CVE-2019-10648, CVE-2025-14306, CVE-2025-14307, CVE-2025-14308 . Multiple security weaknesses fixed in Robocode for Ubuntu 16.04 to 26.04 LTS, including critical code execution risks.. Robocode vulnerabilities, Ubuntu security issues, security update advisory. . Severity: Critical. LinuxSecurity.com Team
Jun 05, 2026
•Critical
Ubuntu
172
security advisorydenial of serviceremote accessUbuntu Exim Critical Denial of Service SMTP Smuggling Vuln 8382-1
Several security issues were fixed in Exim.. ========================================================================== Ubuntu Security Notice USN-8382-1 June 03, 2026 exim4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Exim. Software Description: - exim4: Exim is a mail transport agent Details: Timo Longin discovered that Exim incorrectly handled certain SMTP messages in PIPELINING/CHUNKING configurations. A remote attacker could possibly use this issue to perform SMTP smuggling. This issue only affected Ubuntu 14.04 LTS. (CVE-2023-51766) It was discovered that Exim incorrectly handled certain malformed JSON data in headers. A remote attacker could possibly use this issue to crash Exim, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2026-40685) It was discovered that Exim incorrectly handled certain malformed UTF-8 headers. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 20.04 LTS. (CVE-2026-40686) It was discovered that Exim incorrectly handled certain SPA resources. A remote attacker could possibly use this issue to crash Exim, resulting in a denial of service, or obtain sensitive information. This issue only affected Ubuntu 20.04 LTS. (CVE-2026-40687) It was discovered that Exim incorrectly handled certain CHUNKING transfers in some GnuTLS configurations. A remote attacker could possibly use this issue to crash Exim, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2026-45185) Warisjeet Singh discovered that Exim incorrectly handled certain proxy connections in builds with proxy support enabled. A remote attacker could possibly use this issue to obtain sensitive information.This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2026-48840) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS exim4 4.93-13ubuntu1.12+esm1 Available with Ubuntu Pro exim4-base 4.93-13ubuntu1.12+esm1 Available with Ubuntu Pro exim4-daemon-heavy 4.93-13ubuntu1.12+esm1 Available with Ubuntu Pro exim4-daemon-light 4.93-13ubuntu1.12+esm1 Available with Ubuntu Pro exim4-dev 4.93-13ubuntu1.12+esm1 Available with Ubuntu Pro eximon4 4.93-13ubuntu1.12+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS exim4 4.90.1-1ubuntu1.10+esm6 Available with Ubuntu Pro exim4-base 4.90.1-1ubuntu1.10+esm6 Available with Ubuntu Pro exim4-daemon-heavy 4.90.1-1ubuntu1.10+esm6 Available with Ubuntu Pro exim4-daemon-light 4.90.1-1ubuntu1.10+esm6 Available with Ubuntu Pro exim4-dev 4.90.1-1ubuntu1.10+esm6 Available with Ubuntu Pro eximon4 4.90.1-1ubuntu1.10+esm6 Available with Ubuntu Pro Ubuntu 16.04 LTS exim4 4.86.2-2ubuntu2.6+esm9 Available with Ubuntu Pro exim4-base 4.86.2-2ubuntu2.6+esm9 Available with Ubuntu Pro exim4-daemon-heavy 4.86.2-2ubuntu2.6+esm9 Available with Ubuntu Pro exim4-daemon-light 4.86.2-2ubuntu2.6+esm9 Available with Ubuntu Pro exim4-dev 4.86.2-2ubuntu2.6+esm9 Available with Ubuntu Pro eximon4 4.86.2-2ubuntu2.6+esm9 Available with Ubuntu Pro Ubuntu 14.04 LTS exim4 4.82-3ubuntu2.4+esm9 Available with Ubuntu Pro exim4-base 4.82-3ubuntu2.4+esm9 Available with Ubuntu Pro exim4-daemon-heavy 4.82-3ubuntu2.4+esm9 Available with Ubuntu Pro exim4-daemon-light 4.82-3ubuntu2.4+esm9 Available with Ubuntu Pro exim4-dev 4.82-3ubuntu2.4+esm9 Available with Ubuntu Pro eximon4 4.82-3ubuntu2.4+esm9 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8382-1 CVE-2023-51766, CVE-2026-40685, CVE-2026-40686, CVE-2026-40687, CVE-2026-45185, CVE-2026-48840 . Multiple security issues in Exim on Ubuntu require attention to prevent remote attacks and potential service disruption.. Exim security, Ubuntu vulnerabilities, mail transport agent, remote access, denial of service. . Severity: Critical. LinuxSecurity.com Team
Jun 05, 2026
•Critical
Ubuntu
172
security advisorycriticalUbuntuUbuntu 16.04 LTS Tomcat Critical Auth Bypass Issues USN-8383-1
Several security issues were fixed in Tomcat.. ========================================================================== Ubuntu Security Notice USN-8383-1 June 04, 2026 tomcat6, tomcat7 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Tomcat. Software Description: - tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Details: It was discovered that Tomcat incorrectly handled digest authentication. A remote attacker could possibly use this issue to bypass authentication restrictions. (CVE-2026-43512) It was discovered that Tomcat incorrectly handled case sensitivity in LockOutRealm. A remote attacker could possibly use this issue to bypass account lockout protections and obtain sensitive information. (CVE-2026-43513) It was discovered that Tomcat incorrectly handled authorization when multiple method constraints defined the same HTTP method. A remote attacker could possibly use this issue to bypass authorization restrictions. (CVE-2026-43515) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS libtomcat7-java 7.0.68-1ubuntu0.4+esm4 Available with Ubuntu Pro tomcat7 7.0.68-1ubuntu0.4+esm4 Available with Ubuntu Pro Ubuntu 14.04 LTS libtomcat6-java 6.0.39-1ubuntu0.1+esm3 Available with Ubuntu Pro libtomcat7-java 7.0.52-1ubuntu0.16+esm2 Available with Ubuntu Pro tomcat6 6.0.39-1ubuntu0.1+esm3 Available with Ubuntu Pro tomcat7 7.0.52-1ubuntu0.16+esm2 Available with Ubuntu Pro After astandard system update you need to restart Tomcat to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8383-1 CVE-2026-43512, CVE-2026-43513, CVE-2026-43515 . Several security issues in Tomcat found in Ubuntu 14.04 and 16.04 require immediate attention to maintain system integrity.. Ubuntu security, Tomcat updates, system vulnerabilities, authentication risks, Linux server management. . Severity: Critical. LinuxSecurity.com Team
Jun 05, 2026
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!