Fedora and RHEL Users Alerted to OpenSSH Vulnerability
A new vulnerability, CVE-2024-6409, in OpenSSH versions 8.7 and 8.8 risks remote code execution; Fedora 36/37 and RHEL 9 are affected.
vulnerability
Flatpak Patch Addresses Major Sandbox Escape Flaw
Critical CVE-2024-32462 exposed in Flatpak, allowing unauthorized code execution. Update urgently to fixed versions 1.14.6 and above.
High Priority PuTTY Vulnerability Threatens Server Access Security
PuTTY's security flaw (CVE2024-31497) in ECDSA P521 keys risks private data exposure. Urgent update is needed.
GitHub Restores Access to XZ Utils Repository
A week after finding a malicious backdoor, GitHub has safely restored access to the XZ Utils repo for developers worldwide.
Ubuntu 24.04 LTS Beta Release Postponed Due to Security Concerns
Canonical rebuilds Ubuntu 24.04 LTS packages for Noble Numbat Beta, ensuring safety from CVE-2024-3094 threat.
Tumbleweed Users Face Urgent 2000+ Package Updates
openSUSE rebuilds the entire codebase of Tumbleweed after a backdoor discovery in the xz library. Immediate update required!
Debian Decided to Postpone the 12.6 Release
After Linux XZ Tarball's backdoor discovery, Debian's devs decided to pause the 12.6 release for an in-depth analysis of CVE effects.
Linux Kernel Bug Called ‘Dirty Pipe’ Discovered, Emergency Patch Released
The Dirty Pipe vulnerability allows attackers to overwrite data in read-only files and to privilege themselves with code injection.
A Polkit Vulnerability Gives Root on All Major Linux Distros
Security vendor Qualys found the flaw and published details in a coordinated disclosure.
Vulnerability in cryptsetup Allows Decrypting Part of LUKS2-Encrypted Device
It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device.