Fedora and RHEL Users Alerted to OpenSSH VulnerabilityOnJuly 9, 2024A new vulnerability, CVE-2024-6409, in OpenSSH versions 8.7 and 8.8 risks remote code execution; Fedora 36/37 and RHEL 9 are affected.
Flatpak Patch Addresses Major Sandbox Escape FlawOnApril 18, 2024Critical CVE-2024-32462 exposed in Flatpak, allowing unauthorized code execution. Update urgently to fixed versions 1.14.6 and above.
High Priority PuTTY Vulnerability Threatens Server Access SecurityOnApril 16, 2024PuTTY's security flaw (CVE2024-31497) in ECDSA P521 keys risks private data exposure. Urgent update is needed.
GitHub Restores Access to XZ Utils RepositoryOnApril 10, 2024A week after finding a malicious backdoor, GitHub has safely restored access to the XZ Utils repo for developers worldwide.
Ubuntu 24.04 LTS Beta Release Postponed Due to Security ConcernsOnApril 3, 2024Canonical rebuilds Ubuntu 24.04 LTS packages for Noble Numbat Beta, ensuring safety from CVE-2024-3094 threat.
Tumbleweed Users Face Urgent 2000+ Package UpdatesOnMarch 31, 2024openSUSE rebuilds the entire codebase of Tumbleweed after a backdoor discovery in the xz library. Immediate update required!
Debian Decided to Postpone the 12.6 ReleaseOnMarch 31, 2024After Linux XZ Tarball's backdoor discovery, Debian's devs decided to pause the 12.6 release for an in-depth analysis of CVE effects.
Linux Kernel Bug Called ‘Dirty Pipe’ Discovered, Emergency Patch ReleasedOnMarch 13, 2022The Dirty Pipe vulnerability allows attackers to overwrite data in read-only files and to privilege themselves with code injection.
A Polkit Vulnerability Gives Root on All Major Linux DistrosOnJanuary 26, 2022Security vendor Qualys found the flaw and published details in a coordinated disclosure.
Vulnerability in cryptsetup Allows Decrypting Part of LUKS2-Encrypted DeviceOnJanuary 16, 2022It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device.