Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Gentoo Linux, Oracle Linux, Cubes OS, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Gentoo Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
IPFire 2.29 - Core Update 196 is now available for testing, subsequent to the release of WireGuard. The update encompasses additional improvements to WireGuard, high-resolution consoles, and package updates, as well as bug and security fixes. The kernel has been updated to Linux 6.12.34, introducing enhanced hardware support, improved performance, and security upgrades. The main compiler suite of IPFire, GCC, has been upgraded to version 15. The dashboard of the web user interface now features WireGuard connections, enhancing the ability to monitor VPN connections effectively.
The kernel of IPFire has been enhanced with performance improvements from Linux 6.13, resulting in increased TCP throughput over WireGuard tunnels. Italian researchers have successfully addressed bottlenecks in the kernel that have constrained throughput across multiple WireGuard tunnels. The text console has undergone modernization through the implementation of the Linux Direct Rendering Manager (DRM), resulting in enhanced mode-setting speed, improved performance, and superior support for multi-GPU and embedded graphics environments. The update encompasses patches for firewall hosts, groups, and services, as well as IPsec, OpenVPN, and libloc. The safety barrier in the IP Blocklist feature has been eliminated, and a bug related to an edge case in libloc has been resolved. The Pakfire web UI page has been enhanced.
OWASP CRS v4.16.0, a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls, has been released, introducing new features and detections. The update encompasses remediation for Python SSTI, enhancements to rule sets, detection of generic configuration filenames, updates to java-errors.data, rule detection for Bash Brace Expansion, MongoDB operators, zmodload, and sudo-rs. Other changes include removing dot stars, moving printf to 933160 for better PHP syntax checking, creating a stricter sibling, and switching to regex assembly.
Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Rocky Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
IPFire 2.29 - Core Update 195 has been released and features the integration of native support for WireGuard, a contemporary VPN protocol crafted for efficiency and ease of use. The update features a comprehensive interface designed for the configuration and management of WireGuard tunnels via the web user interface. WireGuard serves as a versatile solution for both net-to-net and host-to-net VPN connections, offering a streamlined alternative to IPsec and OpenVPN. IPFire's implementation features comprehensive integration within the firewall GUI, support for multiple peers, a QR code display for mobile client configuration, a connection importer for interoperability with other vendors and VPN providers, and complete support for the Intrusion Prevention System and Connection Tracking. The system automatically updates its SMART database with information regarding hard drives.
Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Gentoo Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
Here is a roundup of last week's Linux security updates for Arch Linux, AlmaLinux, Debian GNU/Linux, Fedora Linux, Gentoo Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
The PostgreSQL JDBC team has released version 42.7.7 to address CVE-2025-49146. This update prevents incorrect connection progress when using non-channel binding authentication methods, which could potentially allow a man-in-the-middle attacker to intercept connections.
Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
A new version of the OWASP CRS for ModSecurity or similar web application firewalls has come out with improvements and new ways to detect issues, including adding User-Agent and Referer to the targets, updating java-classes.data, and adding ways to block database YAML files. Other changes include fixing false positives with title_strip_tags, removing the self command, getting rid of the rc shell, eliminating unnecessary character classes, and adding word endings to the Unix command sendmail. You can find the full list of changes in the coreruleset/coreruleset release. Additional modifications involve addressing false positives with title_strip_tags, eliminating the self command, removing the rc shell, discarding unnecessary character classes, and incorporating word endings into the Unix command sendmail.
Here is a roundup of last week's Linux security updates for Arch Linux, AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
Here is a roundup of last week's Linux security updates for Arch Linux, AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Gentoo Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
IPFire 2.29 - Core Update 195 has been released for testing. The update features a comprehensive interface designed for the configuration and management of WireGuard tunnels via the web user interface. WireGuard serves as a versatile solution for both net-to-net and host-to-net VPN connections, offering a streamlined alternative to IPsec and OpenVPN. The configuration process is simple, and the IPFire implementation features complete integration within the firewall GUI. It supports multiple peers, includes a QR code display, offers a connection importer, and is compatible with the Intrusion Prevention System and Connection Tracking. The update incorporates enhancements to Pakfire, featuring the automatic updating of its SMART database with hard drive information.
IPFire 2.29 - Core Update 194 has been released and represents the most recent enhancement to the secure and high-performance open-source firewall. This update encompasses various enhancements and bug resolutions, prioritizing the improvement of security and usability while maintaining simplicity. The update reestablishes the IPFire kernel on Linux 6.12.23, incorporating enhancements for security and stability. Stephen Cuka made a significant update to the Pakfire page, enhancing controls and language translation. The firewall has been configured to permit outgoing connections utilizing an alias IP address, which will be NATed to the default IP address on RED. The process for renewing the IPsec host certificate now accurately updates internal files. The update encompasses enhancements to packages, add-ons, and Zabbix Server 6.x.
Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Red Hat Enterprise Linux, Rocky Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.
The release of OWASP CRS 4.14.0 brings new features and detections, such as the ability to detect ASP web shells, compressed database dumps, and JavaScript methods. Other changes include fixing FPs related to rule 951220, blocking TTF font files, detecting forward slashes in paths, and removing .application from restricted extensions.
