Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
100
security advisorySuSEimportantSUSE: CUPS Important Auth Flaw Fixed 2025:03178-1 CVE-2025-58060
* bsc#1249049 * bsc#1249128 Cross-References: * CVE-2025-58060 . # Security update for cups Announcement ID: SUSE-SU-2025:03178-1 Release Date: 2025-09-11T16:06:06Z Rating: important References: * bsc#1249049 * bsc#1249128 Cross-References: * CVE-2025-58060 * CVE-2025-58364 CVSS scores: * CVE-2025-58060 ( SUSE ): 7.7 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-58060 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-58060 ( NVD ): 8.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H * CVE-2025-58364 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-58364 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for cups fixes the following issues: * CVE-2025-58060: no password check when `AuthType` is set to anything but `Basic` and a request is made with an `Authorization: Basic` header (bsc#1249049). * CVE-2025-58364: unsafe deserialization and validation of printer attributes leads to NULL pointer dereference (bsc#1249128). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-3178=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3178=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) *cups-client-1.7.5-20.54.1 * cups-devel-1.7.5-20.54.1 * cups-1.7.5-20.54.1 * cups-debugsource-1.7.5-20.54.1 * cups-debuginfo-1.7.5-20.54.1 * cups-libs-1.7.5-20.54.1 * cups-client-debuginfo-1.7.5-20.54.1 * cups-libs-debuginfo-1.7.5-20.54.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * cups-libs-32bit-1.7.5-20.54.1 * cups-libs-debuginfo-32bit-1.7.5-20.54.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * cups-libs-32bit-1.7.5-20.54.1 * cups-client-1.7.5-20.54.1 * cups-devel-1.7.5-20.54.1 * cups-1.7.5-20.54.1 * cups-debugsource-1.7.5-20.54.1 * cups-debuginfo-1.7.5-20.54.1 * cups-libs-1.7.5-20.54.1 * cups-client-debuginfo-1.7.5-20.54.1 * cups-libs-debuginfo-32bit-1.7.5-20.54.1 * cups-libs-debuginfo-1.7.5-20.54.1 ## References: * https://www.suse.com/security/cve/CVE-2025-58060.html * https://www.suse.com/security/cve/CVE-2025-58364.html * https://bugzilla.suse.com/show_bug.cgi?id=1249049 * https://bugzilla.suse.com/show_bug.cgi?id=1249128 . Important SUSE CUPS patch resolves login vulnerabilities and security threats for users. Prompt installation is recommended for safety.. SUSE CUPS update, authentication issues, application security, system vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Sep 11, 2025
•Important
SuSE
203
security advisorysecurity updatesoftware patchMageia 9: MGASA-2024-0312 critical: gtk lib injection flaw
A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory. (CVE-2024-6655) References: . MGASA-2024-0312 - Updated gtk+2.0 and gtk+3.0 packages fix security vulnerability Publication date: 25 Sep 2024 URL: https://advisories.mageia.org/MGASA-2024-0312.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-6655 A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory. (CVE-2024-6655) References: - https://bugs.mageia.org/show_bug.cgi?id=33409 - https://ubuntu.com/security/notices/USN-6899-1 - https://www.cve.org/CVERecord?id=CVE-2024-6655 SRPMS: - 9/core/gtk+2.0-2.24.33-5.1.mga9 - 9/core/gtk+3.0-3.24.38-1.1.mga9 . Mageia Announcement: Revised gtk+2.0 and gtk+3.0 packages resolve security vulnerability related to library injection problems.. gtk vulnerability, Mageia updates, library security, application injection, software patching. . Severity: Critical. LinuxSecurity.com Team
Sep 25, 2024
•Critical
Mageia
203
security advisorymoderatedenial of serviceMageia: 2021-0109 Moderate: Screen Denial Of Service and Code Execution
Felix Weinmann reported a flaw in the handling of combining characters in screen, which can result in denial of service, or potentially the execution of arbitrary code via a specially crafted UTF-8 character sequence (CVE-2021-26937). . MGASA-2021-0109 - Updated screen packages fix security vulnerability Publication date: 04 Mar 2021 URL: https://advisories.mageia.org/MGASA-2021-0109.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-26937 Felix Weinmann reported a flaw in the handling of combining characters in screen, which can result in denial of service, or potentially the execution of arbitrary code via a specially crafted UTF-8 character sequence (CVE-2021-26937). References: - https://bugs.mageia.org/show_bug.cgi?id=28390 - https://lists.debian.org/debian-security-announce/2021/msg00042.html - https://www.cve.org/CVERecord?id=CVE-2021-26937 SRPMS: - 8/core/screen-4.8.0-2.1.mga8 - 7/core/screen-4.6.2-2.2.mga7 . Patch release addresses CVE-2021-26937 to mitigate risks of service interruption and malicious code execution.. Mageia Security Update, Screen Issues, Denial of Service, Code Execution Fix. . LinuxSecurity.com Team
Mar 04, 2021
Mageia
91
security advisoryGentooarbitrary codeGentoo: GLSA-201402-17 Normal: Xpdf Arbitrary Code Execution Risk
Multiple vulnerabilities in Xpdf could result in execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201402-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xpdf: User-assisted execution of arbitrary code Date: February 17, 2014 Bugs: #386271 ID: 201402-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities in Xpdf could result in execution of arbitrary code. Background ========= Xpdf is an X viewer for PDF files. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/xpdf
Feb 18, 2014
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!