Stay Vigilant with Timely Linux Security Advisories

Refine advisories

X Clear Filters

Critical (7)

Important (22)

Ubuntu (4930)

denial of service (18259)

moderate (19164)

python-pip (63)

security advisory (114756)

system update (1879)

GStreamer (100)

important (27647)

plugin issue (11)

MySQL (355)

Debian LTS (1)

Debian (1)

Fedora (9)

OpenSUSE (2)

Rocky Linux (2)

SuSE (4)

Published Date Range

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Linux Advisory Watch

Linux Security Week

Community Poll

More Polls

What got you started with Linux?

Message!

Self-taught through trial and error
Formal training or courses
A job that required it
Other

No answer selected. Please try again.

Please select either existing option or enter your own, however not both.

Please select minimum {0} answer(s).

Please select maximum {0} answer(s).

/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json

150

radio

Self-taught through trial and error (78.42%)

78.42% votes

Formal training or courses (4.32%)

4.32% votes

A job that required it (4.89%)

4.89% votes

Other (12.37%)

12.37% votes

[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

bottom 200

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

We found 23 articles for you...

security advisoryfedorapath traversal

Fedora 44 flatpak-builder Critical Fix CVE-2026-39977 Path Traversal

This update includes a fix for CVE-2026-39977. See also: the upstream advisory. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-5e62b78a0c 2026-04-25 01:21:36.173141+00:00 -------------------------------------------------------------------------------- Name : flatpak-builder Product : Fedora 44 Version : 1.4.8 Release : 1.fc44 URL : https://flatpak.org/ Summary : Tool to build flatpaks from source Description : Flatpak-builder is a tool for building flatpaks from sources. See https://flatpak.org/ for more information. -------------------------------------------------------------------------------- Update Information: This update includes a fix for CVE-2026-39977. See also: the upstream advisory -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2026 Adrian Vovk - 1.4.8-1 - Update to 1.4.8 (#2457166) * Wed Mar 25 2026 Jan Grulich - 1.4.7-5 - Add configuration for release-monitoring -------------------------------------------------------------------------------- References: [ 1 ] Bug #2457166 - flatpak-builder-1.4.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=2457166 [ 2 ] Bug #2457894 - CVE-2026-39977 flatpak-builder: path traversal leading to arbitrary file read on host when installing licence files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457894 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-5e62b78a0c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update addresses CVE-2026-39977 in flatpak-builder for Fedora 44 resolving a critical file read attack.. flatpak-builder,Fedora 44,security fix,CVE-2026-39977,file read. . Severity: Critical. LinuxSecurity.com Team

Apr 25, 2026 •Critical Fedora

security advisoryfedoraimportant

Ubuntu 23 Flatpak-Develop Critical Directory Access Patch 2025-72c8e4f34b

This update includes a fix for CVE-2026-39977. See also: the upstream advisory. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-631b9d535c 2026-04-24 01:06:05.765099+00:00 -------------------------------------------------------------------------------- Name : flatpak-builder Product : Fedora 42 Version : 1.4.8 Release : 1.fc42 URL : https://flatpak.org/ Summary : Tool to build flatpaks from source Description : Flatpak-builder is a tool for building flatpaks from sources. See https://flatpak.org/ for more information. -------------------------------------------------------------------------------- Update Information: This update includes a fix for CVE-2026-39977. See also: the upstream advisory -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2026 Adrian Vovk - 1.4.8-1 - Update to 1.4.8 (#2457166) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2457166 - flatpak-builder-1.4.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=2457166 [ 2 ] Bug #2457894 - CVE-2026-39977 flatpak-builder: path traversal leading to arbitrary file read on host when installing licence files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457894 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-631b9d535c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fix released for flatpak-builder addressing arbitrary file read issue, rated important. Update now to safeguard your system.. flatpak-builder security advisory important path traversal Fedora 42. . Severity: Important. LinuxSecurity.com Team

Apr 24, 2026 •Important Fedora

100

security advisorySuSEcode execution

SUSE Issues Advisory for Yelp Critical Code Execution Threat CVE-2025-3155

* bsc#1240688 Cross-References: * CVE-2025-3155 . # Security update for yelp Announcement ID: SUSE-SU-2025:2169-1 Release Date: 2025-11-26T14:47:36Z Rating: important References: * bsc#1240688 Cross-References: * CVE-2025-3155 CVSS scores: * CVE-2025-3155 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2025-3155 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N * CVE-2025-3155 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for yelp fixes the following issues: * CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs (bsc#1240688). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-2169=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libyelp0-debuginfo-3.20.1-7.3.1 * libyelp0-3.20.1-7.3.1 * yelp-debugsource-3.20.1-7.3.1 * yelp-devel-3.20.1-7.3.1 * yelp-debuginfo-3.20.1-7.3.1 * yelp-3.20.1-7.3.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * yelp-lang-3.20.1-7.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-3155.html * https://bugzilla.suse.com/show_bug.cgi?id=1240688 . Critical update for yelp addresses JavaScript code execution risk and arbitrary file reads. Stay secure with timely patching!. SUSE Linux, Yelp Security, JavaScript Vulnerability, CodeExecution Risk. . Severity: Important. LinuxSecurity.com Team

Nov 26, 2025 •Important SuSE

security advisoryinformation leakfedora

Fedora 41: Security Update for OpenTofu 1.10.7 Addresses Vulnerabilities

Update to 1.10.7. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c555ce4089 2025-11-15 01:40:44.715722+00:00 -------------------------------------------------------------------------------- Name : opentofu Product : Fedora 41 Version : 1.10.7 Release : 1.fc41 URL : https://github.com/opentofu/opentofu Summary : OpenTofu lets you declaratively manage your cloud infrastructure Description : OpenTofu lets you declaratively manage your cloud infrastructure. -------------------------------------------------------------------------------- Update Information: Update to 1.10.7 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 6 2025 Mikel Olasagasti Uranga - 1.10.7-1 - Update to 1.10.7 - Closes rhbz#2413156 * Fri Oct 10 2025 Alejandro Sez - 1.10.6-2 - rebuild * Thu Sep 4 2025 Mikel Olasagasti Uranga - 1.10.6-1 - Update to 1.10.6 - Closes rhbz#2385775 * Fri Aug 15 2025 Maxwell G - 1.10.3-2 - Rebuild for golang-1.25.0 * Sat Jul 26 2025 Mikel Olasagasti Uranga - 1.10.3-1 - Update to 1.10.3 - Closes rhbz#2380221 * Thu Jul 24 2025 Fedora Release Engineering - 1.10.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Thu Jun 26 2025 Mikel Olasagasti Uranga - 1.10.1-1 - Update to 1.10.1 - Closes rhbz#2374763 * Tue Jun 24 2025 Mikel Olasagasti Uranga - 1.10.0-1 - Update to 1.10.0 - Closes rhbz#2374600 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2375615 - opentofu: mapstructure May Leak Sensitive Information [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2375615 [ 2 ] Bug #2384150 - opentofu: go-viper information leak [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2384150 [ 3 ] Bug #2386297 - CVE-2025-8556 opentofu: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2386297 [ 4 ] Bug #2388884 - CVE-2025-8959 opentofu: HashiCorp go-getter Arbitrary File Read [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2388884 [ 5 ] Bug #2390857 - opentofu: go-viper's mapstructure May Leak Sensitive Information in Logs [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2390857 [ 6 ] Bug #2391634 - CVE-2025-58058 opentofu: github.com/ulikunitz/xz leaks memory [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2391634 [ 7 ] Bug #2398604 - CVE-2025-47910 opentofu: CrossOriginProtection bypass in net/http [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2398604 [ 8 ] Bug #2399268 - CVE-2025-47906 opentofu: Unexpected paths returned from LookPath in os/exec [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2399268 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c555ce4089' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 41 update for OpenTofu version 1.10.7 addresses information leaks and validation issues.. OpenTofu 1.10.7, Fedora 41, information leak, arbitrary file read, software update. . Severity: Important. LinuxSecurity.com Team

Nov 15, 2025 •Important Fedora

security advisoryinformation leakfedora

Fedora 42: opentofu Advisory 2025-6ab111452f CVE Issues Severity

Update to 1.10.7. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-6ab111452f 2025-11-15 01:30:31.747758+00:00 -------------------------------------------------------------------------------- Name : opentofu Product : Fedora 42 Version : 1.10.7 Release : 1.fc42 URL : https://github.com/opentofu/opentofu Summary : OpenTofu lets you declaratively manage your cloud infrastructure Description : OpenTofu lets you declaratively manage your cloud infrastructure. -------------------------------------------------------------------------------- Update Information: Update to 1.10.7 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 6 2025 Mikel Olasagasti Uranga - 1.10.7-1 - Update to 1.10.7 - Closes rhbz#2413156 * Fri Oct 10 2025 Alejandro Sez - 1.10.6-2 - rebuild * Thu Sep 4 2025 Mikel Olasagasti Uranga - 1.10.6-1 - Update to 1.10.6 - Closes rhbz#2385775 * Fri Aug 15 2025 Maxwell G - 1.10.3-2 - Rebuild for golang-1.25.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2375630 - opentofu: mapstructure May Leak Sensitive Information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2375630 [ 2 ] Bug #2386309 - CVE-2025-8556 opentofu: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2386309 [ 3 ] Bug #2388887 - CVE-2025-8959 opentofu: HashiCorp go-getter Arbitrary File Read [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2388887 [ 4 ] Bug #2390878 - opentofu: go-viper's mapstructure May Leak Sensitive Information in Logs [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2390878 [ 5 ] Bug #2391666 - CVE-2025-58058 opentofu: github.com/ulikunitz/xz leaks memory [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2391666 [ 6 ] Bug #2398870 -CVE-2025-47910 opentofu: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398870 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6ab111452f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . The opentofu 1.10.7 update resolves several critical issues identified in Fedora 42, enhancing stability and security for users. opentofu update,Fedora security advisory,cloud management,opentofu vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Nov 15, 2025 •Important Fedora

100

security advisorymoderateSUSE

SUSE Linux 12 SP5 moderate: yelp CVE-2025-3155 JavaScript issue

* bsc#1240688 Cross-References: * CVE-2025-3155 . # Security update for yelp Announcement ID: SUSE-SU-2025:02169-1 Release Date: 2025-06-30T07:15:20Z Rating: moderate References: * bsc#1240688 Cross-References: * CVE-2025-3155 CVSS scores: * CVE-2025-3155 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-3155 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-3155 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for yelp fixes the following issues: * CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs (bsc#1240688). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2169=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libyelp0-3.20.1-7.3.1 * libyelp0-debuginfo-3.20.1-7.3.1 * yelp-debugsource-3.20.1-7.3.1 * yelp-devel-3.20.1-7.3.1 * yelp-debuginfo-3.20.1-7.3.1 * yelp-3.20.1-7.3.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * yelp-lang-3.20.1-7.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-3155.html * https://bugzilla.suse.com/show_bug.cgi?id=1240688 . An update for Yelp on SUSE has been released to address CVE-2025-3155, which is a vulnerability categorized as moderate risk, potentially allowing for remote code execution.. SUSE yelpsecurity update JavaScript execution threat. . LinuxSecurity.com Team

Jun 30, 2025 SuSE

security advisoryRed Hat Enterprise Linuxmoderate severity

Red Hat Enterprise Linux 9 RHSA-2023-4809: Librsvg2 File Read Vulnerability

An update for librsvg2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: librsvg2 security update Advisory ID: RHSA-2023:4809-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4809 Issue date: 2023-08-29 CVE Names: CVE-2023-38633 ===================================================================== 1. Summary: An update for librsvg2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64 3. Description: The librsvg2 packages provide a Scalable Vector Graphics (SVG) library based on the libart library. Security Fix(es): * librsvg: Arbitrary file read when xinclude href has special characters (CVE-2023-38633) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2224945 - CVE-2023-38633 librsvg: Arbitrary file read when xinclude href has special characters 6. Package List: Red Hat Enterprise Linux AppStream EUS(v.9.0): Source: librsvg2-2.50.7-1.el9_0.1.src.rpm aarch64: librsvg2-2.50.7-1.el9_0.1.aarch64.rpm librsvg2-debuginfo-2.50.7-1.el9_0.1.aarch64.rpm librsvg2-debugsource-2.50.7-1.el9_0.1.aarch64.rpm librsvg2-devel-2.50.7-1.el9_0.1.aarch64.rpm librsvg2-tools-2.50.7-1.el9_0.1.aarch64.rpm librsvg2-tools-debuginfo-2.50.7-1.el9_0.1.aarch64.rpm ppc64le: librsvg2-2.50.7-1.el9_0.1.ppc64le.rpm librsvg2-debuginfo-2.50.7-1.el9_0.1.ppc64le.rpm librsvg2-debugsource-2.50.7-1.el9_0.1.ppc64le.rpm librsvg2-devel-2.50.7-1.el9_0.1.ppc64le.rpm librsvg2-tools-2.50.7-1.el9_0.1.ppc64le.rpm librsvg2-tools-debuginfo-2.50.7-1.el9_0.1.ppc64le.rpm s390x: librsvg2-2.50.7-1.el9_0.1.s390x.rpm librsvg2-debuginfo-2.50.7-1.el9_0.1.s390x.rpm librsvg2-debugsource-2.50.7-1.el9_0.1.s390x.rpm librsvg2-devel-2.50.7-1.el9_0.1.s390x.rpm librsvg2-tools-2.50.7-1.el9_0.1.s390x.rpm librsvg2-tools-debuginfo-2.50.7-1.el9_0.1.s390x.rpm x86_64: librsvg2-2.50.7-1.el9_0.1.i686.rpm librsvg2-2.50.7-1.el9_0.1.x86_64.rpm librsvg2-debuginfo-2.50.7-1.el9_0.1.i686.rpm librsvg2-debuginfo-2.50.7-1.el9_0.1.x86_64.rpm librsvg2-debugsource-2.50.7-1.el9_0.1.i686.rpm librsvg2-debugsource-2.50.7-1.el9_0.1.x86_64.rpm librsvg2-devel-2.50.7-1.el9_0.1.i686.rpm librsvg2-devel-2.50.7-1.el9_0.1.x86_64.rpm librsvg2-tools-2.50.7-1.el9_0.1.x86_64.rpm librsvg2-tools-debuginfo-2.50.7-1.el9_0.1.i686.rpm librsvg2-tools-debuginfo-2.50.7-1.el9_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-38633 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJk7gXmAAoJENzjgjWX9erEsuAP/3JsqjZLcYlnCCj8LFj12VF1 szOqxtD0x+s6/0OoSh1ry7x+ReJ4Hl3bE3XMDiNV+KQOZIbi7rgXPk/V44LA1+Su g+1h3xasJluKb2TdjGJL6E3bTj1M8jRV2HERzZbQ5xAROZ1Opiv9LeCyljxYUBf2 jTH+WIpkw8n3kk0YEluQCvXl64PJNZbJKBFdWrvtaQ1r78NDF1nSe8D/b28FPx9c C+QHAiFmHNpiY/9Wq3fRocJwuClbKPKzFDs0V40+R54YosRSZfVGf/4N4Ndi7do2 BnohX13NMZmX6GuyQE2dZVpCkUaHipj83m2WNOsWH4siT5OjcC02CibQ+lAcrJm2 rps6AWTtLoO5509dHM8EHGGU1LCndJD5DZUkg6mu3hyuClcRK5nWXLrSYAQVez4y YGbraHyc/1TzSN6XsWXCbr0q+8u5nhu908WSLpvxyzehZkcypAu4+mEFIcfd1nIy k0WrQ7uZOEpcVNZUw9vh8Dc8fzm4KHlpOqE6s3C0Zzr53kX7bQ3LcCCqs9ourwbL oiiHXf6L7O/rqqJ4HaTwkVJtZQjCJRfBQ9g66fSYR9YbXOZiIXovR65MZKVl2kqK JQR51S7JIkwcSjLtVkU89PNrHmvPIGIpJInFO7E3NoO/tYxsE3vsFtUwiqQVnzb+ JGYUfd0wZA8/0AQ4BwYc =CYlx -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A significant update for librsvg2 has been released, categorized as moderate risk, which mitigates an issue related to arbitrary file reading.. librsvg2 Update, Red Hat Enterprise, Security Advisory. . LinuxSecurity.com Team

Aug 29, 2023 Red Hat

security advisorydebiandirectory traversal

Debian: DSA-5484-1 Critical: librsvg Directory Traversal Threat

Zac Sims discovered a directory traversal in the URL decoder of librsvg, a SAX-based renderer library for SVG files, which could result in read of arbitrary files when processing a specially crafted SVG file with an include element. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5484-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso August 27, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : librsvg CVE ID : CVE-2023-38633 Debian Bug : 1041810 Zac Sims discovered a directory traversal in the URL decoder of librsvg, a SAX-based renderer library for SVG files, which could result in read of arbitrary files when processing a specially crafted SVG file with an include element. For the oldstable distribution (bullseye), this problem has been fixed in version 2.50.3+dfsg-1+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 2.54.7+dfsg-1~deb12u1. We recommend that you upgrade your librsvg packages. For the detailed security status of librsvg please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/librsvg Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Advisory DSA-5485-1 responds to a high-severity buffer overflow vulnerability in ImageMagick, affecting image conversions and manipulations.. librsvg Security Update, Debian DSA-5484-1, Directory Traversal Fix. . Severity: Critical. LinuxSecurity.com Team

Aug 27, 2023 •Critical Debian

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Linux Advisory Watch

Linux Security Week

Community Poll

More Polls

What got you started with Linux?

Message!

Self-taught through trial and error
Formal training or courses
A job that required it
Other

No answer selected. Please try again.

Please select either existing option or enter your own, however not both.

Please select minimum {0} answer(s).

Please select maximum {0} answer(s).

/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json

150

radio

Self-taught through trial and error (78.42%)

78.42% votes

Formal training or courses (4.32%)

4.32% votes

A job that required it (4.89%)

4.89% votes

Other (12.37%)

12.37% votes

bottom 200

Stay Secure with the Latest Linux Advisories

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Fedora 44 flatpak-builder Critical Fix CVE-2026-39977 Path Traversal

Ubuntu 23 Flatpak-Develop Critical Directory Access Patch 2025-72c8e4f34b

SUSE Issues Advisory for Yelp Critical Code Execution Threat CVE-2025-3155

Fedora 41: Security Update for OpenTofu 1.10.7 Addresses Vulnerabilities

Fedora 42: opentofu Advisory 2025-6ab111452f CVE Issues Severity

SUSE Linux 12 SP5 moderate: yelp CVE-2025-3155 JavaScript issue

Red Hat Enterprise Linux 9 RHSA-2023-4809: Librsvg2 File Read Vulnerability

Debian: DSA-5484-1 Critical: librsvg Directory Traversal Threat

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!