Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
89
security advisoryFedorasoftware fixFedora 41: yelp 2025-72469000ed Critical Fix for Arbitrary Read
Fix CVE-2025-3155 - arbitrary file-read.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-72469000ed 2025-05-23 03:55:25.326739+00:00 -------------------------------------------------------------------------------- Name : yelp Product : Fedora 41 Version : 42.2 Release : 9.fc41 URL : https://wiki.gnome.org/Apps/Yelp Summary : Help browser for the GNOME desktop Description : Yelp is the help browser for the GNOME desktop. It is designed to help you browse all the documentation on your system in one central tool, including traditional man pages, info pages and documentation written in DocBook. -------------------------------------------------------------------------------- Update Information: Fix CVE-2025-3155 - arbitrary file-read. -------------------------------------------------------------------------------- ChangeLog: * Fri May 9 2025 Jan Grulich - 2:42.2-9 - Fix CVE-2025-3155 - arbitrary file-read * Sun Jan 19 2025 Fedora Release Engineering - 2:42.2-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Wed Sep 4 2024 Miroslav Suchý - 2:42.2-7 - convert license to SPDX -------------------------------------------------------------------------------- References: [ 1 ] Bug #2357092 - CVE-2025-3155 yelp: Arbitrary file read [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2357092 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-72469000ed' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . Fedora 41 has rolled out a fix for a vulnerability in yelp that could allow unauthorized file access. Ensure your security by installing the update using dnf.. arbitrary file read,Fedora security,yelp update,security advisory. . Severity: Critical. LinuxSecurity.com Team
May 23, 2025
•Critical
Fedora
89
security advisorysoftware updateFedoraFedora 42: yelp 2025-e788608959 critical: arbitrary file-read
Fix CVE-2025-3155 - arbitrary file-read.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-e788608959 2025-05-21 02:16:05.620124+00:00 -------------------------------------------------------------------------------- Name : yelp Product : Fedora 42 Version : 42.2 Release : 9.fc42 URL : https://wiki.gnome.org/Apps/Yelp Summary : Help browser for the GNOME desktop Description : Yelp is the help browser for the GNOME desktop. It is designed to help you browse all the documentation on your system in one central tool, including traditional man pages, info pages and documentation written in DocBook. -------------------------------------------------------------------------------- Update Information: Fix CVE-2025-3155 - arbitrary file-read. -------------------------------------------------------------------------------- ChangeLog: * Fri May 9 2025 Jan Grulich - 2:42.2-9 - Fix CVE-2025-3155 - arbitrary file-read -------------------------------------------------------------------------------- References: [ 1 ] Bug #2357092 - CVE-2025-3155 yelp: Arbitrary file read [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2357092 [ 2 ] Bug #2366258 - yelp-42.2-9.fc42 breaks rendering https://bugzilla.redhat.com/show_bug.cgi?id=2366258 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e788608959' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 21, 2025
•Critical
Fedora
91
security advisorysecurity updateGentooGentoo: GLSA-202408-14 Normal: Librsvg Arbitrary File Read Issue
A vulnerability has been discovered in Librsvg, which can lead to arbitrary file reads.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202408-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Librsvg: Arbitrary File Read Date: August 09, 2024 Bugs: #918100 ID: 202408-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in Librsvg, which can lead to arbitrary file reads. Background ========== Librsvg is a library to render SVG files using cairo as a rendering engine. Affected packages ================= Package Vulnerable Unaffected ------------------ ------------ ------------ gnome-base/librsvg < 2.56.3 > = 2.56.3 Description =========== A directory traversal problem in the URL decoder of librsvg could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href="/.?../../../../../../../../../../etc/passwd" in an xi:include element. Impact ====== Please review the referenced CVE identifier for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Librsvg users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =gnome-base/librsvg-2.56.3" References ========== [ 1 ] CVE-2023-38633 https://nvd.nist.gov/vuln/detail/CVE-2023-38633 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202408-14 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is ofutmost importance to us. Any security concerns should be addressed to
Aug 09, 2024
Gentoo
217
security advisorymoderaterubyOracle Linux 8 ELSA-2024-3670 Moderate: Ruby Security Issues Fixed
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-3670 http://linux.oracle.com/errata/ELSA-2024-3670.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: ruby-3.3.1-2.module+el8.10.0+90349+dd8a48dc.i686.rpm ruby-3.3.1-2.module+el8.10.0+90349+dd8a48dc.x86_64.rpm ruby-bundled-gems-3.3.1-2.module+el8.10.0+90349+dd8a48dc.i686.rpm ruby-bundled-gems-3.3.1-2.module+el8.10.0+90349+dd8a48dc.x86_64.rpm ruby-default-gems-3.3.1-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm ruby-devel-3.3.1-2.module+el8.10.0+90349+dd8a48dc.i686.rpm ruby-devel-3.3.1-2.module+el8.10.0+90349+dd8a48dc.x86_64.rpm ruby-doc-3.3.1-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygem-abrt-0.4.0-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-abrt-doc-0.4.0-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-bigdecimal-3.1.5-2.module+el8.10.0+90349+dd8a48dc.i686.rpm rubygem-bigdecimal-3.1.5-2.module+el8.10.0+90349+dd8a48dc.x86_64.rpm rubygem-bundler-2.5.9-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygem-io-console-0.7.1-2.module+el8.10.0+90349+dd8a48dc.i686.rpm rubygem-io-console-0.7.1-2.module+el8.10.0+90349+dd8a48dc.x86_64.rpm rubygem-irb-1.11.0-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygem-json-2.7.1-2.module+el8.10.0+90349+dd8a48dc.i686.rpm rubygem-json-2.7.1-2.module+el8.10.0+90349+dd8a48dc.x86_64.rpm rubygem-minitest-5.20.0-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygem-mysql2-0.5.5-1.module+el8.10.0+90287+d51aa4ed.x86_64.rpm rubygem-mysql2-doc-0.5.5-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-pg-1.5.4-1.module+el8.10.0+90287+d51aa4ed.x86_64.rpm rubygem-pg-doc-1.5.4-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-power_assert-2.0.3-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygem-psych-5.1.2-2.module+el8.10.0+90349+dd8a48dc.i686.rpm rubygem-psych-5.1.2-2.module+el8.10.0+90349+dd8a48dc.x86_64.rpm rubygem-racc-1.7.3-2.module+el8.10.0+90349+dd8a48dc.i686.rpm rubygem-racc-1.7.3-2.module+el8.10.0+90349+dd8a48dc.x86_64.rpm rubygem-rake-13.1.0-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygem-rbs-3.4.0-2.module+el8.10.0+90349+dd8a48dc.i686.rpm rubygem-rbs-3.4.0-2.module+el8.10.0+90349+dd8a48dc.x86_64.rpm rubygem-rdoc-6.6.3.1-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygem-rexml-3.2.6-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygem-rss-0.3.0-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygems-3.5.9-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygems-devel-3.5.9-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygem-test-unit-3.6.1-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygem-typeprof-0.21.9-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm ruby-libs-3.3.1-2.module+el8.10.0+90349+dd8a48dc.i686.rpm ruby-libs-3.3.1-2.module+el8.10.0+90349+dd8a48dc.x86_64.rpm aarch64: ruby-3.3.1-2.module+el8.10.0+90349+dd8a48dc.aarch64.rpm ruby-bundled-gems-3.3.1-2.module+el8.10.0+90349+dd8a48dc.aarch64.rpm ruby-default-gems-3.3.1-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm ruby-devel-3.3.1-2.module+el8.10.0+90349+dd8a48dc.aarch64.rpm ruby-doc-3.3.1-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygem-abrt-0.4.0-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-abrt-doc-0.4.0-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-bigdecimal-3.1.5-2.module+el8.10.0+90349+dd8a48dc.aarch64.rpm rubygem-bundler-2.5.9-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygem-io-console-0.7.1-2.module+el8.10.0+90349+dd8a48dc.aarch64.rpm rubygem-irb-1.11.0-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygem-json-2.7.1-2.module+el8.10.0+90349+dd8a48dc.aarch64.rpm rubygem-minitest-5.20.0-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygem-mysql2-0.5.5-1.module+el8.10.0+90287+d51aa4ed.aarch64.rpm rubygem-mysql2-doc-0.5.5-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-pg-1.5.4-1.module+el8.10.0+90287+d51aa4ed.aarch64.rpm rubygem-pg-doc-1.5.4-1.module+el8.10.0+90287+d51aa4ed.noarch.rpm rubygem-power_assert-2.0.3-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygem-psych-5.1.2-2.module+el8.10.0+90349+dd8a48dc.aarch64.rpm rubygem-racc-1.7.3-2.module+el8.10.0+90349+dd8a48dc.aarch64.rpm rubygem-rake-13.1.0-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygem-rbs-3.4.0-2.module+el8.10.0+90349+dd8a48dc.aarch64.rpm rubygem-rdoc-6.6.3.1-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygem-rexml-3.2.6-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygem-rss-0.3.0-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygems-3.5.9-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygems-devel-3.5.9-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygem-test-unit-3.6.1-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm rubygem-typeprof-0.21.9-2.module+el8.10.0+90349+dd8a48dc.noarch.rpm ruby-libs-3.3.1-2.module+el8.10.0+90349+dd8a48dc.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//ruby-3.3.1-2.module+el8.10.0+90349+dd8a48dc.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//rubygem-abrt-0.4.0-1.module+el8.10.0+90287+d51aa4ed.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//rubygem-mysql2-0.5.5-1.module+el8.10.0+90287+d51aa4ed.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//rubygem-pg-1.5.4-1.module+el8.10.0+90287+d51aa4ed.src.rpm Related CVEs: CVE-2024-27280 CVE-2024-27281 CVE-2024-27282 Description of changes: ruby [3.3.1-2] - Upgrade to Ruby 3.3.1. Resolves: RHEL-37446 - Fix buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-37448 - Fix RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Resolves: RHEL-37449 - Fix Arbitrary memory address read vulnerability with Regex search. (CVE-2024-27282) Resolves: RHEL-37447 rubygem-abrt rubygem-mysql2 [0.5.5-1] - Upgrade to mysql2 0.5.5. Related: RHEL-17090 rubygem-pg [1.5.4-1] - Upgrade to pg 1.5.4. Related: RHEL-17090 [1.3.2-1] - Update to pg 1.3.2 by merging Fedora rawhide branch (commit: 39bbd1b) Resolves: rhbz#2063772 _______________________________________________ El-errata mailing list
Jun 11, 2024
Oracle
89
security advisoryFedoraupdate informationFedora 38: FEDORA-2023-fc79ee273d Moderate: librsvg2 Arbitrary Read
librsvg 2.56.3 release, fixing CVE-2023-38633: - Fix arbitrary file read when href has special characters. - Fix cascade for symbol elements being referenced from use elements.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-fc79ee273d 2023-08-04 01:28:14.886648 -------------------------------------------------------------------------------- Name : librsvg2 Product : Fedora 38 Version : 2.56.3 Release : 1.fc38 URL : https://wiki.gnome.org/Projects/LibRsvg Summary : An SVG library based on cairo Description : An SVG library based on cairo. -------------------------------------------------------------------------------- Update Information: librsvg 2.56.3 release, fixing CVE-2023-38633: - Fix arbitrary file read when href has special characters. - Fix cascade for symbol elements being referenced from use elements. -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 1 2023 Kalev Lember - 2.56.3-1 - Update to 2.56.3 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-fc79ee273d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Aug 04, 2023
Fedora
203
security advisoryupdatefile accessMageia: 2023-0034 Moderate: Thunderbird File Access Threats
libusrsctp library out of date. (CVE-2022-46871) Arbitrary file read from GTK drag and drop on Linux. (CVE-2023-23598) URL being dragged from cross-origin iframe into same tab triggers . MGASA-2023-0034 - Updated thunderbird packages fix security vulnerability Publication date: 07 Feb 2023 URL: https://advisories.mageia.org/MGASA-2023-0034.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-46871, CVE-2022-46877, CVE-2023-0430, CVE-2023-23598, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-23605 libusrsctp library out of date. (CVE-2022-46871) Arbitrary file read from GTK drag and drop on Linux. (CVE-2023-23598) URL being dragged from cross-origin iframe into same tab triggersnavigation. (CVE-2023-23601) Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers. (CVE-2023-23602) Fullscreen notification bypass. (CVE-2022-46877) Calls to console.log allowed bypasing Content Security Policy via format directive. (CVE-2023-23603) Memory safety bugs fixed in Thunderbird 102.7. (CVE-2023-23605) Revocation status of S/Mime signature certificates was not checked. (CVE-2023-0430) References: - https://bugs.mageia.org/show_bug.cgi?id=31438 - https://www.thunderbird.net/en-US/thunderbird/102.7.0/releasenotes/ - https://www.thunderbird.net/en-US/thunderbird/102.7.1/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/ - https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/ - https://access.redhat.com/errata/RHSA-2023:0463 - https://access.redhat.com/errata/RHSA-2023:0456 - https://www.cve.org/CVERecord?id=CVE-2022-46871 - https://www.cve.org/CVERecord?id=CVE-2022-46877 - https://www.cve.org/CVERecord?id=CVE-2023-0430 - https://www.cve.org/CVERecord?id=CVE-2023-23598 - https://www.cve.org/CVERecord?id=CVE-2023-23601 - https://www.cve.org/CVERecord?id=CVE-2023-23602 - https://www.cve.org/CVERecord?id=CVE-2023-23603 - https://www.cve.org/CVERecord?id=CVE-2023-23605 SRPMS: -8/core/thunderbird-102.7.1-1.mga8 - 8/core/thunderbird-l10n-102.7.1-1.mga8 . Mageia's recent Thunderbird updates tackle several security vulnerabilities, resolving file access flaws and enhancing overall safety.. Thunderbird Update, Mageia Security, File Access Issue, Security Patch. . LinuxSecurity.com Team
Feb 07, 2023
Mageia
197
security advisorydebianphp issueDebian 10 Buster DLA-3147-1 Moderate: Twig Arbitrary File Read Risk
It was discovered that there was a potential arbitrary file read vulnerability in twig, a PHP templating library. It was caused by insufficient validation of template names in 'source' and 'include' statements. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3147-1
Oct 11, 2022
Debian LTS
89
security advisoryfedoramoderate severityFedora 24: FEDORA-2016-18876 Moderate: httpd Arbitrary File Disclosure
Update to 2.0.3 release to fix various CVE issues.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-12987 2015-08-07 10:05:36 -------------------------------------------------------------------------------- Name : nagios-plugins Product : Fedora 22 Version : 2.0.3 Release : 1.fc22 URL : http://nagios-plugins.org/ Summary : Host/service/network monitoring program plugins for Nagios Description : Nagios is a program that will monitor hosts and services on your network, and to email or page you when a problem arises or is resolved. Nagios runs on a Unix server as a background or daemon process, intermittently running checks on various services that you specify. The actual service checks are performed by separate "plugin" programs which return the status of the checks to Nagios. This package contains those plugins. -------------------------------------------------------------------------------- Update Information: Update to 2.0.3 release to fix various CVE issues. -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 4 2015 Josh Boyer - 2.0.3-1 - Update to 2.0.3 * Wed Jun 17 2015 Fedora Release Engineering - 2.0.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Sun Aug 17 2014 Fedora Release Engineering - 2.0.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1098531 - CVE-2014-4701 CVE-2014-4703 nagios-plugins: check_dhcp Arbitrary Option File Read https://bugzilla.redhat.com/show_bug.cgi?id=1098531 [ 2 ] Bug #1114841 - CVE-2014-4702 nagios-plugins: check_icmp Arbitrary Option File Read https://bugzilla.redhat.com/show_bug.cgi?id=1114841 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su-c 'yum update nagios-plugins' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Aug 18, 2015
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!