Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
89
security advisoryfedorasecurity fixFedora 43 pypy Important Security Patch for CVE-2025-3218 Released
Security fix for CVE-2026-3219 in the bundled pip wheel. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3505a95524 2026-05-17 00:48:46.610623+00:00 -------------------------------------------------------------------------------- Name : pypy Product : Fedora 43 Version : 7.3.22 Release : 2.fc43 URL : https://www.pypy.org/ Summary : Python implementation with a Just-In-Time compiler Description : PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types (strings, dictionaries, etc) This build of PyPy has JIT-compilation enabled. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2026-3219 in the bundled pip wheel -------------------------------------------------------------------------------- ChangeLog: * Tue May 5 2026 Charalampos Stratakis - 7.3.22-2 - Security fix for CVE-2026-3219 in the bundled pip wheel - Fixes: rhbz#2461288 * Tue May 5 2026 Charalampos Stratakis - 7.3.22-1 - Update to 7.3.22 - Fixes: rhbz#2463475 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2461288 - CVE-2026-3219 pypy: pip: Incorrect file installation due to improper archive handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2461288 [ 2 ] Bug #2463475 - pypy-7.3.22 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463475 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3505a95524' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with theFedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 17, 2026
•Important
Fedora
89
security advisorysoftware updateFedoraFedora 40: FEDORA-2024-80e4603b92 critical: libarchive out-of-bounds access
Fix for CVE-2024-48957 Automatic update for libarchive-3.7.2-6.fc40.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-80e4603b92 2024-10-19 01:51:39.049934 -------------------------------------------------------------------------------- Name : libarchive Product : Fedora 40 Version : 3.7.2 Release : 7.fc40 URL : https://www.libarchive.org/ Summary : A library for handling streaming archive formats Description : Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives. -------------------------------------------------------------------------------- Update Information: Fix for CVE-2024-48957 Automatic update for libarchive-3.7.2-6.fc40. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 14 2024 Lukas Javorsky - 3.7.2-7 - Fix CVE-2024-48957 - Resolves: rhbz#2317764 * Tue Jul 2 2024 Lukas Javorsky - 3.7.2-6 - Fix licenses (convert to SPDX) * Thu Jun 6 2024 Lukas Javorsky - 3.7.2-5 - Fix CVE-2024-20696 - Resolves: rhbz#2290449 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2317764 - CVE-2024-48957 libarchive: Out-of-bounds access in libarchive's archive file handling [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2317764 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-80e4603b92' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with theFedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Oct 19, 2024
•Critical
Fedora
203
security advisorycriticalgolangMageia 8 MGASA-2021-0475 Critical: Golang Zip Panic Issues
The fix for CVE-2021-33196 can be bypassed by crafted inputs. As a result, the NewReader and OpenReader functions in archive/zip can still cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size. (CVE-2021-39293) . MGASA-2021-0475 - Updated golang packages fix security vulnerability Publication date: 13 Oct 2021 URL: https://advisories.mageia.org/MGASA-2021-0475.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-39293, CVE-2021-38297 The fix for CVE-2021-33196 can be bypassed by crafted inputs. As a result, the NewReader and OpenReader functions in archive/zip can still cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size. (CVE-2021-39293) A security issue has been found in go before version 1.17.2. When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments. (CVE-2021-38297) References: - https://bugs.mageia.org/show_bug.cgi?id=29526 - https://groups.google.com/g/golang-announce/c/dx9d7IOseHw - https://groups.google.com/g/golang-announce/c/7efr4VBoZIw - https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A - - https://security.archlinux.org/CVE-2021-38297 - https://www.cve.org/CVERecord?id=CVE-2021-39293 - https://www.cve.org/CVERecord?id=CVE-2021-38297 SRPMS: - 8/core/golang-1.17.2-1.mga8 . Addressing Golang vulnerabilities in Mageia is crucial. Ensure that all packages are updated regularly to prevent panic and fatal exceptions in ZIP file processing.. Golang Security, Mageia Package Update, Archive Handling, Panic Error. . Severity: Critical. LinuxSecurity.com Team
Oct 13, 2021
•Critical
Mageia
89
security advisoryFedoradirectory traversalFedora 34 gnome-autoar Update 2021-303f6623fa Critical Directory Traversal
GNOME 40.rc. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-303f6623fa 2021-03-20 00:16:30.596999 --------------------------------------------------------------------------------Name : gnome-autoar Product : Fedora 34 Version : 0.3.1 Release : 1.fc34 URL : Summary : Archive library Description : gnome-autoar is a GObject based library for handling archives. --------------------------------------------------------------------------------Update Information: GNOME 40.rc --------------------------------------------------------------------------------ChangeLog: * Mon Mar 15 2021 Kalev Lember - 0.3.1-1 - Update to 0.3.1 --------------------------------------------------------------------------------References: [ 1 ] Bug #1925640 - CVE-2020-36241 gnome-autoar: directory traversal via a malicious archive that contains a file whose parent is a symbolic link which points outside of the destination directory https://bugzilla.redhat.com/show_bug.cgi?id=1925640 [ 2 ] Bug #1940026 - CVE-2021-28650 gnome-autoar: directory traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations https://bugzilla.redhat.com/show_bug.cgi?id=1940026 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-303f6623fa' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 19, 2021
•Critical
Fedora
203
security advisoryupdatedirectory traversalMageia 7: MGASA-2020-0218 Moderate: File-Roller Directory Traversal
Updated the file-roller package in order to fix a security vulnerability: fr-archive-libarchive.c: File Roller lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. Thus, directory traversal is not prevented (CVE-2020-11736). . MGASA-2020-0218 - Updated file-roller packages fix security vulnerability Publication date: 24 May 2020 URL: https://advisories.mageia.org/MGASA-2020-0218.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-11736 Updated the file-roller package in order to fix a security vulnerability: fr-archive-libarchive.c: File Roller lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. Thus, directory traversal is not prevented (CVE-2020-11736). References: - https://bugs.mageia.org/show_bug.cgi?id=26502 - https://lists.debian.org/debian-lts-announce/2020/04/msg00013.html - https://www.cve.org/CVERecord?id=CVE-2020-11736 SRPMS: - 7/core/file-roller-3.32.1-2.1.mga7 . Revised file-roller versions rectify a path traversal vulnerability impacting Mageia. Date of release: 24 May 2020.. file-roller security, Mageia updates, directory traversal, security mitigations. . LinuxSecurity.com Team
May 24, 2020
Mageia
172
security advisorycode executionUbuntuUbuntu 4169-1: Moderate Security Risk of Libarchive Code Execution
libarchive could be made to execute arbitrary code if it received specially crafted archive file.. =========================================================================Ubuntu Security Notice USN-4169-1 October 29, 2019 libarchive vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM Summary: libarchive could be made to execute arbitrary code if it received specially crafted archive file. Software Description: - libarchive: Library to read/write archive files Details: It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: libarchive13 3.3.3-4ubuntu0.1 Ubuntu 18.04 LTS: libarchive13 3.2.2-3.1ubuntu0.5 Ubuntu 16.04 LTS: libarchive13 3.1.2-11ubuntu0.16.04.7 Ubuntu 14.04 ESM: libarchive13 3.1.2-7ubuntu2.8+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4169-1 CVE-2019-18408 Package Information: https://launchpad.net/ubuntu/+source/libarchive/3.3.3-4ubuntu0.1 https://launchpad.net/ubuntu/+source/libarchive/3.2.2-3.1ubuntu0.5 https://launchpad.net/ubuntu/+source/libarchive/3.1.2-11ubuntu0.16.04.7 . Ensure your Ubuntu system is up to date to resolve the critical libarchive security flaw that could permit arbitrary code execution via maliciously crafted archive files.. Ubuntu libarchive vulnerability, arbitrary code execution, archive file exploit. . Severity: Important. LinuxSecurity.com Team
Oct 29, 2019
•Important
Ubuntu
89
security advisorymoderatesoftware updateFedora 28: FEDORA-2019-c595a93536 Moderate: Libarchive Security Fix
Security fix for [CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879 CVE-2018-1000880] ---- Applied various flaws from upsteam. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-c595a93536 2019-04-05 01:54:23.968380 --------------------------------------------------------------------------------Name : libarchive Product : Fedora 28 Version : 3.3.3 Release : 6.fc28 URL : http://www.libarchive.org/ Summary : A library for handling streaming archive formats Description : Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives. --------------------------------------------------------------------------------Update Information: Security fix for [CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879 CVE-2018-1000880] ---- Applied various flaws from upsteam --------------------------------------------------------------------------------ChangeLog: * Tue Mar 19 2019 Ondrej Dubaj - 3.3.3-6 - applied various flaws (#1663893) * Tue Mar 19 2019 Ondrej Dubaj - 3.3.3-5 - applied CVE patches (#1690071) * Thu Mar 14 2019 Ondrej Dubaj - 3.3.3-4 - applied various flaws (#1672900) * Fri Feb 1 2019 Fedora Release Engineering - 3.3.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Mon Nov 26 2018 Pavel Raiskup - 3.3.3-2 - fix some covscan issues (rhbz#1602575) - build-requires libzstd-devel (rhbz#1653046) * Tue Oct 23 2018 Pavel Raiskup - 3.3.3-1 - the latest upstream release * Wed Jul 18 2018 Pavel Raiskup - 3.3.2-3 - drop use of %ldconfig_scriptlets * Fri Jul 13 2018 Fedora Release Engineering - 3.3.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Feb 8 2018 Pavel Raiskup - 3.3.2-1 - rebase to latestupstream release * Wed Feb 7 2018 Fedora Release Engineering - 3.3.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1663893 - CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879 CVE-2018-1000880 libarchive: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1663893 [ 2 ] Bug #1672900 - CVE-2019-1000019 CVE-2019-1000020 libarchive: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1672900 [ 3 ] Bug #1690071 - Two not applied CVE patches https://bugzilla.redhat.com/show_bug.cgi?id=1690071 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-c595a93536' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 04, 2019
•Medium
Fedora
89
security advisorymoderatesoftware updateFedora 22 FEDORA-2015-7197 Moderate Libarchive Crash Issue
Security fix for bug 1216891. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-7197 2015-04-30 05:45:41 -------------------------------------------------------------------------------- Name : libarchive Product : Fedora 22 Version : 3.1.2 Release : 12.fc22 URL : http://www.libarchive.org/ Summary : A library for handling streaming archive formats Description : Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives. -------------------------------------------------------------------------------- Update Information: Security fix for bug 1216891 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1216891 - libarchive: crash via malformed cpio archive https://bugzilla.redhat.com/show_bug.cgi?id=1216891 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libarchive' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
May 03, 2015
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!