Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
219
security advisorydenial of serviceimportantRocky Linux 9 RLSA-2026-5090 libarchive Urgent Update Against DDoS Risks
Important: libarchive security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:5080", "synopsis": "Important: libarchive security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for libarchive.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.\n\nSecurity Fix(es):\n\n* libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive (CVE-2026-4111)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2446453", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", "description": ""}], "cves": [{"name": "CVE-2026-4111", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-4111", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-835"}], "references": [], "publishedAt": "2026-03-26T18:03:52.468416Z", "rpms": {"Rocky Linux 9": {"nvras": ["bsdtar-0:3.5.3-7.el9_7.aarch64.rpm", "bsdtar-0:3.5.3-7.el9_7.ppc64le.rpm", "bsdtar-0:3.5.3-7.el9_7.s390x.rpm", "bsdtar-0:3.5.3-7.el9_7.x86_64.rpm", "bsdtar-debuginfo-0:3.5.3-7.el9_7.aarch64.rpm", "bsdtar-debuginfo-0:3.5.3-7.el9_7.ppc64le.rpm", "bsdtar-debuginfo-0:3.5.3-7.el9_7.s390x.rpm", "bsdtar-debuginfo-0:3.5.3-7.el9_7.x86_64.rpm", "libarchive-0:3.5.3-7.el9_7.aarch64.rpm","libarchive-0:3.5.3-7.el9_7.i686.rpm", "libarchive-0:3.5.3-7.el9_7.ppc64le.rpm", "libarchive-0:3.5.3-7.el9_7.s390x.rpm", "libarchive-0:3.5.3-7.el9_7.src.rpm", "libarchive-0:3.5.3-7.el9_7.x86_64.rpm", "libarchive-debuginfo-0:3.5.3-7.el9_7.aarch64.rpm", "libarchive-debuginfo-0:3.5.3-7.el9_7.i686.rpm", "libarchive-debuginfo-0:3.5.3-7.el9_7.ppc64le.rpm", "libarchive-debuginfo-0:3.5.3-7.el9_7.s390x.rpm", "libarchive-debuginfo-0:3.5.3-7.el9_7.x86_64.rpm", "libarchive-debugsource-0:3.5.3-7.el9_7.aarch64.rpm", "libarchive-debugsource-0:3.5.3-7.el9_7.i686.rpm", "libarchive-debugsource-0:3.5.3-7.el9_7.ppc64le.rpm", "libarchive-debugsource-0:3.5.3-7.el9_7.s390x.rpm", "libarchive-debugsource-0:3.5.3-7.el9_7.x86_64.rpm", "libarchive-devel-0:3.5.3-7.el9_7.aarch64.rpm", "libarchive-devel-0:3.5.3-7.el9_7.i686.rpm", "libarchive-devel-0:3.5.3-7.el9_7.ppc64le.rpm", "libarchive-devel-0:3.5.3-7.el9_7.s390x.rpm", "libarchive-devel-0:3.5.3-7.el9_7.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important libarchive security update released for Rocky Linux 9 addresses Denial of Service issue through RAR5 decompression.. libarchive security update, Rocky Linux 9, Denial of Service fix, archive formats, libarchive application. . Severity: Important. LinuxSecurity.com Team
Mar 26, 2026
•Important
Rocky Linux
99
security advisorybuffer overflowcriticalSlackware 15.0 libarchive Significant Security Update Alert SSA-2026-071-03
New libarchive packages are available for Slackware 15.0 and -current to fix security issues.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libarchive (SSA:2026-070-01) New libarchive packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/libarchive-3.8.6-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: libarchive: fix incompatibility with Nettle 4.x (#2858) libarchive: fix NULL pointer dereference in archive_acl_from_text_w() (#2859) bsdunzip: fix ISO week year and Gregorian year confusion (#2860) 7zip: ix SEGV in check_7zip_header_in_sfx via ELF offset validation (#2864) 7zip: fix out-of-bounds access on ELF 64-bit header (#2875) RAR5 reader: fix infinite loop in rar5 decompression (#2877) RAR5 reader: fix potential memory leak (#2892) RAR5: fix SIGSEGV when archive_read_support_format_rar5 is called twice (#2893) CAB reader: fix memory leak on repeated calls to archive_read_support_format_cab (#2895) mtree reader: Fix file descriptor leak in mtree parser cleanup (CWE-775, #2878) various small bugfixes in code and documentation (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libarchive-3.8.6-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libarchive-3.8.6-x86_64-1_slack15.0.txz Updated package for Slackware-current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libarchive-3.8.6-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libarchive-3.8.6-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 1469605a8cec4e66d7a16926ca13aec6 libarchive-3.8.6-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 3d55f09d648863928671f010a3fe4628 libarchive-3.8.6-x86_64-1_slack15.0.txz Slackware -current package: 3ef64b383d3f537142d73d2bce6d784b l/libarchive-3.8.6-i686-1.txz Slackware x86_64 -current package: fafea232f0960e2aa345e5e3cf3ae152 l/libarchive-3.8.6-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg libarchive-3.8.6-i586-1_slack15.0.txz +-----+ . Security fix for Slackware's libarchive addresses critical bugs and vulnerabilities impacting system integrity and functionality.. Slackware security patch, libarchive update, critical vulnerabilities, memory management fix, system integrity. . Severity: Critical. LinuxSecurity.com Team
Mar 11, 2026
•Critical
Slackware
99
security advisoryremote exploitcriticalSlackware 15.0 lrzip Security Update Announcement SSA-2026-047-02
New lrzip packages are available for Slackware 15.0 and -current to fix security issues.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] lrzip (SSA:2026-047-02) New lrzip packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/lrzip-0.660-i586-1_slack15.0.txz: Upgraded. Address multiple potential security issues with crafted or corrupt archives. (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/lrzip-0.660-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/lrzip-0.660-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/lrzip-0.660-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/lrzip-0.660-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 7b7195853cd42008bbd327cc88a07cfa lrzip-0.660-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 50fd7554d133d65497d024504718589f lrzip-0.660-x86_64-1_slack15.0.txz Slackware -current package: c270926a910420338e7d75da75fda273 a/lrzip-0.660-i686-1.txz Slackware x86_64 -current package: e066a5ac143089cbccf361730706a5a9 a/lrzip-0.660-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg lrzip-0.660-i586-1_slack15.0.txz +-----+ . Find out about the critical lrzip security fix for Slackware15.0 addressing multiple potential issues with crafted archives.. lrzip package Slackware upgrade, secure lrzip installation, Slackware 15.0 archive fix. . Severity: Critical. LinuxSecurity.com Team
Feb 16, 2026
•Critical
Slackware
98
security advisoryRed Hatbug fixRed Hat 7: RHSA-2021-2634-01 moderate: Go-Toolset Archive Issue
An update for go-toolset-1.15 and go-toolset-1.15-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: go-toolset-1.15 and go-toolset-1.15-golang security and bug fix update Advisory ID: RHSA-2021:2634-01 Product: Red Hat Developer Tools Advisory URL: https://access.redhat.com/errata/RHSA-2021:2634 Issue date: 2021-07-01 CVE Names: CVE-2021-33196 ==================================================================== 1. Summary: An update for go-toolset-1.15 and go-toolset-1.15-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang: archive/zip: Malformed archive may cause panic or memory exhaustion (CVE-2021-33196) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Memory consumption (container_memory_rss) steadily growing for /system.slice/kubelet.service when FIPS enabled [devtools-2021.2-z] (BZ#1975394) 4. Solution: For details on how to applythis update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1965503 - CVE-2021-33196 golang: archive/zip: Malformed archive may cause panic or memory exhaustion 6. Package List: Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7): Source: go-toolset-1.15-1.15.13-1.el7_9.src.rpm go-toolset-1.15-golang-1.15.13-1.el7_9.src.rpm noarch: go-toolset-1.15-golang-docs-1.15.13-1.el7_9.noarch.rpm ppc64le: go-toolset-1.15-1.15.13-1.el7_9.ppc64le.rpm go-toolset-1.15-build-1.15.13-1.el7_9.ppc64le.rpm go-toolset-1.15-golang-1.15.13-1.el7_9.ppc64le.rpm go-toolset-1.15-golang-bin-1.15.13-1.el7_9.ppc64le.rpm go-toolset-1.15-golang-misc-1.15.13-1.el7_9.ppc64le.rpm go-toolset-1.15-golang-src-1.15.13-1.el7_9.ppc64le.rpm go-toolset-1.15-golang-tests-1.15.13-1.el7_9.ppc64le.rpm go-toolset-1.15-runtime-1.15.13-1.el7_9.ppc64le.rpm go-toolset-1.15-scldevel-1.15.13-1.el7_9.ppc64le.rpm s390x: go-toolset-1.15-1.15.13-1.el7_9.s390x.rpm go-toolset-1.15-build-1.15.13-1.el7_9.s390x.rpm go-toolset-1.15-golang-1.15.13-1.el7_9.s390x.rpm go-toolset-1.15-golang-bin-1.15.13-1.el7_9.s390x.rpm go-toolset-1.15-golang-misc-1.15.13-1.el7_9.s390x.rpm go-toolset-1.15-golang-src-1.15.13-1.el7_9.s390x.rpm go-toolset-1.15-golang-tests-1.15.13-1.el7_9.s390x.rpm go-toolset-1.15-runtime-1.15.13-1.el7_9.s390x.rpm go-toolset-1.15-scldevel-1.15.13-1.el7_9.s390x.rpm x86_64: go-toolset-1.15-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-build-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-bin-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-misc-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-race-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-src-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-tests-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-runtime-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-scldevel-1.15.13-1.el7_9.x86_64.rpm Red Hat Developer Tools for Red Hat Enterprise LinuxWorkstation (v. 7): Source: go-toolset-1.15-1.15.13-1.el7_9.src.rpm go-toolset-1.15-golang-1.15.13-1.el7_9.src.rpm noarch: go-toolset-1.15-golang-docs-1.15.13-1.el7_9.noarch.rpm x86_64: go-toolset-1.15-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-build-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-bin-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-misc-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-race-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-src-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-tests-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-runtime-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-scldevel-1.15.13-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-33196 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYN3fE9zjgjWX9erEAQiFMRAAjFY2wyd2f0sno23Wh+GOglHLrVTdV6oP IGclbLc3g92Eq1vfyS3RBGkUECj3TeGvXBj+5ynMghspuHdetnUQubF2G87lkwOt FZlzj4cvxAUQF0+cx2h3hvHK4aDg5wntn88EdkWfFx0XXb4XFfAveDYrzTHX0XNr JM/Vwj6kORWSqwqznF3ivA3XwrCxXKuKyGDrWNJhg0HTLn18HRy7Uh+a2b/HT+ma KNw6kqw3iNfbEXU/3xxRv5FXwx2MMzQMu0GHSY7arfqg9Rh3vBRI6waQYL7OYVVy Va4RgRGbPvMJMFE0MSqee7BMev3DKRJulIt96wQEbZDH46uiqnpuEGmUh1ZNwde8 4Tbj8beB+iHB7OL937r57TR1BykSjpiVqeESKguSz8AjEGzQ+4jnnwmfIWHst54L w8vsz2kJ0AE02RNPEZtfN9PD39oN+mPFzlC6cyTby1Rvdo5vMfu8c5uPQHB9hOHL Wi9ERB3Udbq1RcoGR9YZrJBdH4540BDvbRO1r047cetYEO25ZQ96NCbyFYG5p9cs lRjSk6sTVzCQG037jvgEwUSVnW8ZXg8YAPYPTyLE8f4kh+E2mO/Q5JVTFNwcLR2S e2d+UbqJASUV3+wiC5CNcHdajZrxUutN8JwXQiyBzkqghAiNVuTSYygcNjCdmkX8 6XUpobUFxv4=GxBc -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 01, 2021
Red Hat
203
security advisoryout-of-boundslibarchiveMageia 7 MGASA-2020-0127: Moderate Libarchive Out-of-Bounds Crash
The updated packages fix several issues including security vulnerabilities: In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive. (CVE-2019-19221) . MGASA-2020-0127 - Updated libarchive packages fix security vulnerabilities Publication date: 06 Mar 2020 URL: https://advisories.mageia.org/MGASA-2020-0127.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-19221, CVE-2020-9308 The updated packages fix several issues including security vulnerabilities: In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive. (CVE-2019-19221) archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. (CVE-2020-9308) References: - https://bugs.mageia.org/show_bug.cgi?id=26290 - - https://www.cve.org/CVERecord?id=CVE-2019-19221 - https://www.cve.org/CVERecord?id=CVE-2020-9308 SRPMS: - 7/core/libarchive-3.4.0-1.1.mga7 . The latest Libarchive revision tackles severe vulnerabilities, boosting overall security with crucial updates.. Libarchive Security, Mageia Update, Out-of-bounds Fixes, RAR5 Vulnerability. . LinuxSecurity.com Team
Mar 06, 2020
Mageia
197
security advisoryupdatedebianDebian 8: DLA-1971-1 Moderate: Libarchive Use-After-Free Threat
An issue has been found in libarchive, a multi-format archive and compression library. . Package : libarchive Version : 3.1.2-11+deb8u8 CVE ID : CVE-2019-18408 An issue has been found in libarchive, a multi-format archive and compression library. In case of a crafted archive containing several parts and one part being corrupt, there would be an use-after-free for the next part of the archive. For Debian 8 "Jessie", this problem has been fixed in version 3.1.2-11+deb8u8. We recommend that you upgrade your libarchive packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Enhance libarchive to address a use-after-free vulnerability in Debian 8 Jessie that results in archive integrity problems.. libarchive security, Debian updates, software vulnerability, archive library patch. . Severity: Important. LinuxSecurity.com Team
Oct 26, 2019
•Important
Debian LTS
100
security advisorymoderatedenial of serviceSUSE: 2018:1883-1 Moderate: Unzip Denial of Service and Buffer Overflow
An update that solves two vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for unzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1883-1 Rating: moderate References: #1080074 #910683 #914442 Cross-References: CVE-2014-9636 CVE-2018-1000035 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for unzip fixes the following issues: - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442) - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074) This non-security issue was fixed: +- Allow processing of Windows zip64 archives (Windows archivers set total_disks field to 0 but per standard, valid values are 1 and higher) (bnc#910683) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1277=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): unzip-6.00-4.3.1 unzip-debuginfo-6.00-4.3.1 unzip-debugsource-6.00-4.3.1 References: https://www.suse.com/security/cve/CVE-2014-9636.html https://www.suse.com/security/cve/CVE-2018-1000035.html https://bugzilla.suse.com/1080074 https://bugzilla.suse.com/910683 https://bugzilla.suse.com/914442 . SUSE Releases Patch for Unzip Mitigating Two Vulnerabilities Rated as Moderate Severity, Includes Detailed Guidelines.. SUSE Security Update, unzip vulnerabilities, moderate security alert. . LinuxSecurity.com Team
Jul 05, 2018
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!