Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 9 articles for you...
197

Debian 11 Taglib Critical Update Addressing Application Crash DLA-4450-1

An issues has been found in taglib, an audio meta-data library. The issue is related to a segmentation violation and a resulting application crash due to processing a crafted WAV file in which an id3 chunk is the only valid chunk. For Debian 11 bullseye, this problem has been fixed in version. Debian LTS Advisory DLA-4450-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Thorsten Alteholz January 24, 2026 https://wiki.debian.org/LTS Package : taglib Version : 1.11.1+dfsg.1-3+deb11u1 CVE ID : CVE-2023-47466 An issues has been found in taglib, an audio meta-data library. The issue is related to a segmentation violation and a resulting application crash due to processing a crafted WAV file in which an id3 chunk is the only valid chunk. For Debian 11 bullseye, this problem has been fixed in version 1.11.1+dfsg.1-3+deb11u1. We recommend that you upgrade your taglib packages. For the detailed security status of taglib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/taglib Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Taglib's latest security update addresses a critical issue causing application crashes from crafted WAV files.. Taglib Update, Debian LTS, Audio Metadata, Application Crash, Segmentation Fault. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jan 24, 2026 Important Debian LTS
172

Ubuntu 22.04 LTS USN-7273-1 critical: libsndfile DoS details

Several security issues were fixed in libsndfile.. ========================================================================== Ubuntu Security Notice USN-7273-1 February 18, 2025 libsndfile vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in libsndfile. Software Description: - libsndfile: Library for reading/writing audio files Details: It was discovered that libsndfile incorrectly handled memory when executing its FLAC codec. If a user or automated system were tricked into processing a specially crafted sound file, an attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2021-4156) It was discovered that libsndfile incorrectly handled certain malformed OggVorbis files. An attacker could possibly use this issue to cause libsndfile to crash, resulting in a denial of service. (CVE-2024-50612) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS libsndfile1 1.0.31-2ubuntu0.2 sndfile-programs 1.0.31-2ubuntu0.2 Ubuntu 20.04 LTS libsndfile1 1.0.28-7ubuntu0.3 sndfile-programs 1.0.28-7ubuntu0.3 Ubuntu 18.04 LTS libsndfile1 1.0.28-4ubuntu0.18.04.2+esm2 Available with Ubuntu Pro sndfile-programs 1.0.28-4ubuntu0.18.04.2+esm2 Available with Ubuntu Pro Ubuntu 14.04 LTS libsndfile1 1.0.25-7ubuntu2.2+esm4 Available with Ubuntu Pro sndfile-programs 1.0.25-7ubuntu2.2+esm4 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7273-1 CVE-2021-4156, CVE-2024-50612 Package Information: https://launchpad.net/ubuntu/+source/libsndfile/1.0.31-2ubuntu0.2 https://launchpad.net/ubuntu/+source/libsndfile/1.0.28-7ubuntu0.3 . Multiple security vulnerabilities in libsndfile have been resolved in the Ubuntu operating system. Detailed guidelines for updating and specific releases that are impacted have been provided.. libsndfile updates, Ubuntu security notice, Linux audio library. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Feb 19, 2025 Critical Ubuntu
89

Fedora 39: FEDORA-2023-47d4f575a3 Moderate Audiofile Memory Leak Fix

Patch for CVE-2022-24599. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-47d4f575a3 2023-11-22 01:22:25.847530 -------------------------------------------------------------------------------- Name : audiofile Product : Fedora 39 Version : 0.3.6 Release : 36.fc39 URL : https://audiofile.68k.org/ Summary : Library for accessing various audio file formats Description : The Audio File library is an implementation of the Audio File Library from SGI, which provides an API for accessing audio file formats like AIFF/AIFF-C, WAVE, and NeXT/Sun .snd/.au files. This library is used by the EsounD daemon. Install audiofile if you are installing EsounD or you need an API for any of the sound file formats it can handle. -------------------------------------------------------------------------------- Update Information: Patch for CVE-2022-24599 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 13 2023 Gwyn Ciesla - 1:0.3.6-36 Patch for CVE-2022-24599 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2058373 - CVE-2022-24599 audiofile: memory leak in printinfo.c [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2058373 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-47d4f575a3' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Important notice for audiofile users in Fedora 39 regarding significant memory leak fix. Please apply the patch for CVE-2022-24599 immediately.. Audio Library, Fedora 39, Memory Leak Fix. . Severity: Medium. LinuxSecurity.com Team

Calendar%202 Nov 22, 2023 Medium Fedora
89

Fedora 35: FEDORA-2021-a5f824f99a Critical Update for Libopenmpt

https://lib.openmpt.org/libopenmpt/2021/12/23/security-update-0.5.15-releases-0.4.27-0.3.36/. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-a5f824f99a 2021-12-25 01:04:03.133674 --------------------------------------------------------------------------------Name : libopenmpt Product : Fedora 35 Version : 0.5.15 Release : 1.fc35 URL : https://lib.openmpt.org/libopenmpt/ Summary : C/C++ library to decode tracker music module (MOD) files Description : libopenmpt is a cross-platform C++ and C library to decode tracked music files (modules) into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project (Open ModPlug Tracker). In order to avoid code base fragmentation, libopenmpt is developed in the same source code repository as OpenMPT. --------------------------------------------------------------------------------Update Information: https://lib.openmpt.org/libopenmpt/2021/12/23/security-update-0.5.15-releases-0.4.27-0.3.36/ --------------------------------------------------------------------------------ChangeLog: * Thu Dec 23 2021 Michael Schwendt - 0.5.15-1 - update to 0.5.15 (security release) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-a5f824f99a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code ofConduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . The recent security patch for libopenmpt in Fedora 35 resolves significant vulnerabilities in audio playback capabilities linked to the 0.5.15 version.. Libopenmpt Security Release,Fedora 35 Update,Audio Processing Library. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Dec 24, 2021 Critical Fedora
89

Fedora 34: FEDORA-2021-a1be246e88 Moderate: libopenmpt Security Fix

https://lib.openmpt.org/libopenmpt/2021/12/05/security-updates-0.5.14-0.4.26-0.3.35/ ---- https://lib.openmpt.org/libopenmpt/2021/11/14/releases-0.5.13-0.4.25-0.3.34/. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-a1be246e88 2021-12-15 01:32:56.667084 --------------------------------------------------------------------------------Name : libopenmpt Product : Fedora 34 Version : 0.5.14 Release : 1.fc34 URL : https://lib.openmpt.org/libopenmpt/ Summary : C/C++ library to decode tracker music module (MOD) files Description : libopenmpt is a cross-platform C++ and C library to decode tracked music files (modules) into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project (Open ModPlug Tracker). In order to avoid code base fragmentation, libopenmpt is developed in the same source code repository as OpenMPT. --------------------------------------------------------------------------------Update Information: https://lib.openmpt.org/libopenmpt/2021/12/05/security-updates-0.5.14-0.4.26-0.3.35/ ----https://lib.openmpt.org/libopenmpt/2021/11/14/releases-0.5.13-0.4.25-0.3.34/ --------------------------------------------------------------------------------ChangeLog: * Mon Dec 6 2021 Michael Schwendt - 0.5.14-1 - update to 0.5.14 (security release) * Mon Nov 29 2021 Michael Schwendt - 0.5.13-1 - update to 0.5.13 --------------------------------------------------------------------------------References: [ 1 ] Bug #2028684 - libopenmpt-0.5.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=2028684 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-a1be246e88' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Obtain the latest security enhancements for Fedora 34's libopenmpt library, vital for tracker music playback and important fixes.. libopenmpt, music module decoder, fedora update, audio streaming application. . LinuxSecurity.com Team

Calendar%202 Dec 14, 2021 Fedora
197

Debian 9 Stretch: DLA-2845-1 Critical: libsamplerate Buffer Overflow

An issue has been found in libsamplerate, an audio sample rate conversion library. Using a crafted audio file a buffer over-read might happen in calc_output_single() in src_sinc.c. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2845-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Thorsten Alteholz December 14, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : libsamplerate Version : 0.1.8-8+deb9u1 CVE ID : CVE-2017-7697 An issue has been found in libsamplerate, an audio sample rate conversion library. Using a crafted audio file a buffer over-read might happen in calc_output_single() in src_sinc.c. For Debian 9 stretch, this problem has been fixed in version 0.1.8-8+deb9u1. We recommend that you upgrade your libsamplerate packages. For the detailed security status of libsamplerate please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/libsamplerate Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Critical patch released for heap overflow vulnerability in libcompress audio toolkit on Ubuntu 20.04 Focal. Upgrade immediately!. Debian Security Update, libsamplerate Buffer Overflow, Debian LTS. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Dec 13, 2021 Critical Debian LTS
89

Fedora 34: 2021-9d4ea81052 Critical: Libopenmpt Security Update

Update to latest bug-fix release including security fixes: https://lib.openmpt.org/libopenmpt/2021/04/11/security-updates-0.5.8-0.4.20-0.3.29/. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-9d4ea81052 2021-05-06 01:00:14.653740 --------------------------------------------------------------------------------Name : libopenmpt Product : Fedora 34 Version : 0.5.8 Release : 1.fc34 URL : https://lib.openmpt.org/libopenmpt/ Summary : C/C++ library to decode tracker music module (MOD) files Description : libopenmpt is a cross-platform C++ and C library to decode tracked music files (modules) into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project (Open ModPlug Tracker). In order to avoid code base fragmentation, libopenmpt is developed in the same source code repository as OpenMPT. --------------------------------------------------------------------------------Update Information: Update to latest bug-fix release including security fixes: https://lib.openmpt.org/libopenmpt/2021/04/11/security-updates-0.5.8-0.4.20-0.3.29/ --------------------------------------------------------------------------------ChangeLog: * Fri Apr 30 2021 Michael Schwendt - 0.5.8-1 - update to 0.5.8 (security release for the 0.5 series) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-9d4ea81052' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . The most recent release of libopenmpt in Fedora 34 incorporates crucial security enhancements and vital bug resolutions.. Libopenmpt Update,Fedora Security,Bug Fix Release,Audio Library Updates. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 05, 2021 Critical Fedora
89

Fedora 33: 2021-38bacf2af2 Important: libopenmpt Security Fixes

Some more bug-fixes for the stable 0.4.x branch. -- https://lib.openmpt.org/libopenmpt/2021/03/20/security-update-0.5.7-releases-0.4.19-0.3.28/. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-38bacf2af2 2021-04-10 23:05:43.632037 --------------------------------------------------------------------------------Name : libopenmpt Product : Fedora 33 Version : 0.4.19 Release : 1.fc33 URL : https://lib.openmpt.org/libopenmpt/ Summary : C/C++ library to decode tracker music module (MOD) files Description : libopenmpt is a cross-platform C++ and C library to decode tracked music files (modules) into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project (Open ModPlug Tracker). In order to avoid code base fragmentation, libopenmpt is developed in the same source code repository as OpenMPT. --------------------------------------------------------------------------------Update Information: Some more bug-fixes for the stable 0.4.x branch. --https://lib.openmpt.org/libopenmpt/2021/03/20/security-update-0.5.7-releases-0.4.19-0.3.28/ --------------------------------------------------------------------------------ChangeLog: * Fri Apr 2 2021 Michael Schwendt - 0.4.19-1 - update to 0.4.19 (security release for the 0.4 series) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-38bacf2af2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Debian Security Alert regarding libxenon now incorporates critical patches and feature upgrades to enhance system performance.. Libopenmpt Security,Fedora Updates,Bug Fixes,Audio Modules. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 10, 2021 Important Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200