Stay Vigilant with Timely Linux Security Advisories

Refine advisories

X Clear Filters

Critical (15)

Important (8)

Medium (1)

Low (1)

Ubuntu (4949)

important (27742)

network exposure (39)

security advisory (114935)

sensitive information (185)

yard (4)

critical (18621)

debian (8032)

haveged (7)

local privilege escalation (728)

Debian LTS (2)

Debian (1)

Fedora (16)

Mageia (4)

OpenSUSE (2)

SuSE (6)

Published Date Range

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Linux Advisory Watch

Linux Security Week

Community Poll

More Polls

What got you started with Linux?

Message!

Self-taught through trial and error
Formal training or courses
A job that required it
Other

No answer selected. Please try again.

Please select either existing option or enter your own, however not both.

Please select minimum {0} answer(s).

Please select maximum {0} answer(s).

/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json

150

radio

Self-taught through trial and error (78.42%)

78.42% votes

Formal training or courses (4.32%)

4.32% votes

A job that required it (4.89%)

4.89% votes

Other (12.37%)

12.37% votes

[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

bottom 200

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Banner 2 1028x280 1708121730 1 1771599631

Explore Latest Linux Security advisories

We found 27 articles for you...

security advisorysecurity issuefedora

Fedora 44 stb_image Memory Access Security Fix 2026-f45664a58a

Fix access/use of uninitialized memory in stb_image. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f45664a58a 2026-04-25 01:21:36.172470+00:00 -------------------------------------------------------------------------------- Name : stb Product : Fedora 44 Version : 0^20260313git904aa67 Release : 2.fc44 URL : https://github.com/nothings/stb Summary : Single-file public domain libraries for C/C++ Description : Single-file public domain libraries for C/C++. -------------------------------------------------------------------------------- Update Information: Fix access/use of uninitialized memory in stb_image -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 8 2026 Benjamin A. Beasley - 0^20260313git904aa67-2 - Fix access/use of uninitialized memory in stb_image - This was undefined behavior, and could leak security-relevant information from other data structures. See https://github.com/nothings/stb/issues/1929. -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f45664a58a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fix access to uninitialized memory in stb_image for Fedora 44 enhances system security and prevents potential leaks.. memory access security,Fedora patch,stb_image fix. . Severity: Important. LinuxSecurity.com Team

Apr 25, 2026 •Important Fedora

100

security advisorypatchimportant

SUSE: 2025:02157-1 important: Linux Kernel Buffer Issues Resolved

* bsc#1227903 * bsc#1232908 * bsc#1232927 * bsc#1232929 * bsc#1233680 . # Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP5) Announcement ID: SUSE-SU-2025:02157-1 Release Date: 2025-06-27T13:04:00Z Rating: important References: * bsc#1227903 * bsc#1232908 * bsc#1232927 * bsc#1232929 * bsc#1233680 * bsc#1233708 * bsc#1235062 * bsc#1235231 * bsc#1236244 Cross-References: * CVE-2024-40937 * CVE-2024-50124 * CVE-2024-50125 * CVE-2024-50127 * CVE-2024-50279 * CVE-2024-50301 * CVE-2024-53208 * CVE-2024-56601 * CVE-2024-56605 CVSS scores: * CVE-2024-40937 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50124 ( SUSE ): 7.5 CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50124 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50124 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50124 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50125 ( SUSE ): 7.5 CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50125 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50125 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50125 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50127 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50127 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50127 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50127 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50279 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-50279 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-50301 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-50301 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-53208 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53208 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53208 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53208 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56601 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56601 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56601 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56601 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56605 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves nine vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_65 fixes several issues. The following security issues were fixed: * CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231). * CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232908). * CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233708). * CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233680). * CVE-2024-53208: Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (bsc#1236244). *CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235062). * CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232929). * CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232927). * CVE-2024-40937: gve: Clear napi-> skb before dev_kfree_skb_any() (bsc#1227903). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-2157=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2157=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_65-default-18-150500.2.1 * kernel-livepatch-5_14_21-150500_55_65-default-debuginfo-18-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_14-debugsource-18-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_65-default-18-150500.2.1 * kernel-livepatch-5_14_21-150500_55_65-default-debuginfo-18-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_14-debugsource-18-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-40937.html * https://www.suse.com/security/cve/CVE-2024-50124.html * https://www.suse.com/security/cve/CVE-2024-50125.html * https://www.suse.com/security/cve/CVE-2024-50127.html * https://www.suse.com/security/cve/CVE-2024-50279.html * https://www.suse.com/security/cve/CVE-2024-50301.html * https://www.suse.com/security/cve/CVE-2024-53208.html * https://www.suse.com/security/cve/CVE-2024-56601.html * https://www.suse.com/security/cve/CVE-2024-56605.html * https://bugzilla.suse.com/show_bug.cgi?id=1227903 * https://bugzilla.suse.com/show_bug.cgi?id=1232908 * https://bugzilla.suse.com/show_bug.cgi?id=1232927 *https://bugzilla.suse.com/show_bug.cgi?id=1232929 * https://bugzilla.suse.com/show_bug.cgi?id=1233680 * https://bugzilla.suse.com/show_bug.cgi?id=1233708 * https://bugzilla.suse.com/show_bug.cgi?id=1235062 * https://bugzilla.suse.com/show_bug.cgi?id=1235231 * https://bugzilla.suse.com/show_bug.cgi?id=1236244 . An essential CentOS patch tackling significant security vulnerabilities within the Linux kernel, aimed at providing improved defense and reliability.. Linux Kernel Security, SUSE Update, Important Patch. . Severity: Important. LinuxSecurity.com Team

Jun 27, 2025 •Important SuSE

100

security advisorymoderatesecurity update

SUSE 12 SP5: 2025:0726-1 moderate: socat buffer overflow

* bsc#922903 Cross-References: * CVE-2015-1379 . # Security update for socat Announcement ID: SUSE-SU-2025:0726-1 Release Date: 2025-02-26T13:37:01Z Rating: moderate References: * bsc#922903 Cross-References: * CVE-2015-1379 CVSS scores: * CVE-2015-1379 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for socat fixes the following issues: * CVE-2015-1379: lack of async-signal-safe signal handlers can lead to crashes or freezing of socat processes (bsc#922903). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-726=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * socat-debuginfo-1.7.2.4-4.6.1 * socat-debugsource-1.7.2.4-4.6.1 * socat-1.7.2.4-4.6.1 ## References: * https://www.suse.com/security/cve/CVE-2015-1379.html * https://bugzilla.suse.com/show_bug.cgi?id=922903 . This notification outlines the security enhancement for socat in SUSE SE 12 SP5 addressing a medium-severity vulnerability recognized for inducing system failures.. socat security update, SUSE advisory, installation instructions, moderate advisory, fix instructions. . LinuxSecurity.com Team

Feb 26, 2025 SuSE

203

security advisorycriticalheap overflow

Mageia 9: 2025-0014 High Severity for Vim Heap Buffer Overflow

Heap-buffer-overflow with visual mode in Vim < 9.1.1003. (CVE-2025-22134) References: - https://bugs.mageia.org/show_bug.cgi?id=33911 . MGASA-2025-0014 - Updated vim packages fix security vulnerability Publication date: 18 Jan 2025 URL: https://advisories.mageia.org/MGASA-2025-0014.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-22134 Heap-buffer-overflow with visual mode in Vim < 9.1.1003. (CVE-2025-22134) References: - https://bugs.mageia.org/show_bug.cgi?id=33911 - https://openwall.com/lists/oss-security/2025/01/11/1 - https://www.cve.org/CVERecord?id=CVE-2025-22134 SRPMS: - 9/core/vim-9.1.1012-1.mga9 . Mageia 2025-0015 patches address serious memory corruption vulnerability in Emacs. Comprehensive information and solutions included.. heap overflow,vim security updates,Mageia advisory,buffer issue. . LinuxSecurity.com Team

Jan 18, 2025 Mageia

203

security advisoryvimbuffer issue

Mageia 9: 2024-0329 Critical: vim use-after-free Risk Resolution

Use-after-free when closing buffers in Vim < v9.1.0764. (CVE-2024-47814) References: - https://bugs.mageia.org/show_bug.cgi?id=33626 - https://www.openwall.com/lists/oss-security/2024/10/06/1 . MGASA-2024-0329 - Updated vim packages fix security vulnerability Publication date: 11 Oct 2024 URL: https://advisories.mageia.org/MGASA-2024-0329.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-47814 Use-after-free when closing buffers in Vim < v9.1.0764. (CVE-2024-47814) References: - https://bugs.mageia.org/show_bug.cgi?id=33626 - https://www.openwall.com/lists/oss-security/2024/10/06/1 - https://www.cve.org/CVERecord?id=CVE-2024-47814 SRPMS: - 9/core/vim-9.1.771-1.mga9 . Security patches for Vim resolve critical use-after-free vulnerabilities on Mageia 9. Explore the updates and their implications.. Mageia updates, vim security patches, use-after-free issue, buffer management, security advisory. . Severity: Critical. LinuxSecurity.com Team

Oct 11, 2024 •Critical Mageia

100

security advisorybug fiximportant

SUSE Linux Micro 5.5: 2024:1762-2 Important Buffer Fix for Perl

* bsc#1082216 * bsc#1082233 * bsc#1213638 Cross-References: . # Security update for perl Announcement ID: SUSE-SU-2024:1762-2 Rating: important References: * bsc#1082216 * bsc#1082233 * bsc#1213638 Cross-References: * CVE-2018-6798 * CVE-2018-6913 CVSS scores: * CVE-2018-6798 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2018-6913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2018-6913 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for perl fixes the following issues: Security issues fixed: * CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) * CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: * make Net::FTP work with TLS 1.3 (bsc#1213638) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-1762=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * perl-5.26.1-150300.17.17.1 * perl-debuginfo-5.26.1-150300.17.17.1 * perl-debugsource-5.26.1-150300.17.17.1 * perl-base-5.26.1-150300.17.17.1 * perl-base-debuginfo-5.26.1-150300.17.17.1 ## References: * https://www.suse.com/security/cve/CVE-2018-6798.html * https://www.suse.com/security/cve/CVE-2018-6913.html * https://bugzilla.suse.com/show_bug.cgi?id=1082216 * https://bugzilla.suse.com/show_bug.cgi?id=1082233 * https://bugzilla.suse.com/show_bug.cgi?id=1213638 . Essential enhancements for Perl within SUSE 5.5 targeting memory overflow and buffer vulnerabilities. Ensure your system's security with the most recentpatches.. SUSE Linux Security, Perl Security Update, Heap Overflow Fix. . Severity: Important. LinuxSecurity.com Team

Aug 19, 2024 •Important SuSE

security advisoryhigh severityFedora

Fedora 40 High Advisory FEDORA-2024-2e27372d4c: Qt5 Buffer Issue

Qt 5.15.14 bugfix update. Fix CVE-2024-36048. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-2e27372d4c 2024-06-05 01:40:23.602023 -------------------------------------------------------------------------------- Name : qt5 Product : Fedora 40 Version : 5.15.14 Release : 1.fc40 URL : https://fedoraproject.org/ Summary : Qt5 meta package Description : Qt5 meta package. -------------------------------------------------------------------------------- Update Information: Qt 5.15.14 bugfix update. Fix CVE-2024-36048 -------------------------------------------------------------------------------- ChangeLog: * Wed May 29 2024 Jan Grulich - 5.15.14-1 - 5.15.14 * Mon May 6 2024 Liu Yang - 5.15.13-2 - Add riscv64 to macro i386 i486 i586 i686 pentium3 pentium4 athlon geode x86_64 armv3l armv4b armv4l armv4tl armv5tl armv5tel armv5tejl armv6l armv6hl armv7l armv7hl armv7hnl armv8l armv8hl armv8hnl armv8hcnl aarch64 mips mipsel mips64el. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2282866 - CVE-2024-36048 qt5-qtnetworkauth: qtnetworkauth: badly seeded PRNG may result in guessable values [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2282866 [ 2 ] Bug #2282867 - CVE-2024-36048 qt5-qtnetworkauth: qtnetworkauth: badly seeded PRNG may result in guessable values [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2282867 [ 3 ] Bug #2282869 - CVE-2024-36048 qt5-qtnetworkauth: qtnetworkauth: badly seeded PRNG may result in guessable values [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2282869 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-2e27372d4c' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . The Qt 5.15.14 bug fix update has been deployed for Fedora 40, remedying the security vulnerability labeled CVE-2024-36049.. Fedora 40 Security, Qt5 Bugfix, PRNG Vulnerability. . LinuxSecurity.com Team

Jun 05, 2024 Fedora

100

security advisorymoderatebuffer overflow

SUSE: 2024:0915-1 moderate: tiff integer and buffer resolutions

* bsc#1213590 * bsc#1214686 * bsc#1214687 * bsc#1221187 * bsc#960589 . # Security update for tiff Announcement ID: SUSE-SU-2024:0915-1 Rating: moderate References: * bsc#1213590 * bsc#1214686 * bsc#1214687 * bsc#1221187 * bsc#960589 Cross-References: * CVE-2015-8668 * CVE-2023-38288 * CVE-2023-40745 * CVE-2023-41175 CVSS scores: * CVE-2015-8668 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-38288 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-40745 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40745 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-41175 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-41175 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves four vulnerabilities and has one security fix can now be installed. ## Description: This update for tiff fixes the following issues: * CVE-2023-41175: Fixed potential integer overflow in raw2tiff.c (bsc#1214686). * CVE-2023-38288: Fixed potential integer overflow in raw2tiff.c (bsc#1213590). * CVE-2023-40745: Fixed integer overflow in tiffcp.c (bsc#1214687). * CVE-2015-8668: Fixed Heap-based buffer overflow in bmp2tiff / PackBitsEncode (bsc#960589). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-915=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-915=1 * SUSE LinuxEnterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-915=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-915=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libtiff-devel-4.0.9-44.80.1 * tiff-debuginfo-4.0.9-44.80.1 * tiff-debugsource-4.0.9-44.80.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libtiff5-debuginfo-4.0.9-44.80.1 * libtiff5-4.0.9-44.80.1 * tiff-4.0.9-44.80.1 * tiff-debuginfo-4.0.9-44.80.1 * tiff-debugsource-4.0.9-44.80.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libtiff5-debuginfo-32bit-4.0.9-44.80.1 * libtiff5-32bit-4.0.9-44.80.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libtiff5-debuginfo-4.0.9-44.80.1 * libtiff5-4.0.9-44.80.1 * tiff-4.0.9-44.80.1 * tiff-debuginfo-4.0.9-44.80.1 * tiff-debugsource-4.0.9-44.80.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libtiff5-debuginfo-32bit-4.0.9-44.80.1 * libtiff5-32bit-4.0.9-44.80.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libtiff5-debuginfo-4.0.9-44.80.1 * libtiff5-4.0.9-44.80.1 * tiff-4.0.9-44.80.1 * tiff-debuginfo-4.0.9-44.80.1 * tiff-debugsource-4.0.9-44.80.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libtiff5-debuginfo-32bit-4.0.9-44.80.1 * libtiff5-32bit-4.0.9-44.80.1 ## References: * https://www.suse.com/security/cve/CVE-2015-8668.html * https://www.suse.com/security/cve/CVE-2023-38288.html * https://www.suse.com/security/cve/CVE-2023-40745.html * https://www.suse.com/security/cve/CVE-2023-41175.html * https://bugzilla.suse.com/show_bug.cgi?id=1213590 * https://bugzilla.suse.com/show_bug.cgi?id=1214686 * https://bugzilla.suse.com/show_bug.cgi?id=1214687 * https://bugzilla.suse.com/show_bug.cgi?id=1221187 *https://bugzilla.suse.com/show_bug.cgi?id=960589 . Routine security enhancement for ImageMagick addressing various vulnerabilities within SUSE ecosystems, notably integer and memory overflow concerns.. SUSE Security Update, TIFF Vulnerability, Integer Overflow Fix, Buffer Overflow Resolution. . LinuxSecurity.com Team

Mar 18, 2024 SuSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Linux Advisory Watch

Linux Security Week

Community Poll

More Polls

What got you started with Linux?

Message!

Self-taught through trial and error
Formal training or courses
A job that required it
Other

No answer selected. Please try again.

Please select either existing option or enter your own, however not both.

Please select minimum {0} answer(s).

Please select maximum {0} answer(s).

/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json

150

radio

Self-taught through trial and error (78.42%)

78.42% votes

Formal training or courses (4.32%)

4.32% votes

A job that required it (4.89%)

4.89% votes

Other (12.37%)

12.37% votes

bottom 200

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Fedora 44 stb_image Memory Access Security Fix 2026-f45664a58a

SUSE: 2025:02157-1 important: Linux Kernel Buffer Issues Resolved

SUSE 12 SP5: 2025:0726-1 moderate: socat buffer overflow

Mageia 9: 2025-0014 High Severity for Vim Heap Buffer Overflow

Mageia 9: 2024-0329 Critical: vim use-after-free Risk Resolution

SUSE Linux Micro 5.5: 2024:1762-2 Important Buffer Fix for Perl

Fedora 40 High Advisory FEDORA-2024-2e27372d4c: Qt5 Buffer Issue

SUSE: 2024:0915-1 moderate: tiff integer and buffer resolutions

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!