Explore top 10 tips to secure your open-source projects now. Read More
×
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-19566 http://linux.oracle.com/errata/ELSA-2026-19566.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: glib2-2.56.1-9.0.5.el7_9.i686.rpm glib2-2.56.1-9.0.5.el7_9.x86_64.rpm glib2-devel-2.56.1-9.0.5.el7_9.i686.rpm glib2-devel-2.56.1-9.0.5.el7_9.x86_64.rpm glib2-doc-2.56.1-9.0.5.el7_9.noarch.rpm glib2-fam-2.56.1-9.0.5.el7_9.x86_64.rpm glib2-static-2.56.1-9.0.5.el7_9.i686.rpm glib2-static-2.56.1-9.0.5.el7_9.x86_64.rpm glib2-tests-2.56.1-9.0.5.el7_9.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/glib2-2.56.1-9.0.5.el7_9.src.rpm Related CVEs: CVE-2025-14087 Description of changes: [2.56.1-9.0.5] - Fixes CVE-2025-14078 gvariant parser buffer underflow [Orabug: 39418716] [2.56.1-9.0.3] - Fixes CVE-2025-13601 g_escape_uri_string() overflow [Orabug: 38909821] [2.56.1-9.0.1] - Fix overflow of GDBusConnection serial [Orabug: 38666376] _______________________________________________ El-errata mailing list
CVE-2026-34253 - fix arbitrary code execution via buffer underflow. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-cbf4cd18d1 2026-06-19 01:08:57.989075+00:00 -------------------------------------------------------------------------------- Name : vorbis-tools Product : Fedora 43 Version : 1.4.3 Release : 4.fc43 URL : https://www.xiph.org/ Summary : The Vorbis General Audio Compression Codec tools Description : Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. The vorbis package contains an encoder, a decoder, a playback tool, and a comment editor. -------------------------------------------------------------------------------- Update Information: CVE-2026-34253 - fix arbitrary code execution via buffer underflow -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Lukáš Zaoral - 1:1.4.3-4 - CVE-2026-34253 - fix arbitrary code execution via buffer underflow (rhbz#2479549) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2479549 - CVE-2026-34253 vorbis-tools: vorbis-tools ogg123: Arbitrary code execution via buffer underflow in remote control functionality [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2479549 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-cbf4cd18d1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Critical update for Fedora 43's vorbis-tools addressing CVE-2026-34253 involving buffer underflow and execution risk.. arbitrary execution, code execution, buffer underflow, vorbis-tools, Fedora update. . Severity: Important. LinuxSecurity.com Team
CVE-2026-34253 - fix arbitrary code execution via buffer underflow. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-884a9f0fc3 2026-06-17 08:41:51.002462+00:00 -------------------------------------------------------------------------------- Name : vorbis-tools Product : Fedora 44 Version : 1.4.3 Release : 5.fc44 URL : https://www.xiph.org/ Summary : The Vorbis General Audio Compression Codec tools Description : Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. The vorbis package contains an encoder, a decoder, a playback tool, and a comment editor. -------------------------------------------------------------------------------- Update Information: CVE-2026-34253 - fix arbitrary code execution via buffer underflow -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Lukáš Zaoral - 1:1.4.3-5 - CVE-2026-34253 - fix arbitrary code execution via buffer underflow (rhbz#2479549) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2479549 - CVE-2026-34253 vorbis-tools: vorbis-tools ogg123: Arbitrary code execution via buffer underflow in remote control functionality [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2479549 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-884a9f0fc3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- . CVE-2026-34253 update in Fedora 44 to fix arbitrary code execution via buffer underflow for vorbis-tools.. Fedora vorbis-tools update buffer underflow CVE-2026-34253. . Severity: Important. LinuxSecurity.com Team
Security update. Publication date: 12 Jun 2026 URL: https://advisories.mageia.org/MGASA-2026-0202.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-0964, CVE-2026-0965, CVE-2026-0966, CVE-2026-0967, CVE-2026-0968 Description: CVE-2026-0964 Improper sanitation of paths received from SCP servers CVE-2026-0965 The libssh can attempt to read non-regular files when misconfigured, which could cause resource exhaustion or blocking. CVE-2026-0966 Providing 0-length input for the ssh_get_hexa() causes 1-byte buffer underflow on heap, possibly causing memory corruption. CVE-2026-0967 Pattern matching at various places in libssh could lead to complex backtracking causing timeouts. CVE-2026-0968 Possible read behind bounds of longname References: - https://bugs.mageia.org/show_bug.cgi?id=35138 - http://www.slackware.com/security/viewer.php?l=slackware-security&y=2026&m=slackware-security.387438 - https://www.libssh.org/security/advisories/CVE-2026-0964.txt - https://www.libssh.org/security/advisories/CVE-2026-0965.txt - https://www.libssh.org/security/advisories/CVE-2026-0966.txt - https://www.libssh.org/security/advisories/CVE-2026-0967.txt - https://www.libssh.org/security/advisories/CVE-2026-0968.txt - https://www.cve.org/CVERecord?id=CVE-2026-0964 - https://www.cve.org/CVERecord?id=CVE-2026-0965 - https://www.cve.org/CVERecord?id=CVE-2026-0966 - https://www.cve.org/CVERecord?id=CVE-2026-0967 - https://www.cve.org/CVERecord?id=CVE-2026-0968 SRPMS: - 9/core/libssh-0.10.6-1.2.mga9 . Mageia 9 libssh security update addresses critical issues including buffer underflow and resource exhaustion.. libssh, Mageia, security update, resource exhaustion, memory corruption. . Severity: Critical. LinuxSecurity.com Team
An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for vorbis-tools ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20891-1 Rating: moderate References: * bsc#1265361 Cross-References: * CVE-2026-34253 CVSS scores: * CVE-2026-34253 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-34253 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for vorbis-tools fixes the following issues: Changes in vorbis-tools: - CVE-2026-34253: Fix buffer underflow in the `ogg123` utility in function `remotethread` of `remote.c` (bsc#1265361): Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-293=1 Package List: - openSUSE Leap 16.0: vorbis-tools-1.4.2-bp160.2.1 vorbis-tools-lang-1.4.2-bp160.2.1 References: * https://www.suse.com/security/cve/CVE-2026-34253.html . This openSUSE advisory details a moderate patch for vorbis-tools addressing a buffer underflow issue to enhance security.. OpenSUSE Update, Vorbis Tools Security Fix, Linux Buffer Underflow. . Severity: moderate. LinuxSecurity.com Team
An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for vorbis-tools ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20891-1 Rating: moderate References: * bsc#1265361 Cross-References: * CVE-2026-34253 CVSS scores: * CVE-2026-34253 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-34253 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for vorbis-tools fixes the following issues: Changes in vorbis-tools: - CVE-2026-34253: Fix buffer underflow in the `ogg123` utility in function `remotethread` of `remote.c` (bsc#1265361): Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-293=1 Package List: - openSUSE Leap 16.0: vorbis-tools-1.4.2-bp160.2.1 vorbis-tools-lang-1.4.2-bp160.2.1 References: * https://www.suse.com/security/cve/CVE-2026-34253.html . Explore the moderate security advisory for vorbis-tools fixing buffer underflow in openSUSE Leap 16.0.. openSUSE, vorbis-tools, buffer underflow, security update, threat mitigation. . Severity: moderate. LinuxSecurity.com Team
Moderate: glib2 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:15969", "synopsis": "Moderate: glib2 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for glib2.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.\n\nSecurity Fix(es):\n\n* glib: GLib: Buffer underflow in GVariant parser leads to heap corruption (CVE-2025-14087)\n\n* glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow (CVE-2025-14512)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2419093", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2419093", "description": ""}, {"ticket": "2421339", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2421339", "description": ""}], "cves": [{"name": "CVE-2025-14087", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss3BaseScore": "5.6", "cwe": "CWE-190"}, {"name": "CVE-2025-14512", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3BaseScore": "6.5", "cwe": "CWE-190"}], "references": [], "publishedAt": "2026-05-13T12:06:54.356511Z", "rpms": {"Rocky Linux 10": {"nvras":["glib2-devel-0:2.80.4-10.el10_1.13.ppc64le.rpm", "glib2-tests-debuginfo-0:2.80.4-10.el10_1.13.ppc64le.rpm", "glib2-debugsource-0:2.80.4-10.el10_1.13.s390x.rpm", "glib2-debuginfo-0:2.80.4-10.el10_1.13.ppc64le.rpm", "glib2-debugsource-0:2.80.4-10.el10_1.13.ppc64le.rpm", "glib2-tests-0:2.80.4-10.el10_1.13.x86_64.rpm", "glib2-debugsource-0:2.80.4-10.el10_1.13.aarch64.rpm", "glib2-doc-0:2.80.4-10.el10_1.13.aarch64.rpm", "glib2-static-0:2.80.4-10.el10_1.13.ppc64le.rpm", "glib2-doc-0:2.80.4-10.el10_1.13.x86_64.rpm", "glib2-static-0:2.80.4-10.el10_1.13.aarch64.rpm", "glib2-debugsource-0:2.80.4-10.el10_1.13.x86_64.rpm", "glib2-tests-0:2.80.4-10.el10_1.13.s390x.rpm", "glib2-tests-0:2.80.4-10.el10_1.13.aarch64.rpm", "glib2-devel-0:2.80.4-10.el10_1.13.aarch64.rpm", "glib2-devel-0:2.80.4-10.el10_1.13.x86_64.rpm", "glib2-tests-debuginfo-0:2.80.4-10.el10_1.13.x86_64.rpm", "glib2-devel-debuginfo-0:2.80.4-10.el10_1.13.x86_64.rpm", "glib2-doc-0:2.80.4-10.el10_1.13.ppc64le.rpm", "glib2-devel-debuginfo-0:2.80.4-10.el10_1.13.s390x.rpm", "glib2-0:2.80.4-10.el10_1.13.x86_64.rpm", "glib2-doc-0:2.80.4-10.el10_1.13.s390x.rpm", "glib2-0:2.80.4-10.el10_1.13.s390x.rpm", "glib2-debuginfo-0:2.80.4-10.el10_1.13.x86_64.rpm", "glib2-static-0:2.80.4-10.el10_1.13.x86_64.rpm", "glib2-devel-debuginfo-0:2.80.4-10.el10_1.13.ppc64le.rpm", "glib2-0:2.80.4-10.el10_1.13.aarch64.rpm", "glib2-devel-debuginfo-0:2.80.4-10.el10_1.13.aarch64.rpm", "glib2-devel-0:2.80.4-10.el10_1.13.s390x.rpm", "glib2-0:2.80.4-10.el10_1.13.src.rpm", "glib2-tests-debuginfo-0:2.80.4-10.el10_1.13.aarch64.rpm", "glib2-0:2.80.4-10.el10_1.13.ppc64le.rpm", "glib2-debuginfo-0:2.80.4-10.el10_1.13.s390x.rpm", "glib2-static-0:2.80.4-10.el10_1.13.s390x.rpm", "glib2-tests-debuginfo-0:2.80.4-10.el10_1.13.s390x.rpm", "glib2-tests-0:2.80.4-10.el10_1.13.ppc64le.rpm", "glib2-debuginfo-0:2.80.4-10.el10_1.13.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. A security advisory update for glib2 on Rocky Linux addresses moderate security issues, including heap corruption.. glib2security, Rocky Linux updates, moderate severity fixes. . LinuxSecurity.com Team
Moderate: glib2 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:15971", "synopsis": "Moderate: glib2 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for glib2.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.\n\nSecurity Fix(es):\n\n* glib: GLib: Buffer underflow in GVariant parser leads to heap corruption (CVE-2025-14087)\n\n* glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow (CVE-2025-14512)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2419093", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2419093", "description": ""}, {"ticket": "2421339", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2421339", "description": ""}], "cves": [{"name": "CVE-2025-14087", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss3BaseScore": "5.6", "cwe": "CWE-190"}, {"name": "CVE-2025-14512", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3BaseScore": "6.5", "cwe": "CWE-190"}], "references": [], "publishedAt": "2026-05-13T12:03:42.485295Z", "rpms": {"Rocky Linux 9": {"nvras":["glib2-0:2.68.4-18.el9_7.2.aarch64.rpm", "glib2-0:2.68.4-18.el9_7.2.i686.rpm", "glib2-0:2.68.4-18.el9_7.2.ppc64le.rpm", "glib2-0:2.68.4-18.el9_7.2.s390x.rpm", "glib2-0:2.68.4-18.el9_7.2.src.rpm", "glib2-0:2.68.4-18.el9_7.2.x86_64.rpm", "glib2-debuginfo-0:2.68.4-18.el9_7.2.aarch64.rpm", "glib2-debuginfo-0:2.68.4-18.el9_7.2.i686.rpm", "glib2-debuginfo-0:2.68.4-18.el9_7.2.ppc64le.rpm", "glib2-debuginfo-0:2.68.4-18.el9_7.2.s390x.rpm", "glib2-debuginfo-0:2.68.4-18.el9_7.2.x86_64.rpm", "glib2-debugsource-0:2.68.4-18.el9_7.2.aarch64.rpm", "glib2-debugsource-0:2.68.4-18.el9_7.2.i686.rpm", "glib2-debugsource-0:2.68.4-18.el9_7.2.ppc64le.rpm", "glib2-debugsource-0:2.68.4-18.el9_7.2.s390x.rpm", "glib2-debugsource-0:2.68.4-18.el9_7.2.x86_64.rpm", "glib2-devel-0:2.68.4-18.el9_7.2.aarch64.rpm", "glib2-devel-0:2.68.4-18.el9_7.2.i686.rpm", "glib2-devel-0:2.68.4-18.el9_7.2.ppc64le.rpm", "glib2-devel-0:2.68.4-18.el9_7.2.s390x.rpm", "glib2-devel-0:2.68.4-18.el9_7.2.x86_64.rpm", "glib2-devel-debuginfo-0:2.68.4-18.el9_7.2.aarch64.rpm", "glib2-devel-debuginfo-0:2.68.4-18.el9_7.2.i686.rpm", "glib2-devel-debuginfo-0:2.68.4-18.el9_7.2.ppc64le.rpm", "glib2-devel-debuginfo-0:2.68.4-18.el9_7.2.s390x.rpm", "glib2-devel-debuginfo-0:2.68.4-18.el9_7.2.x86_64.rpm", "glib2-doc-0:2.68.4-18.el9_7.2.noarch.rpm", "glib2-static-0:2.68.4-18.el9_7.2.aarch64.rpm", "glib2-static-0:2.68.4-18.el9_7.2.i686.rpm", "glib2-static-0:2.68.4-18.el9_7.2.ppc64le.rpm", "glib2-static-0:2.68.4-18.el9_7.2.s390x.rpm", "glib2-static-0:2.68.4-18.el9_7.2.x86_64.rpm", "glib2-tests-0:2.68.4-18.el9_7.2.aarch64.rpm", "glib2-tests-0:2.68.4-18.el9_7.2.ppc64le.rpm", "glib2-tests-0:2.68.4-18.el9_7.2.s390x.rpm", "glib2-tests-0:2.68.4-18.el9_7.2.x86_64.rpm", "glib2-tests-debuginfo-0:2.68.4-18.el9_7.2.aarch64.rpm", "glib2-tests-debuginfo-0:2.68.4-18.el9_7.2.ppc64le.rpm", "glib2-tests-debuginfo-0:2.68.4-18.el9_7.2.s390x.rpm", "glib2-tests-debuginfo-0:2.68.4-18.el9_7.2.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Moderate glib2 security update highlights key fixesfor Rocky Linux 9. Protect your systems against these identified issues.. Rocky Linux glib2 update security patches heap overflow buffer underflow. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.