Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
89
security advisoryfedoracriticalFedora 44 libmicrohttpd Major Update Resolving Null Pointer Complications
Update to 1.0.5-1 Update to 1.0.4-1 Update to 1.0.3-1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-17060a5ba0 2026-04-25 01:21:36.173323+00:00 -------------------------------------------------------------------------------- Name : libmicrohttpd Product : Fedora 44 Version : 1.0.5 Release : 1.fc44 URL : http://www.gnu.org/software/libmicrohttpd/ Summary : Lightweight library for embedding a webserver in applications Description : GNU libmicrohttpd is a small C library that is supposed to make it easy to run an HTTP server as part of another application. Key features that distinguish libmicrohttpd from other projects are: * C library: fast and small * API is simple, expressive and fully reentrant * Implementation is http 1.1 compliant * HTTP server can listen on multiple ports * Support for IPv6 * Support for incremental processing of POST data * Creates binary of only 25k (for now) * Three different threading models -------------------------------------------------------------------------------- Update Information: Update to 1.0.5-1 Update to 1.0.4-1 Update to 1.0.3-1 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 16 2026 Martin Gansser - 1:1.0.5-1 - Update to 1:1.0.5 * Mon Apr 13 2026 Martin Gansser - 1:1.0.4-1 - Update to 1:1.0.4 * Thu Apr 2 2026 Martin Gansser - 1:1.0.3-1 - Update to 1:1.0.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2413882 - CVE-2025-59777 libmicrohttpd: GNU libmicrohttpd null pointer dereference [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2413882 [ 2 ] Bug #2413888 - CVE-2025-59777 libmicrohttpd: GNU libmicrohttpd null pointer dereference [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2413888 [ 3 ] Bug #2413893 - CVE-2025-62689 libmicrohttpd: GNU libmicrohttpd nullpointer dereference [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2413893 [ 4 ] Bug #2413896 - CVE-2025-62689 libmicrohttpd: GNU libmicrohttpd null pointer dereference [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2413896 [ 5 ] Bug #2454160 - libmicrohttpd-1.0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2454160 [ 6 ] Bug #2457804 - libmicrohttpd-1.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2457804 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-17060a5ba0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 25, 2026
•Critical
Fedora
89
security advisoryfedoraupdateFedora 43 libmicrohttpd Null Pointer Dereference Advisory 2026-65a08d1312
Update to 1.0.3-1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-65a08d1312 2026-04-12 15:36:52.829593+00:00 -------------------------------------------------------------------------------- Name : libmicrohttpd Product : Fedora 43 Version : 1.0.3 Release : 1.fc43 URL : http://www.gnu.org/software/libmicrohttpd/ Summary : Lightweight library for embedding a webserver in applications Description : GNU libmicrohttpd is a small C library that is supposed to make it easy to run an HTTP server as part of another application. Key features that distinguish libmicrohttpd from other projects are: * C library: fast and small * API is simple, expressive and fully reentrant * Implementation is http 1.1 compliant * HTTP server can listen on multiple ports * Support for IPv6 * Support for incremental processing of POST data * Creates binary of only 25k (for now) * Three different threading models -------------------------------------------------------------------------------- Update Information: Update to 1.0.3-1 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2026 Martin Gansser - 1:1.0.3-1 - Update to 1:1.0.3 * Fri Jan 16 2026 Fedora Release Engineering - 1:1.0.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2413882 - CVE-2025-59777 libmicrohttpd: GNU libmicrohttpd null pointer dereference [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2413882 [ 2 ] Bug #2413888 - CVE-2025-59777 libmicrohttpd: GNU libmicrohttpd null pointer dereference [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2413888 [ 3 ] Bug #2413893 - CVE-2025-62689 libmicrohttpd: GNU libmicrohttpd null pointer dereference [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2413893 [ 4 ] Bug #2413896 - CVE-2025-62689 libmicrohttpd: GNU libmicrohttpd null pointer dereference [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2413896 [ 5 ] Bug #2454160 - libmicrohttpd-1.0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2454160 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-65a08d1312' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 12, 2026
•Important
Fedora
89
security advisorydenial of servicefedoraFedora 42 mingw-expat Update 2.7.5 Addresses Denial of Service Issue
Update to 2.7.5.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-1cbd107c34 2026-03-30 18:41:12.319042+00:00 -------------------------------------------------------------------------------- Name : mingw-expat Product : Fedora 42 Version : 2.7.5 Release : 1.fc42 URL : http://www.libexpat.org/ Summary : MinGW Windows port of expat XML parser library Description : This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. A start tag is an example of the kind of structures for which you may register handlers. -------------------------------------------------------------------------------- Update Information: Update to 2.7.5. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 21 2026 Sandro Mani - 2.7.5-1 - Update to 2.7.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2447973 - CVE-2026-32777 mingw-expat: libexpat: Denial of Service via infinite loop in DTD content parsing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2447973 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-1cbd107c34' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 30, 2026
•Important
Fedora
89
security advisoryfedoracriticalUbuntu 20.04 mingw-libxml Critical Memory Leak Mitigation 2026-82938471f4
Update to expat-2.7.4.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-37324381f3 2026-02-15 01:10:21.966845+00:00 -------------------------------------------------------------------------------- Name : mingw-expat Product : Fedora 43 Version : 2.7.4 Release : 1.fc43 URL : http://www.libexpat.org/ Summary : MinGW Windows port of expat XML parser library Description : This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. A start tag is an example of the kind of structures for which you may register handlers. -------------------------------------------------------------------------------- Update Information: Update to expat-2.7.4. -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 6 2026 Sandro Mani - 2.7.4-1 - Update to 2.7.4 * Fri Jan 16 2026 Fedora Release Engineering - 2.7.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2433616 - CVE-2026-24515 mingw-expat: libexpat null pointer dereference [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2433616 [ 2 ] Bug #2433618 - CVE-2026-24515 mingw-expat: libexpat null pointer dereference [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433618 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-37324381f3' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 15, 2026
•Critical
Fedora
172
security advisorydenial of servicearbitrary code executionUbuntu 24.04 LTS Libwebsockets High Denial of Service Risks USN-8024-1
Several security issues were fixed in Libwebsockets.. ========================================================================== Ubuntu Security Notice USN-8024-1 February 11, 2026 libwebsockets vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Libwebsockets. Software Description: - libwebsockets: C library for building WebSocket-based network applications Details: Raffaele Bova discovered that Libwebsockets incorrectly handled memory when the upgrade header is not valid in the WebSocket server. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-11677) Raffaele Bova discovered that Libwebsockets did not properly check the size of the destination buffer in the async-dns component. An attacker could possibly use this issue to cause applications to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-11678) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libwebsockets19t64 4.3.3-1.1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS libwebsockets16 4.0.20-2ubuntu1.1 Ubuntu 20.04 LTS libwebsockets15 3.2.1-3ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8024-1 CVE-2025-11677, CVE-2025-11678 Package Information: https://launchpad.net/ubuntu/+source/libwebsockets/4.0.20-2ubuntu1.1 . Libwebsockets fixes several issues in Ubuntu affecting denial of service and potential code execution vulnerabilities.. Ubuntu Libwebsockets security patchnetwork applications. . Severity: Important. LinuxSecurity.com Team
Feb 12, 2026
•Important
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!