Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -6 articles for you...
87

Debian 12: DSA-5870-1 critical: openh264 buffer overflow

A heap-based buffer overflow flaw in the decoding functions of openh264, a codec library which supports H.264 encoding and decoding, may allow a remote attacker to cause a denial of service or the execution of arbitrary code if a specially crafted video is processed. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5870-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso February 26, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openh264 CVE ID : CVE-2025-27091 Debian Bug : 1098470 A heap-based buffer overflow flaw in the decoding functions of openh264, a codec library which supports H.264 encoding and decoding, may allow a remote attacker to cause a denial of service or the execution of arbitrary code if a specially crafted video is processed. For the stable distribution (bookworm), this problem has been fixed in version 2.3.1+dfsg-3+deb12u1. We recommend that you upgrade your openh264 packages. For the detailed security status of openh264 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/openh264 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Ubuntu Security Notice USN-5820-1 brings attention to a critical vulnerability in libavcodec, advising users to apply updates for improved safety and performance.. buffer overflow, openh264, security advisory, Debian updates. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Feb 26, 2025 Critical Debian
87

Debian 4:0.5.9-1 Critical: Ffmpeg Codec Security Problems

It was discovered that ffmpeg, Debian's version of the libav media codec suite, contains vulnerabilities in the DPCM codecs (CVE-2011-3951), H.264 (CVE-2012-0851), ADPCM (CVE-2012-0852), and the KMVC decoder (CVE-2011-3952). . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2494-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Florian Weimer June 14, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ffmpeg Vulnerability : several Problem type : local (remote) Debian-specific: no CVE ID : CVE-2011-3951 CVE-2011-3952 CVE-2012-0851 CVE-2012-0852 It was discovered that ffmpeg, Debian's version of the libav media codec suite, contains vulnerabilities in the DPCM codecs (CVE-2011-3951), H.264 (CVE-2012-0851), ADPCM (CVE-2012-0852), and the KMVC decoder (CVE-2011-3952). In addition, this update contains bug fixes from the libav 0.5.9 upstream release. For the stable distribution (squeeze), these problems have been fixed in version 4:0.5.9-1. For the unstable distribution (sid), these problems have been fixed in version 6:0.8.3-1. We recommend that you upgrade your ffmpeg packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . An update has been rolled out for Debian's ffmpeg that tackles several codec security flaws along with enhancements for overall performance.. Debian Security, Ffmpeg Update, Codec Issues, Media Codec Suite, Bug Fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 14, 2012 Critical Debian
200

Scientific Linux: Important libvorbis Update CVE-2009-2663 DoS Threat

Important: libvorbis security update. Date: Tue, 18 Aug 2009 17:04:35 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Important: libvorbis on SL3.x, SL4.x, SL5.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Important: libvorbis security update Issue date: 2009-08-18 CVE Names: CVE-2009-2663 CVE-2009-2663 libvorbis: Improper codec headers processing (DoS, ACE) An insufficient input validation flaw was found in the way libvorbis processes the codec file headers (static mode headers and encoding books) of the Ogg Vorbis audio file format (Ogg). A remote attacker could provide a specially-crafted Ogg file that would cause a denial of service (memory corruption and application crash) or, potentially, execute arbitrary code with the privileges of an application using the libvorbis library when opened by a victim. (CVE-2009-2663) The desktop must be restarted (log out, then log back in) for this update to take effect. SL 3.0.x SRPMS: libvorbis-1.0-11.el3.src.rpm i386: libvorbis-1.0-11.el3.i386.rpm libvorbis-devel-1.0-11.el3.i386.rpm x86_64: libvorbis-1.0-11.el3.i386.rpm libvorbis-1.0-11.el3.x86_64.rpm libvorbis-devel-1.0-11.el3.x86_64.rpm SL 4.x SRPMS: libvorbis-1.1.0-3.el4_8.2.src.rpm i386: libvorbis-1.1.0-3.el4_8.2.i386.rpm libvorbis-devel-1.1.0-3.el4_8.2.i386.rpm x86_64: libvorbis-1.1.0-3.el4_8.2.i386.rpm libvorbis-1.1.0-3.el4_8.2.x86_64.rpm libvorbis-devel-1.1.0-3.el4_8.2.x86_64.rpm SL 5.x SRPMS: libvorbis-1.1.2-3.el5_3.3.src.rpm i386: libvorbis-1.1.2-3.el5_3.3.i386.rpm libvorbis-devel-1.1.2-3.el5_3.3.i386.rpm x86_64: libvorbis-1.1.2-3.el5_3.3.i386.rpm libvorbis-1.1.2-3.el5_3.3.x86_64.rpm libvorbis-devel-1.1.2-3.el5_3.3.i386.rpm libvorbis-devel-1.1.2-3.el5_3.3.x86_64.rpm -Connie Sieh -Troy Dawson . Crucial libvorbis patch aimed at mitigating a DoS vulnerability for users on Scientific Linux platforms.. libvorbis security, scientific linux update, critical vulnerability, codec threat. .Severity: Important. LinuxSecurity.com Team

Calendar%202 Aug 18, 2009 Important Scientific Linux
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200