Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisoryfedorasoftware updateFedora 41: FEDORA-2025-051becf4f2 moderate: perl-Compress-Raw-Lzma heap bug
xz 5.8.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-051becf4f2 2025-05-10 01:58:21.497365+00:00 -------------------------------------------------------------------------------- Name : perl-Compress-Raw-Lzma Product : Fedora 41 Version : 2.212 Release : 6.fc41 URL : https://metacpan.org/dist/Compress-Raw-Lzma Summary : Low-level interface to lzma compression library Description : This module provides a Perl interface to the lzma compression library. It is used by IO::Compress::Lzma. -------------------------------------------------------------------------------- Update Information: xz 5.8.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2025 Richard W.M. Jones - 2.212-6 - Rebuild against xz 5.8.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2357253 - CVE-2025-31115 xz: XZ has a heap-use-after-free bug in threaded .xz decoder [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2357253 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-051becf4f2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 10, 2025
Fedora
217
security advisorysecurity patchinfinite loopOracle Linux 8 ELSA-2023-0379 Critical: LibXpm Security Fixes
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-0379 https://linux.oracle.com/errata/ELSA-2023-0379.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libXpm-3.5.12-9.el8_7.i686.rpm libXpm-3.5.12-9.el8_7.x86_64.rpm libXpm-devel-3.5.12-9.el8_7.i686.rpm libXpm-devel-3.5.12-9.el8_7.x86_64.rpm aarch64: libXpm-3.5.12-9.el8_7.aarch64.rpm libXpm-devel-3.5.12-9.el8_7.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates//libXpm-3.5.12-9.el8_7.src.rpm Related CVEs: CVE-2022-4883 CVE-2022-44617 CVE-2022-46285 Description of changes: [3.5.12-9] - Fix CVE-2022-46285: infinite loop on unclosed comments (#2161800) - Fix CVE-2022-44617: runaway loop with width of 0 (#2161808) - Fix CVE-2022-4883: compression depends on $PATH (#2160238) _______________________________________________ El-errata mailing list
Jan 24, 2023
•Critical
Oracle
217
security advisorycriticalinfinite loopOracle Linux 9 ELSA-2023-0383: Important LibXpm Security Issues Fixed
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-0383 https://linux.oracle.com/errata/ELSA-2023-0383.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: libXpm-3.5.13-8.el9_1.i686.rpm libXpm-3.5.13-8.el9_1.x86_64.rpm libXpm-devel-3.5.13-8.el9_1.i686.rpm libXpm-devel-3.5.13-8.el9_1.x86_64.rpm aarch64: libXpm-3.5.13-8.el9_1.aarch64.rpm libXpm-devel-3.5.13-8.el9_1.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol9/SRPMS-updates//libXpm-3.5.13-8.el9_1.src.rpm Related CVEs: CVE-2022-4883 CVE-2022-44617 CVE-2022-46285 Description of changes: [3.5.13-8] - Fix CVE-2022-46285: infinite loop on unclosed comments (#2160230) - Fix CVE-2022-44617: runaway loop with width of 0 (#2160232) - Fix CVE-2022-4883: compression depends on $PATH (#2160242) _______________________________________________ El-errata mailing list
Jan 24, 2023
•Important
Oracle
98
security advisoryRed Hatsecurity fixRed Hat Enterprise Linux 7: RHSA-2023-0377-01 Important Compression Issue
An update for libXpm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: libXpm security update Advisory ID: RHSA-2023:0377-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0377 Issue date: 2023-01-23 CVE Names: CVE-2022-4883 ==================================================================== 1. Summary: An update for libXpm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The libXpm packages contain the X Pixmap parser library. Security Fix(es): * libXpm: compression commands depend on $PATH (CVE-2022-4883) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugsfixed (https://bugzilla.redhat.com/): 2160213 - CVE-2022-4883 libXpm: compression commands depend on $PATH 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libXpm-3.5.12-2.el7_9.src.rpm x86_64: libXpm-3.5.12-2.el7_9.i686.rpm libXpm-3.5.12-2.el7_9.x86_64.rpm libXpm-debuginfo-3.5.12-2.el7_9.i686.rpm libXpm-debuginfo-3.5.12-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libXpm-debuginfo-3.5.12-2.el7_9.i686.rpm libXpm-debuginfo-3.5.12-2.el7_9.x86_64.rpm libXpm-devel-3.5.12-2.el7_9.i686.rpm libXpm-devel-3.5.12-2.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libXpm-3.5.12-2.el7_9.src.rpm x86_64: libXpm-3.5.12-2.el7_9.i686.rpm libXpm-3.5.12-2.el7_9.x86_64.rpm libXpm-debuginfo-3.5.12-2.el7_9.i686.rpm libXpm-debuginfo-3.5.12-2.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libXpm-debuginfo-3.5.12-2.el7_9.i686.rpm libXpm-debuginfo-3.5.12-2.el7_9.x86_64.rpm libXpm-devel-3.5.12-2.el7_9.i686.rpm libXpm-devel-3.5.12-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libXpm-3.5.12-2.el7_9.src.rpm ppc64: libXpm-3.5.12-2.el7_9.ppc.rpm libXpm-3.5.12-2.el7_9.ppc64.rpm libXpm-debuginfo-3.5.12-2.el7_9.ppc.rpm libXpm-debuginfo-3.5.12-2.el7_9.ppc64.rpm libXpm-devel-3.5.12-2.el7_9.ppc.rpm libXpm-devel-3.5.12-2.el7_9.ppc64.rpm ppc64le: libXpm-3.5.12-2.el7_9.ppc64le.rpm libXpm-debuginfo-3.5.12-2.el7_9.ppc64le.rpm libXpm-devel-3.5.12-2.el7_9.ppc64le.rpm s390x: libXpm-3.5.12-2.el7_9.s390.rpm libXpm-3.5.12-2.el7_9.s390x.rpm libXpm-debuginfo-3.5.12-2.el7_9.s390.rpm libXpm-debuginfo-3.5.12-2.el7_9.s390x.rpm libXpm-devel-3.5.12-2.el7_9.s390.rpm libXpm-devel-3.5.12-2.el7_9.s390x.rpm x86_64: libXpm-3.5.12-2.el7_9.i686.rpm libXpm-3.5.12-2.el7_9.x86_64.rpm libXpm-debuginfo-3.5.12-2.el7_9.i686.rpm libXpm-debuginfo-3.5.12-2.el7_9.x86_64.rpm libXpm-devel-3.5.12-2.el7_9.i686.rpm libXpm-devel-3.5.12-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v.7): Source: libXpm-3.5.12-2.el7_9.src.rpm x86_64: libXpm-3.5.12-2.el7_9.i686.rpm libXpm-3.5.12-2.el7_9.x86_64.rpm libXpm-debuginfo-3.5.12-2.el7_9.i686.rpm libXpm-debuginfo-3.5.12-2.el7_9.x86_64.rpm libXpm-devel-3.5.12-2.el7_9.i686.rpm libXpm-devel-3.5.12-2.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-4883 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY88Li9zjgjWX9erEAQgDDBAAj1Qi7J4SonQKfGD8+LPxvlFmFc2VpLPg xIEFFlL4ZovT7/Advv6hMJcJN4SpzzpIpeBmXQlXs5czsszcKbLHOqFFMGCarVr4 pGeQiDA+gOdjq93qNcQdukdOBTOBJR7884vKziEdd3UlXIFWXhf2r9vJylu8KNs5 jMrmE9w+dviilPTuaBZaLkjNACTy1RpMwya4WpXBQb4PkxcpKuT7mIix4a/kjTeB xNpm78DVmFQgW5ZxuSFFHT3ae9udVo/wzSjNMsMg8iTujurLjfa6Sh1dImWKPXW6 IZpiSquWYYZR7AfFjD9iWzcc0g6sBCHlqB+2WZQ/VVzvezGdOMYC2TBos01+VY/4 kyCrNPObDbSfA1Usrs0/60HS5+7vJ0NY7y2j98kkpJaM7l4tJHlJ2alkN9QiL+5+ KPUrmlUASAskeqmAe81bqx54NA6eqp681a07DuONVa9bvupddIjPXsuv45/Iji8D pkL8uqIfEu1zPkVEGRPynwHCIEiIv7YpwhVrAmkrO5gyb2pNJNpFG6arPOTietXj cAa+PmgPj87c8ooJV4JYk715OqO0OMPAtmq6sqLUZeRV36UnnCKXb15Hv/MoNyhb HA3lMPe+80MGx5xx+DTYDBxiWZLKN8apuE5A6Hj3zBo6mHCVrfsfScrKlMW5VPLR 7H9pJ1EwZTk=SAFi -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 23, 2023
•Important
Red Hat
89
security advisoryFedoraOpenVPNFedora 27 OpenVPN: Security Fix For Legacy Configuration Support
Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated `key-method 1` configuration option ([CVE-2017-12166]((Link no longer available))) From this update of, OpenVPN will use the lz4 compression library from Fedora. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-5882331351 2017-10-04 20:36:58.447310 --------------------------------------------------------------------------------Name : openvpn Product : Fedora 27 Version : 2.4.4 Release : 1.fc27 URL : Summary : A full-featured SSL VPN solution Description : OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compression. --------------------------------------------------------------------------------Update Information: Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated `key-method 1` configuration option ([CVE-2017-12166]()) From this update of, OpenVPN will use the lz4 compression library from Fedora instead of the upstream bundled library. --------------------------------------------------------------------------------References: [ 1 ] Bug #1497109 - CVE-2017-12166 openvpn: Incorrect bounds check in read_key() with 'key-method 1' https://bugzilla.redhat.com/show_bug.cgi?id=1497109 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade openvpn' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signedwith the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Oct 04, 2017
•Critical
Fedora
98
security advisorymoderatesecurity updateRed Hat: RHSA-2010:0061-02 Moderate Gzip Integer Underflow Security Alert
An updated gzip package that fixes one security issue is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: gzip security update Advisory ID: RHSA-2010:0061-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0061.html Issue date: 2010-01-20 CVE Names: CVE-2010-0001 ==================================================================== 1. Summary: An updated gzip package that fixes one security issue is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The gzip package provides the GNU gzip data compression program. An integer underflow flaw, leading to an array index error, was found in the way gzip expanded archive files compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. If a victim expanded a specially-crafted archive, it could cause gzip to crash or, potentially, execute arbitrary code with the privileges of the user running gzip. This flaw only affects 64-bit systems. (CVE-2010-0001) Red Hatwould like to thank Aki Helin of the Oulu University Secure Programming Group for responsibly reporting this flaw. Users of gzip should upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 554418 - CVE-2010-0001 gzip: (64 bit) Integer underflow by decompressing LZW format files 6. Package List: Red Hat Enterprise Linux AS version 3: Source: i386: gzip-1.3.3-15.rhel3.i386.rpm gzip-debuginfo-1.3.3-15.rhel3.i386.rpm ia64: gzip-1.3.3-15.rhel3.ia64.rpm gzip-debuginfo-1.3.3-15.rhel3.ia64.rpm ppc: gzip-1.3.3-15.rhel3.ppc.rpm gzip-debuginfo-1.3.3-15.rhel3.ppc.rpm s390: gzip-1.3.3-15.rhel3.s390.rpm gzip-debuginfo-1.3.3-15.rhel3.s390.rpm s390x: gzip-1.3.3-15.rhel3.s390x.rpm gzip-debuginfo-1.3.3-15.rhel3.s390x.rpm x86_64: gzip-1.3.3-15.rhel3.x86_64.rpm gzip-debuginfo-1.3.3-15.rhel3.x86_64.rpm Red Hat Desktop version 3: Source: i386: gzip-1.3.3-15.rhel3.i386.rpm gzip-debuginfo-1.3.3-15.rhel3.i386.rpm x86_64: gzip-1.3.3-15.rhel3.x86_64.rpm gzip-debuginfo-1.3.3-15.rhel3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: i386: gzip-1.3.3-15.rhel3.i386.rpm gzip-debuginfo-1.3.3-15.rhel3.i386.rpm ia64: gzip-1.3.3-15.rhel3.ia64.rpm gzip-debuginfo-1.3.3-15.rhel3.ia64.rpm x86_64: gzip-1.3.3-15.rhel3.x86_64.rpm gzip-debuginfo-1.3.3-15.rhel3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: i386: gzip-1.3.3-15.rhel3.i386.rpm gzip-debuginfo-1.3.3-15.rhel3.i386.rpm ia64: gzip-1.3.3-15.rhel3.ia64.rpm gzip-debuginfo-1.3.3-15.rhel3.ia64.rpm x86_64: gzip-1.3.3-15.rhel3.x86_64.rpm gzip-debuginfo-1.3.3-15.rhel3.x86_64.rpm Red Hat Enterprise Linux AS version4: Source: i386: gzip-1.3.3-18.el4_8.1.i386.rpm gzip-debuginfo-1.3.3-18.el4_8.1.i386.rpm ia64: gzip-1.3.3-18.el4_8.1.ia64.rpm gzip-debuginfo-1.3.3-18.el4_8.1.ia64.rpm ppc: gzip-1.3.3-18.el4_8.1.ppc.rpm gzip-debuginfo-1.3.3-18.el4_8.1.ppc.rpm s390: gzip-1.3.3-18.el4_8.1.s390.rpm gzip-debuginfo-1.3.3-18.el4_8.1.s390.rpm s390x: gzip-1.3.3-18.el4_8.1.s390x.rpm gzip-debuginfo-1.3.3-18.el4_8.1.s390x.rpm x86_64: gzip-1.3.3-18.el4_8.1.x86_64.rpm gzip-debuginfo-1.3.3-18.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: gzip-1.3.3-18.el4_8.1.i386.rpm gzip-debuginfo-1.3.3-18.el4_8.1.i386.rpm x86_64: gzip-1.3.3-18.el4_8.1.x86_64.rpm gzip-debuginfo-1.3.3-18.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: gzip-1.3.3-18.el4_8.1.i386.rpm gzip-debuginfo-1.3.3-18.el4_8.1.i386.rpm ia64: gzip-1.3.3-18.el4_8.1.ia64.rpm gzip-debuginfo-1.3.3-18.el4_8.1.ia64.rpm x86_64: gzip-1.3.3-18.el4_8.1.x86_64.rpm gzip-debuginfo-1.3.3-18.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: gzip-1.3.3-18.el4_8.1.i386.rpm gzip-debuginfo-1.3.3-18.el4_8.1.i386.rpm ia64: gzip-1.3.3-18.el4_8.1.ia64.rpm gzip-debuginfo-1.3.3-18.el4_8.1.ia64.rpm x86_64: gzip-1.3.3-18.el4_8.1.x86_64.rpm gzip-debuginfo-1.3.3-18.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: gzip-1.3.5-11.el5_4.1.i386.rpm gzip-debuginfo-1.3.5-11.el5_4.1.i386.rpm x86_64: gzip-1.3.5-11.el5_4.1.x86_64.rpm gzip-debuginfo-1.3.5-11.el5_4.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: gzip-1.3.5-11.el5_4.1.i386.rpm gzip-debuginfo-1.3.5-11.el5_4.1.i386.rpm ia64: gzip-1.3.5-11.el5_4.1.ia64.rpm gzip-debuginfo-1.3.5-11.el5_4.1.ia64.rpm ppc: gzip-1.3.5-11.el5_4.1.ppc.rpm gzip-debuginfo-1.3.5-11.el5_4.1.ppc.rpm s390x: gzip-1.3.5-11.el5_4.1.s390x.rpm gzip-debuginfo-1.3.5-11.el5_4.1.s390x.rpm x86_64: gzip-1.3.5-11.el5_4.1.x86_64.rpm gzip-debuginfo-1.3.5-11.el5_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details onhow to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-0001 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. . Red Hat releases gzip security patch tackling severe compression vulnerabilities for Enterprise Linux clients. Update advised.. gzip security, Linux patch, integer underflow fix, Red Hat security, software update. . LinuxSecurity.com Team
Jan 19, 2010
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!