Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
89
security advisoryfedoraimportantFedora 42 Kernel Update Brings Key Fix for SKBFL_SHARED_FRAG Issues
The 6.19.14-107 update contains a fix for a SKBFL_SHARED_FRAG page-cache corruption vulnerability.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-32ae3b7199 2026-05-21 03:17:14.913959+00:00 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 42 Version : 6.19.14 Release : 107.fc42 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package -------------------------------------------------------------------------------- Update Information: The 6.19.14-107 update contains a fix for a SKBFL_SHARED_FRAG page-cache corruption vulnerability. -------------------------------------------------------------------------------- ChangeLog: * Tue May 19 2026 Justin M. Forbes [6.19.14-107] - Revert "redhat/kernel.spec.template: Fix indentation of uki-virt generation code" (Justin M. Forbes) - Revert "redhat/kernel.spec.template: Simplify uki-virt signing" (Justin M. Forbes) - Revert "redhat/kernel.spec.template: Add kernel-uki-dtbloader sub-package" (Justin M. Forbes) - Revert "redhat/kernel.spec.template: Make -uki-dtbloader provide kernel-core-uname-r" (Justin M. Forbes) * Tue May 19 2026 Justin M. Forbes [6.19.14-7] - net: gro: don't copy frags between mixed zcopy skbs (Sabrina Dubroca) - Turn on auto bumping for remainder of F42 (Justin M. Forbes) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2479833 - kernel: Linux kernel: SKBFL_SHARED_FRAG page-cache corruption PoC [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2479833 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-32ae3b7199' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 21, 2026
•Important
Fedora
89
security advisoryfedorakernelFedora 43 Kernel Update 2026-3f85a4eba7 Moderate Page-Cache Corruption
The 7.0.9-104/204 kernels contain a fix for a SKBFL_SHARED_FRAG page-cache corruption vulnerability as well as some mitigations for PinTheft. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3f85a4eba7 2026-05-21 01:26:51.960484+00:00 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 43 Version : 7.0.9 Release : 104.fc43 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package -------------------------------------------------------------------------------- Update Information: The 7.0.9-104/204 kernels contain a fix for a SKBFL_SHARED_FRAG page-cache corruption vulnerability as well as some mitigations for PinTheft -------------------------------------------------------------------------------- ChangeLog: * Tue May 19 2026 Justin M. Forbes [7.0.9-4] - rxrpc: Fix RESPONSE packet verification to extract skb to a linear buffer (David Howells) - rxrpc: Fix DATA decrypt vs splice() by copying data to buffer in recvmsg (David Howells) - crypto/krb5, rxrpc: Fix lack of pre-decrypt/pre-verify length checks (David Howells) * Tue May 19 2026 Justin M. Forbes [7.0.9-3] - net: gro: don't copy frags between mixed zcopy skbs (Sabrina Dubroca) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2479833 - kernel: Linux kernel: SKBFL_SHARED_FRAG page-cache corruption PoC [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2479833 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3f85a4eba7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed withthe Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 21, 2026
Fedora
89
security advisoryfedoraimportantFedora 44 Kernel Update Addresses Important SKBFL_SHARED_FRAG Fix
The 7.0.9-104/204 kernels contain a fix for a SKBFL_SHARED_FRAG page-cache corruption vulnerability as well as some mitigations for PinTheft. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-57965ac9f7 2026-05-21 00:54:04.884744+00:00 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 44 Version : 7.0.9 Release : 204.fc44 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package -------------------------------------------------------------------------------- Update Information: The 7.0.9-104/204 kernels contain a fix for a SKBFL_SHARED_FRAG page-cache corruption vulnerability as well as some mitigations for PinTheft -------------------------------------------------------------------------------- ChangeLog: * Tue May 19 2026 Justin M. Forbes [7.0.9-4] - rxrpc: Fix RESPONSE packet verification to extract skb to a linear buffer (David Howells) - rxrpc: Fix DATA decrypt vs splice() by copying data to buffer in recvmsg (David Howells) - crypto/krb5, rxrpc: Fix lack of pre-decrypt/pre-verify length checks (David Howells) * Tue May 19 2026 Justin M. Forbes [7.0.9-3] - net: gro: don't copy frags between mixed zcopy skbs (Sabrina Dubroca) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2479833 - kernel: Linux kernel: SKBFL_SHARED_FRAG page-cache corruption PoC [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2479833 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-57965ac9f7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed withthe Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 21, 2026
•Important
Fedora
219
security advisoryimportantcorruptionAlpine Linux 3.18 Addresses Critical Memory Leak in libjpeg RLSA-2026-8847
Important: giflib security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:8859", "synopsis": "Important: giflib security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for giflib.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "giflib is a library for reading and writing gif images.\n\nSecurity Fix(es):\n\n* giflib: Giflib: Double-free vulnerability leading to memory corruption (CVE-2026-23868)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2446207", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2446207", "description": ""}], "cves": [{"name": "CVE-2026-23868", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23868", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.0", "cwe": "CWE-825"}], "references": [], "publishedAt": "2026-04-21T12:03:54.560238Z", "rpms": {"Rocky Linux 9": {"nvras": ["giflib-0:5.2.1-9.el9_7.1.src.rpm", "giflib-0:5.2.1-9.el9_7.1.i686.rpm", "giflib-0:5.2.1-9.el9_7.1.ppc64le.rpm", "giflib-0:5.2.1-9.el9_7.1.s390x.rpm", "giflib-0:5.2.1-9.el9_7.1.aarch64.rpm", "giflib-0:5.2.1-9.el9_7.1.x86_64.rpm", "giflib-debuginfo-0:5.2.1-9.el9_7.1.aarch64.rpm", "giflib-debuginfo-0:5.2.1-9.el9_7.1.i686.rpm", "giflib-debuginfo-0:5.2.1-9.el9_7.1.ppc64le.rpm", "giflib-debuginfo-0:5.2.1-9.el9_7.1.s390x.rpm", "giflib-debuginfo-0:5.2.1-9.el9_7.1.x86_64.rpm", "giflib-debugsource-0:5.2.1-9.el9_7.1.aarch64.rpm", "giflib-debugsource-0:5.2.1-9.el9_7.1.i686.rpm", "giflib-debugsource-0:5.2.1-9.el9_7.1.ppc64le.rpm", "giflib-debugsource-0:5.2.1-9.el9_7.1.s390x.rpm","giflib-debugsource-0:5.2.1-9.el9_7.1.x86_64.rpm", "giflib-devel-0:5.2.1-9.el9_7.1.aarch64.rpm", "giflib-devel-0:5.2.1-9.el9_7.1.i686.rpm", "giflib-devel-0:5.2.1-9.el9_7.1.ppc64le.rpm", "giflib-devel-0:5.2.1-9.el9_7.1.s390x.rpm", "giflib-devel-0:5.2.1-9.el9_7.1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important giflib security update for Rocky Linux 9 addresses memory corruption issues. Update recommended for system integrity.. giflib update, Rocky Linux security, memory corruption, giflib, important update. . Severity: Important. LinuxSecurity.com Team
Apr 21, 2026
•Important
Rocky Linux
219
security advisoryimportantrace conditionRocky Linux 8 RLSA-2024:4635 Important: Thunderbird Security Update
Important: thunderbird security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:4635", "synopsis": "Important: thunderbird security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for thunderbird.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (CVE-2024-6604)\n\n* Mozilla: Race condition in permission assignment (CVE-2024-6601)\n\n* Mozilla: Memory corruption in thread creation (CVE-2024-6603)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2296636", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2296636", "description": ""}, {"ticket": "2296638", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2296638", "description": ""}, {"ticket": "2296639", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2296639", "description": ""}], "cves": [{"name": "CVE-2024-6601", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-6601", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-6603", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-6603", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-6604", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-6604", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}],"references": [], "publishedAt": "2024-07-26T12:33:00.041178Z", "rpms": {"Rocky Linux 8": {"nvras": ["thunderbird-0:115.13.0-3.el8_10.aarch64.rpm", "thunderbird-0:115.13.0-3.el8_10.src.rpm", "thunderbird-0:115.13.0-3.el8_10.x86_64.rpm", "thunderbird-debuginfo-0:115.13.0-3.el8_10.aarch64.rpm", "thunderbird-debuginfo-0:115.13.0-3.el8_10.x86_64.rpm", "thunderbird-debugsource-0:115.13.0-3.el8_10.aarch64.rpm", "thunderbird-debugsource-0:115.13.0-3.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux rolls out essential enhancements for Thunderbird, addressing multiple vulnerabilities to improve email security features.. Thunderbird Update, Rocky Linux Security, Memory Safety, Security Fixes. . Severity: Important. LinuxSecurity.com Team
Jul 26, 2024
•Important
Rocky Linux
100
security advisorycross-site scriptingimportantSUSE: 2022:3717-1 Important: Libxml2 XSS, Overflow And Corruption
An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3717-1 Rating: important References: #1201978 #1204366 #1204367 Cross-References: CVE-2016-3709 CVE-2022-40303 CVE-2022-40304 CVSS scores: CVE-2016-3709 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2016-3709 (SUSE): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N CVE-2022-40303 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40304 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3717=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3717=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3717=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3717=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3717=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3717=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3717=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3717=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): libxml2-doc-2.9.4-46.59.2 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libxml2-2-2.9.4-46.59.2 libxml2-2-32bit-2.9.4-46.59.2 libxml2-2-debuginfo-2.9.4-46.59.2 libxml2-2-debuginfo-32bit-2.9.4-46.59.2 libxml2-debugsource-2.9.4-46.59.2 libxml2-tools-2.9.4-46.59.2 libxml2-tools-debuginfo-2.9.4-46.59.2 python-libxml2-2.9.4-46.59.3 python-libxml2-debuginfo-2.9.4-46.59.3 python-libxml2-debugsource-2.9.4-46.59.3 - SUSE OpenStack Cloud 9 (noarch): libxml2-doc-2.9.4-46.59.2 - SUSE OpenStack Cloud 9 (x86_64): libxml2-2-2.9.4-46.59.2 libxml2-2-32bit-2.9.4-46.59.2 libxml2-2-debuginfo-2.9.4-46.59.2 libxml2-2-debuginfo-32bit-2.9.4-46.59.2 libxml2-debugsource-2.9.4-46.59.2 libxml2-tools-2.9.4-46.59.2 libxml2-tools-debuginfo-2.9.4-46.59.2 python-libxml2-2.9.4-46.59.3 python-libxml2-debuginfo-2.9.4-46.59.3 python-libxml2-debugsource-2.9.4-46.59.3 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-46.59.2 libxml2-devel-2.9.4-46.59.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libxml2-2-2.9.4-46.59.2 libxml2-2-debuginfo-2.9.4-46.59.2 libxml2-debugsource-2.9.4-46.59.2 libxml2-tools-2.9.4-46.59.2 libxml2-tools-debuginfo-2.9.4-46.59.2 python-libxml2-2.9.4-46.59.3 python-libxml2-debuginfo-2.9.4-46.59.3 python-libxml2-debugsource-2.9.4-46.59.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libxml2-2-32bit-2.9.4-46.59.2 libxml2-2-debuginfo-32bit-2.9.4-46.59.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libxml2-doc-2.9.4-46.59.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.59.2 libxml2-2-debuginfo-2.9.4-46.59.2 libxml2-debugsource-2.9.4-46.59.2 libxml2-tools-2.9.4-46.59.2 libxml2-tools-debuginfo-2.9.4-46.59.2 python-libxml2-2.9.4-46.59.3 python-libxml2-debuginfo-2.9.4-46.59.3 python-libxml2-debugsource-2.9.4-46.59.3 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libxml2-2-32bit-2.9.4-46.59.2 libxml2-2-debuginfo-32bit-2.9.4-46.59.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): libxml2-doc-2.9.4-46.59.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.59.2 libxml2-2-debuginfo-2.9.4-46.59.2 libxml2-debugsource-2.9.4-46.59.2 libxml2-tools-2.9.4-46.59.2 libxml2-tools-debuginfo-2.9.4-46.59.2 python-libxml2-2.9.4-46.59.3 python-libxml2-debuginfo-2.9.4-46.59.3 python-libxml2-debugsource-2.9.4-46.59.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libxml2-2-32bit-2.9.4-46.59.2 libxml2-2-debuginfo-32bit-2.9.4-46.59.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libxml2-doc-2.9.4-46.59.2 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): libxml2-doc-2.9.4-46.59.2 - SUSE LinuxEnterprise Server 12-SP3-BCL (x86_64): libxml2-2-2.9.4-46.59.2 libxml2-2-32bit-2.9.4-46.59.2 libxml2-2-debuginfo-2.9.4-46.59.2 libxml2-2-debuginfo-32bit-2.9.4-46.59.2 libxml2-debugsource-2.9.4-46.59.2 libxml2-tools-2.9.4-46.59.2 libxml2-tools-debuginfo-2.9.4-46.59.2 python-libxml2-2.9.4-46.59.3 python-libxml2-debuginfo-2.9.4-46.59.3 python-libxml2-debugsource-2.9.4-46.59.3 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libxml2-2-2.9.4-46.59.2 libxml2-2-32bit-2.9.4-46.59.2 libxml2-2-debuginfo-2.9.4-46.59.2 libxml2-2-debuginfo-32bit-2.9.4-46.59.2 libxml2-debugsource-2.9.4-46.59.2 libxml2-tools-2.9.4-46.59.2 libxml2-tools-debuginfo-2.9.4-46.59.2 python-libxml2-2.9.4-46.59.3 python-libxml2-debuginfo-2.9.4-46.59.3 python-libxml2-debugsource-2.9.4-46.59.3 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libxml2-doc-2.9.4-46.59.2 References: https://www.suse.com/security/cve/CVE-2016-3709.html https://www.suse.com/security/cve/CVE-2022-40303.html https://www.suse.com/security/cve/CVE-2022-40304.html https://bugzilla.suse.com/1201978 https://bugzilla.suse.com/1204366 https://bugzilla.suse.com/1204367 . Critical SUSE Security Patch for libxml2 resolves multiple vulnerabilities including XSS and integer overflows. Ensure to update quickly.. libxml2 update, SUSE patches, software vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Oct 25, 2022
•Important
SuSE
202
security advisorymoderatesegfaultopenSUSE: 2020:1530-1 Moderate: Addressing libqt4 Issues
An update that solves four vulnerabilities and has one errata is now available.. openSUSE Security Update: Security update for libqt4 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1530-1 Rating: moderate References: #1118595 #1118596 #1118599 #1121214 #1176315 Cross-References: CVE-2018-15518 CVE-2018-19869 CVE-2018-19873 CVE-2020-17507 Affected Products: openSUSE Backports SLE-15-SP2 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for libqt4 fixes the following issues: * Fix buffer over-read in read_xbm_body (boo#1176315, CVE-2020-17507) * Fix "double free or corruption" in QXmlStreamReader (boo#1118595, CVE-2018-15518) * Fix QBmpHandler segfault on malformed BMP file boo#1118596, CVE-2018-19873) * Fix crash when parsing malformed url reference (boo#1118599, CVE-2018-19869) This update was imported from the openSUSE:Leap:15.1:Update update project. This update was imported from the openSUSE:Leap:15.2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2020-1530=1 Package List: - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64): libqt4-4.8.7-bp152.4.3.1 libqt4-devel-4.8.7-bp152.4.3.1 libqt4-devel-doc-4.8.7-bp152.4.3.1 libqt4-devel-doc-debuginfo-4.8.7-bp152.4.3.1 libqt4-devel-doc-debugsource-4.8.7-bp152.4.3.1 libqt4-linguist-4.8.7-bp152.4.3.1 libqt4-private-headers-devel-4.8.7-bp152.4.3.1 libqt4-qt3support-4.8.7-bp152.4.3.1 libqt4-sql-4.8.7-bp152.4.3.1 libqt4-sql-plugins-debugsource-4.8.7-bp152.4.3.1 libqt4-sql-postgresql-4.8.7-bp152.4.3.1 libqt4-sql-postgresql-debuginfo-4.8.7-bp152.4.3.1 libqt4-sql-sqlite-4.8.7-bp152.4.3.1 libqt4-sql-unixODBC-4.8.7-bp152.4.3.1 libqt4-sql-unixODBC-debuginfo-4.8.7-bp152.4.3.1 libqt4-x11-4.8.7-bp152.4.3.1 qt4-x11-tools-4.8.7-bp152.4.3.1 qt4-x11-tools-debuginfo-4.8.7-bp152.4.3.1 - openSUSE Backports SLE-15-SP2 (aarch64_ilp32): libqt4-64bit-4.8.7-bp152.4.3.1 libqt4-devel-64bit-4.8.7-bp152.4.3.1 libqt4-qt3support-64bit-4.8.7-bp152.4.3.1 libqt4-sql-64bit-4.8.7-bp152.4.3.1 libqt4-sql-postgresql-64bit-4.8.7-bp152.4.3.1 libqt4-sql-postgresql-64bit-debuginfo-4.8.7-bp152.4.3.1 libqt4-sql-sqlite-64bit-4.8.7-bp152.4.3.1 libqt4-sql-unixODBC-64bit-4.8.7-bp152.4.3.1 libqt4-sql-unixODBC-64bit-debuginfo-4.8.7-bp152.4.3.1 libqt4-x11-64bit-4.8.7-bp152.4.3.1 - openSUSE Backports SLE-15-SP2 (noarch): libqt4-devel-doc-data-4.8.7-bp152.4.3.1 References: https://www.suse.com/security/cve/CVE-2018-15518.html https://www.suse.com/security/cve/CVE-2018-19869.html https://www.suse.com/security/cve/CVE-2018-19873.html https://www.suse.com/security/cve/CVE-2020-17507.html https://bugzilla.suse.com/1118595 https://bugzilla.suse.com/1118596 https://bugzilla.suse.com/1118599 https://bugzilla.suse.com/1121214 https://bugzilla.suse.com/1176315 -- . A new patch has been released to mitigate several security flaws in libqt4 for openSUSE clientele, presented through a formal advisory.. openSUSE Security, libqt4 Update, moderate Security Fix, openSUSE Vulnerabilities. . LinuxSecurity.com Team
Sep 25, 2020
OpenSUSE
200
security advisoryupdatecorruptionScientific Linux SL7: SLSA-2020-0227-1 Important SQLite Security Fix
sqlite: fts3: improve shadow table corruption detection (CVE-2019-13734) SL7 x86_64 sqlite-3.7.17-8.el7_7.1.i686.rpm sqlite-3.7.17-8.el7_7.1.x86_64.rpm sqlite-debuginfo-3.7.17-8.el7_7.1.i686.rpm sqlite-debuginfo-3.7.17-8.el7_7.1.x86_64.rpm lemon-3.7.17-8.el7_7.1.x86_64.rpm sqlite-devel-3.7.17-8.el7_7.1.i686.rpm sqlite-devel-3.7.17-8.el7_7.1.x86_64.rpm sqlite- [More...]. Synopsis: Important: sqlite security update Advisory ID: SLSA-2020:0227-1 Issue Date: 2020-01-27 CVE Numbers: None -- Security Fix(es): * sqlite: fts3: improve shadow table corruption detection (CVE-2019-13734) -- SL7 x86_64 sqlite-3.7.17-8.el7_7.1.i686.rpm sqlite-3.7.17-8.el7_7.1.x86_64.rpm sqlite-debuginfo-3.7.17-8.el7_7.1.i686.rpm sqlite-debuginfo-3.7.17-8.el7_7.1.x86_64.rpm lemon-3.7.17-8.el7_7.1.x86_64.rpm sqlite-devel-3.7.17-8.el7_7.1.i686.rpm sqlite-devel-3.7.17-8.el7_7.1.x86_64.rpm sqlite-tcl-3.7.17-8.el7_7.1.x86_64.rpm noarch sqlite-doc-3.7.17-8.el7_7.1.noarch.rpm - Scientific Linux Development Team . Important sqlite security update for Scientific Linux SL7 addressing shadow table corruption detection. Immediate update recommended.. sqlite, improve, shadow, table, corruption, detection, (cve-2019-13734), x86_64, sqlite-3. . Severity: Important. LinuxSecurity.com Team
Jan 28, 2020
•Important
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!