Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
89
security advisoryfedorabugfix updateFedora 44 qt6-qtgrpc Bugfix Update Advisory FEDORA-2026-70776c2dc3
Qt 6.10.3 bugfix update.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-70776c2dc3 2026-04-25 01:21:36.172096+00:00 -------------------------------------------------------------------------------- Name : qt6-qtgrpc Product : Fedora 44 Version : 6.10.3 Release : 1.fc44 URL : http://www.qt.io Summary : Qt6 - Support for using gRPC and Protobuf Description : Protocol Buffers (Protobuf) is a cross-platform data format used to serialize structured data. gRPC provides a remote procedure call framework based on Protobuf. Qt provides tooling and classes to use these technologies. -------------------------------------------------------------------------------- Update Information: Qt 6.10.3 bugfix update. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 31 2026 Jan Grulich - 6.10.3-1 - 6.10.3 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-70776c2dc3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 25, 2026
Fedora
98
security advisoryRed HatintegrationRed Hat Integration Camel Extensions 2.13.2 Moderate Risk DoS Advisory
Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Integration Camel Extensions For Quarkus 2.13.2 Advisory ID: RHSA-2023:0469-01 Product: Red Hat Integration Advisory URL: https://access.redhat.com/errata/RHSA-2023:0469 Issue date: 2023-01-26 CVE Names: CVE-2022-40149 CVE-2022-40150 CVE-2022-40151 CVE-2022-40152 CVE-2022-40153 CVE-2022-40154 CVE-2022-40155 CVE-2022-40156 CVE-2022-42003 CVE-2022-42004 CVE-2022-42889 ==================================================================== 1. Summary: Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Integration - Camel Extensions for Quarkus 2.13.2 serves as a replacement for 2.7 and includes the following security fixes. Security Fix(es): * jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150) * jettison: parser crash by stackoverflow (CVE-2022-40149) * jackson-databind: use of deeply nested arrays (CVE-2022-42004) * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003) * commons-text: apache-commons-text: variable interpolation RCE (CVE-2022-42889) * xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks(CVE-2022-40151) * woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152) * xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40153) * xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40155) * xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156) * xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2128959 - CVE-2022-40154 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks 2134288 - CVE-2022-40156 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks 2134289 - CVE-2022-40155 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks 2134290 - CVE-2022-40153 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks 2134291 - CVE-2022-40152 woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks 2134292 - CVE-2022-40151 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2135435 - CVE-2022-42889 apache-commons-text: variable interpolation RCE 2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data 2135771 - CVE-2022-40149 jettison: parser crash bystackoverflow 5. References: https://access.redhat.com/security/cve/CVE-2022-40149 https://access.redhat.com/security/cve/CVE-2022-40150 https://access.redhat.com/security/cve/CVE-2022-40151 https://access.redhat.com/security/cve/CVE-2022-40152 https://access.redhat.com/security/cve/CVE-2022-40153 https://access.redhat.com/security/cve/CVE-2022-40154 https://access.redhat.com/security/cve/CVE-2022-40155 https://access.redhat.com/security/cve/CVE-2022-40156 https://access.redhat.com/security/cve/CVE-2022-42003 https://access.redhat.com/security/cve/CVE-2022-42004 https://access.redhat.com/security/cve/CVE-2022-42889 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q1 https://access.redhat.com/documentation/en-us/red_hat_integration/2023.q1 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY9KrldzjgjWX9erEAQiSfg/8CzU3VwZ40lPgz1S/mDjItoqotqkakk1D OBMtX5UNOAYAS/ml8XJr4apF7RwV+O/pjIBs8ajUA1ANfDOJCF/EH3ewSmcNop7y xZ6lI5VkCzwlALu0shCxN05UN7i9+/mzlLuEMFxlk3QaYYenxmvKYCHvoF5uKQAm atG2A0xGTLo3/h+V2AfP81oVEI/1I1K4XNuFUxK6aMwUyIteLwtcUgHbrbIEkv8m WcXaoc8q2BEc3pgLP4EqThIKe87ltlCrMnbM5cJri45kAPX0YOJ7PGd21erOrjD+ mvI+snP1sZM/0TRRHej/UFiCLRegCKU85ng7lA6iMKBuYPqodSMxxLMjzUEjP5KX 4SlMNG8m1vIxXkDG+d1bn0cS5bXgp1JFSzn0j/FTcB1YKp4aiKpVL8SIAsYu9b0w suSXP7s+HgVvt4HtvUCw+xIJE06nYusNZS1oUuepK7uTdfUWdf6ZULLlMlxAprr3 UzGH+UkfYZs9MsRDrzV7Q1CSz5axKYDxny4XljK6il3PjgCyADytBLkHfqIZCxHM j2G2GbpV98JavSG2DssmOeUFeblsT2LrDMXk01+WpQCtZ+QqVA12g57SooMYByOP EcpNNHuA9nHCuq30yQbUuA35RwX42a4pAXMGGtVBBLxJ2rqtWjHUjHfhSrdPXrzx yh55hcgmPBM=AiQH -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 26, 2023
•Important
Red Hat
98
security advisoryRed Hatsoftware updateRed Hat Enterprise Linux 8: RHSA-2022:7464 Moderate Protobuf Nullptr Issue
An update for protobuf is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: protobuf security update Advisory ID: RHSA-2022:7464-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7464 Issue date: 2022-11-08 CVE Names: CVE-2021-22570 ==================================================================== 1. Summary: An update for protobuf is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data. Security Fix(es): * protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference (CVE-2021-22570) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat EnterpriseLinux 8.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2049429 - CVE-2021-22570 protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: protobuf-3.5.0-15.el8.src.rpm aarch64: protobuf-3.5.0-15.el8.aarch64.rpm protobuf-compiler-3.5.0-15.el8.aarch64.rpm protobuf-compiler-debuginfo-3.5.0-15.el8.aarch64.rpm protobuf-debuginfo-3.5.0-15.el8.aarch64.rpm protobuf-debugsource-3.5.0-15.el8.aarch64.rpm protobuf-lite-3.5.0-15.el8.aarch64.rpm protobuf-lite-debuginfo-3.5.0-15.el8.aarch64.rpm noarch: python3-protobuf-3.5.0-15.el8.noarch.rpm ppc64le: protobuf-3.5.0-15.el8.ppc64le.rpm protobuf-compiler-3.5.0-15.el8.ppc64le.rpm protobuf-compiler-debuginfo-3.5.0-15.el8.ppc64le.rpm protobuf-debuginfo-3.5.0-15.el8.ppc64le.rpm protobuf-debugsource-3.5.0-15.el8.ppc64le.rpm protobuf-lite-3.5.0-15.el8.ppc64le.rpm protobuf-lite-debuginfo-3.5.0-15.el8.ppc64le.rpm s390x: protobuf-3.5.0-15.el8.s390x.rpm protobuf-compiler-3.5.0-15.el8.s390x.rpm protobuf-compiler-debuginfo-3.5.0-15.el8.s390x.rpm protobuf-debuginfo-3.5.0-15.el8.s390x.rpm protobuf-debugsource-3.5.0-15.el8.s390x.rpm protobuf-lite-3.5.0-15.el8.s390x.rpm protobuf-lite-debuginfo-3.5.0-15.el8.s390x.rpm x86_64: protobuf-3.5.0-15.el8.i686.rpm protobuf-3.5.0-15.el8.x86_64.rpm protobuf-compiler-3.5.0-15.el8.i686.rpm protobuf-compiler-3.5.0-15.el8.x86_64.rpm protobuf-compiler-debuginfo-3.5.0-15.el8.i686.rpm protobuf-compiler-debuginfo-3.5.0-15.el8.x86_64.rpm protobuf-debuginfo-3.5.0-15.el8.i686.rpm protobuf-debuginfo-3.5.0-15.el8.x86_64.rpm protobuf-debugsource-3.5.0-15.el8.i686.rpm protobuf-debugsource-3.5.0-15.el8.x86_64.rpm protobuf-lite-3.5.0-15.el8.i686.rpm protobuf-lite-3.5.0-15.el8.x86_64.rpm protobuf-lite-debuginfo-3.5.0-15.el8.i686.rpm protobuf-lite-debuginfo-3.5.0-15.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v.8): aarch64: protobuf-compiler-debuginfo-3.5.0-15.el8.aarch64.rpm protobuf-debuginfo-3.5.0-15.el8.aarch64.rpm protobuf-debugsource-3.5.0-15.el8.aarch64.rpm protobuf-devel-3.5.0-15.el8.aarch64.rpm protobuf-lite-debuginfo-3.5.0-15.el8.aarch64.rpm protobuf-lite-devel-3.5.0-15.el8.aarch64.rpm ppc64le: protobuf-compiler-debuginfo-3.5.0-15.el8.ppc64le.rpm protobuf-debuginfo-3.5.0-15.el8.ppc64le.rpm protobuf-debugsource-3.5.0-15.el8.ppc64le.rpm protobuf-devel-3.5.0-15.el8.ppc64le.rpm protobuf-lite-debuginfo-3.5.0-15.el8.ppc64le.rpm protobuf-lite-devel-3.5.0-15.el8.ppc64le.rpm s390x: protobuf-compiler-debuginfo-3.5.0-15.el8.s390x.rpm protobuf-debuginfo-3.5.0-15.el8.s390x.rpm protobuf-debugsource-3.5.0-15.el8.s390x.rpm protobuf-devel-3.5.0-15.el8.s390x.rpm protobuf-lite-debuginfo-3.5.0-15.el8.s390x.rpm protobuf-lite-devel-3.5.0-15.el8.s390x.rpm x86_64: protobuf-compiler-debuginfo-3.5.0-15.el8.i686.rpm protobuf-compiler-debuginfo-3.5.0-15.el8.x86_64.rpm protobuf-debuginfo-3.5.0-15.el8.i686.rpm protobuf-debuginfo-3.5.0-15.el8.x86_64.rpm protobuf-debugsource-3.5.0-15.el8.i686.rpm protobuf-debugsource-3.5.0-15.el8.x86_64.rpm protobuf-devel-3.5.0-15.el8.i686.rpm protobuf-devel-3.5.0-15.el8.x86_64.rpm protobuf-lite-debuginfo-3.5.0-15.el8.i686.rpm protobuf-lite-debuginfo-3.5.0-15.el8.x86_64.rpm protobuf-lite-devel-3.5.0-15.el8.i686.rpm protobuf-lite-devel-3.5.0-15.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-22570 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.7_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY2pRw9zjgjWX9erEAQhk6Q/7BbLJbeY4aURwM0mkAjDpideSVEGIjXJ5 mE6JH0VL1FnnN4jMF/m/3vIr12ohYWEDy2iN7S5ZtGUDkD4Swn3RVd7OJ3adtCgM TDxOBbFHFzmx2HQXTU3ERP1WGPVEt0Ty4W7uDpfIqV4MlnTXyXVAkLXpLqj2kXNr MfQm7sS1+krcuyd/yuwgWJnMSF3hDLnM9m+UojMAPPO8FB+OdyK8PM8kpqJtf3yl mhforY0MX0A9Wrb2yht+OzTOqjFYxQOrcO7tZ2J5oYj1audjjzya8DxkZkPHRyGg pUvUW/ThCkm2+Gj1qxPzNNXUnMrphFAGSIrUimtZh3Ve5PlzNojJTcsmC2CNwfLC /GyJfQncvfchNJ6libdvqQ0IgjpH7MAijr358j+1Pev679ssnQDrZfXxMoTFqVSv CaWDNdwM/8BuNmI6lU/pgP+fIzXv6O1a8M4nQwVuirRVtCI2YCXr7mu2b2kQXdqM Qh0vlT7EC+CVo9Ql2VROYKHxxAWCkXrK7yMsyQZicfYfrD6cO1AEt64YdsEs+CvF k7SWcFT2a++hOP7nVedifgGpANKd1LQ8XIWRMeAKtu3JK3R031CZb7RVz3G+hjt7 zs5T82mToF0gT4O0Dxt7pwTDcSCL4A53zNsgahIg7fL4qxC8vDyU9p4k/l6GJrp1 VjKmpReRZ9Q=Mm7b -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 08, 2022
Red Hat
89
security advisorycriticalsoftware updateFedora 21 Security Update: 2015-4642 Critical PyYAML Vulnerability Fix
Security fix for CVE-2014-9130. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-4642 2015-03-26 16:42:04 -------------------------------------------------------------------------------- Name : PyYAML Product : Fedora 21 Version : 3.11Release : 7.fc21 URL : https://pyyaml.org/ Summary : YAML parser and emitter for Python Description : YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML supports standard YAML tags and provides Python-specific tags that allow to represent an arbitrary Python object. PyYAML is applicable for a broad range of tasks from complex configuration files to object serialization and persistance. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2014-9130 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 23 2015 John Eckersberg - 3.11-7 - Add patch for CVE-2014-9130 (bug 1204829) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1204829 - PyYAML: assert failure when processing wrapped strings https://bugzilla.redhat.com/show_bug.cgi?id=1204829 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update PyYAML' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Apr 05, 2015
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!