Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H800
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -3 articles for you...
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticalsoftware update

Ubuntu: USN-5984-1 Important Security Patch for libav1 Buffer Overflow

Nick Galloway discovered an integer overflow in dav1d, a fast and small AV1 video stream decoder which could result in memory corruption. For the oldstable distribution (bullseye), this problem has been fixed . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5686-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dav1d CVE ID : CVE-2024-1580 Nick Galloway discovered an integer overflow in dav1d, a fast and small AV1 video stream decoder which could result in memory corruption. For the oldstable distribution (bullseye), this problem has been fixed in version 0.7.1-3+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 1.0.0-2+deb12u1. We recommend that you upgrade your dav1d packages. For the detailed security status of dav1d please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/dav1d Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Integer overflow vulnerability in dav1d addressed for Debian bullseye. Updating advised for enhanced memory security and improved stability.. Integer Overflow, dav1d Security, Debian Updates, Memory Safety. . Severity: Important. LinuxSecurity.com Team

Calendar 2 May 09, 2024 Important Debian
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorysoftware updatemoderate severity

SUSE: 2024:0963-1 Moderate: dav1d Software Update for CVE-2024-1580

* bsc#1220100 Cross-References: * CVE-2024-1580 . # Security update for dav1d Announcement ID: SUSE-SU-2024:0963-1 Rating: moderate References: * bsc#1220100 Cross-References: * CVE-2024-1580 CVSS scores: * CVE-2024-1580 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for dav1d fixes the following issues: * CVE-2024-1580: Fixed tile_start_off calculations for extremely large frame sizes (bsc#1220100). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-963=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-963=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * dav1d-debugsource-0.9.2-150400.3.3.1 * dav1d-debuginfo-0.9.2-150400.3.3.1 * libdav1d5-0.9.2-150400.3.3.1 * dav1d-0.9.2-150400.3.3.1 * dav1d-devel-0.9.2-150400.3.3.1 * libdav1d5-debuginfo-0.9.2-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * libdav1d5-32bit-debuginfo-0.9.2-150400.3.3.1 * libdav1d5-32bit-0.9.2-150400.3.3.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libdav1d5-64bit-0.9.2-150400.3.3.1 * libdav1d5-64bit-debuginfo-0.9.2-150400.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libdav1d5-0.9.2-150400.3.3.1 * dav1d-debuginfo-0.9.2-150400.3.3.1 * dav1d-debugsource-0.9.2-150400.3.3.1 * libdav1d5-debuginfo-0.9.2-150400.3.3.1 ##References: * https://www.suse.com/security/cve/CVE-2024-1580.html * https://bugzilla.suse.com/show_bug.cgi?id=1220100 . Critical notification regarding a significant flaw in dav1d across various SUSE platforms. Apply patch immediately to secure your systems.. dav1d update,suse advisory,security patch,software fix. . LinuxSecurity.com Team

Calendar 2 Mar 22, 2024 SuSE
Banner 3 1028x280 1708121785 1771599793
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderateupdate

SUSE 15.5: 2024:0964-1 Moderate Security Issue for Dav1d Released

* bsc#1220100 Cross-References: * CVE-2024-1580 . # Security update for dav1d Announcement ID: SUSE-SU-2024:0964-1 Rating: moderate References: * bsc#1220100 Cross-References: * CVE-2024-1580 CVSS scores: * CVE-2024-1580 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for dav1d fixes the following issues: * CVE-2024-1580: Fixed tile_start_off calculations for extremely large frame sizes (bsc#1220100). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-964=1 openSUSE-SLE-15.5-2024-964=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-964=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-964=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * dav1d-1.0.0-150500.3.6.1 * libdav1d6-1.0.0-150500.3.6.1 * libdav1d6-debuginfo-1.0.0-150500.3.6.1 * dav1d-debuginfo-1.0.0-150500.3.6.1 * dav1d-devel-1.0.0-150500.3.6.1 * dav1d-debugsource-1.0.0-150500.3.6.1 * openSUSE Leap 15.5 (x86_64) * libdav1d6-32bit-1.0.0-150500.3.6.1 * libdav1d6-32bit-debuginfo-1.0.0-150500.3.6.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libdav1d6-64bit-1.0.0-150500.3.6.1 * libdav1d6-64bit-debuginfo-1.0.0-150500.3.6.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libdav1d6-1.0.0-150500.3.6.1 * libdav1d6-debuginfo-1.0.0-150500.3.6.1 * dav1d-debuginfo-1.0.0-150500.3.6.1 * dav1d-devel-1.0.0-150500.3.6.1 * dav1d-debugsource-1.0.0-150500.3.6.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * dav1d-debuginfo-1.0.0-150500.3.6.1 * dav1d-1.0.0-150500.3.6.1 * dav1d-debugsource-1.0.0-150500.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-1580.html * https://bugzilla.suse.com/show_bug.cgi?id=1220100 . The latest dav1d update from SUSE resolves a moderate security concern related to CVE-2024-1580. Comprehensive patching instructions are included to ensure systems are up to date.. dav1d update, SUSE security advisory, Linux package update, openSUSE patch. . LinuxSecurity.com Team

Calendar 2 Mar 22, 2024 SuSE
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorydenial of servicegentoo

Gentoo: 202310-05 Low Risk: dav1d Denial of Service Vulnerability

A vulnerability has been found in dav1d which could result in denial of service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: dav1d: Denial of Service Date: October 08, 2023 Bugs: #906107 ID: 202310-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been found in dav1d which could result in denial of service. Background ========== dav1d is an AV1 decoder. Affected packages ================= Package Vulnerable Unaffected ---------------- ------------ ------------ media-libs/dav1d < 1.2.0 > = 1.2.0 Description =========== In some circumstances, dav1d might treat an invalid frame as valid, resulting in a crash. Impact ====== Malformed frame data can result in a denial of service. Workaround ========== Users should avoid parsing untrusted video with dav1d. Resolution ========== All dav1d users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-libs/dav1d-1.2.0" References ========== [ 1 ] CVE-2023-32570 https://nvd.nist.gov/vuln/detail/CVE-2023-32570 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202310-05 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). Thecontents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Uncover the specifics surrounding Gentoo GLSA 202310-05 related to the denial of service vulnerability found in dav1d and the measures taken to address it.. Gentoo Security Advisory,dav1d Denial Service,vulnerability management,denial of service. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Oct 08, 2023 Low Gentoo
Banner 3 1028x280 1708121785 1771599793
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedorarace condition

Fedora 37: FEDORA-2023-762a7e1234 Critical LibavCodec Security Flaw

Update to version 1.2.1. This version includes a fix for CVE-2023-32570 (race condition that can lead to an application crash).. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-652b6e8847 2023-07-08 01:14:19.209448 --------------------------------------------------------------------------------Name : dav1d Product : Fedora 37 Version : 1.2.1 Release : 1.fc37 URL : https://code.videolan.org/videolan/dav1d Summary : AV1 cross-platform Decoder Description : dav1d is a new AV1 cross-platform Decoder, open-source, and focused on speed and correctness. --------------------------------------------------------------------------------Update Information: Update to version 1.2.1. This version includes a fix for CVE-2023-32570 (race condition that can lead to an application crash). --------------------------------------------------------------------------------ChangeLog: * Thu Jun 22 2023 Fabio Valentini - 1.2.1-1 - Update to version 1.2.1; Fixes RHBZ#2192725 * Thu Feb 16 2023 Pete Walter - 1.1.0-1 - Update to 1.1.0 Close: rhbz#2169844 * Thu Jan 19 2023 Fedora Release Engineering - 1.0.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2208125 - CVE-2023-32570 dav1d: a thread_task.c race condition that can lead to an application crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2208125 [ 2 ] Bug #2208126 - CVE-2023-32570 dav1d: a thread_task.c race condition that can lead to an application crash [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2208126 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-652b6e8847' at the command line. For more information, refer to the dnf documentationavailable at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Fedora 37 has released a new dav1d update that resolves a potential race condition, which may lead to application instability. Discover further details here!. Fedora 37,Cross-Platform,AV1 Decoder,Security Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 08, 2023 Critical Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorycriticalFedora

Ubuntu 23.04: 2023-bc78f2e4a7 Important: FFMpeg Memory Leak Addressed

Update to version 1.2.1. This version includes a fix for CVE-2023-32570 (race condition that can lead to an application crash).. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-9ea5d6e289 2023-06-24 01:20:34.546931 --------------------------------------------------------------------------------Name : dav1d Product : Fedora 38 Version : 1.2.1 Release : 1.fc38 URL : https://code.videolan.org/videolan/dav1d Summary : AV1 cross-platform Decoder Description : dav1d is a new AV1 cross-platform Decoder, open-source, and focused on speed and correctness. --------------------------------------------------------------------------------Update Information: Update to version 1.2.1. This version includes a fix for CVE-2023-32570 (race condition that can lead to an application crash). --------------------------------------------------------------------------------ChangeLog: * Thu Jun 22 2023 Fabio Valentini - 1.2.1-1 - Update to version 1.2.1; Fixes RHBZ#2192725 --------------------------------------------------------------------------------References: [ 1 ] Bug #2208125 - CVE-2023-32570 dav1d: a thread_task.c race condition that can lead to an application crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2208125 [ 2 ] Bug #2208126 - CVE-2023-32570 dav1d: a thread_task.c race condition that can lead to an application crash [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2208126 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-9ea5d6e289' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Enhancements to Fedora 38 concerning dav1d 1.2.1 address severe race condition vulnerabilities resulting in software failures.. Fedora Update,dav1d 1.2.1,race condition fix,open-source decoder. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jun 24, 2023 Important Fedora
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here