Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 580
Alerts This Week
Warning Icon 1 580

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":100,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
100

SUSE Python-Pillow Important Decompression Bomb Fix 2026-21382-1

An update that solves one vulnerability can now be installed.. # Security update for python-Pillow Announcement ID: SUSE-SU-2026:21382-1 Release Date: 2026-04-22T21:45:29Z Rating: important References: * bsc#1262184 Cross-References: * CVE-2026-40192 CVSS scores: * CVE-2026-40192 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-40192 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40192 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-40192 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-Pillow fixes the following issue: * CVE-2026-40192: Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks (bsc#1262184). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-629=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-629=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * python313-Pillow-debuginfo-11.3.0-160000.4.1 * python313-Pillow-tk-debuginfo-11.3.0-160000.4.1 * python313-Pillow-11.3.0-160000.4.1 * python-Pillow-debugsource-11.3.0-160000.4.1 *python313-Pillow-tk-11.3.0-160000.4.1 * python-Pillow-debuginfo-11.3.0-160000.4.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * python313-Pillow-debuginfo-11.3.0-160000.4.1 * python313-Pillow-tk-debuginfo-11.3.0-160000.4.1 * python313-Pillow-11.3.0-160000.4.1 * python-Pillow-debugsource-11.3.0-160000.4.1 * python313-Pillow-tk-11.3.0-160000.4.1 * python-Pillow-debuginfo-11.3.0-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40192.html * https://bugzilla.suse.com/show_bug.cgi?id=1262184 . A critical security update for python-Pillow addressing CVE-2026-40192 to mitigate decompression bomb risks on SUSE.. SUSE Python Pillow Update, CVE-2026-40192 Fix, SUSE Security Advisory. . LinuxSecurity.com Team

Calendar%202 Apr 28, 2026 SuSE
202

openSUSE Leap 16.0 Python-Pillow Critical Decompression Bomb CVE-2026-40192

An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for python-pillow ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20617-1 Rating: important References: * bsc#1262184 Cross-References: * CVE-2026-40192 CVSS scores: * CVE-2026-40192 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40192 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for python-Pillow fixes the following issue: - CVE-2026-40192: Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks (bsc#1262184). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-629=1 Package List: - openSUSE Leap 16.0: python313-Pillow-11.3.0-160000.4.1 python313-Pillow-tk-11.3.0-160000.4.1 References: * https://www.suse.com/security/cve/CVE-2026-40192.html . An important security update for python-Pillow on openSUSE addresses decompression bomb vulnerabilities.. openSUSE python-Pillow security important CVE-2026-40192 update. . LinuxSecurity.com Team

Calendar%202 Apr 24, 2026 OpenSUSE
203

Mageia 9: python-urllib3 Important Security Fixes MGASA-2026-0011

MGASA-2026-0011 - Updated python-urllib3 packages fix security vulnerabilities. MGASA-2026-0011 - Updated python-urllib3 packages fix security vulnerabilities Publication date: 17 Jan 2026 URL: https://advisories.mageia.org/MGASA-2026-0011.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-66418, CVE-2026-21441 Description: urllib3 allows an unbounded number of links in the decompression chain. (CVE-2025-66418) urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API). (CVE-2026-21441) References: - https://bugs.mageia.org/show_bug.cgi?id=34809 - https://www.openwall.com/lists/oss-security/2025/12/05/4 - https://ubuntu.com/security/notices/USN-7955-1 - https://www.cve.org/CVERecord?id=CVE-2025-66418 - https://www.cve.org/CVERecord?id=CVE-2026-21441 SRPMS: - 9/core/python-urllib3-1.26.20-1.2.mga9 . Updated python-urllib3 packages in Mageia address important security issues related to decompression attacks and HTTP redirects.. Mageia python-urllib3 updates, python urllib3 vulnerabilities, security advisories Mageia. . LinuxSecurity.com Team

Calendar%202 Jan 17, 2026 Mageia
89

Fedora 42: perl-Alien-Brotli Faces Critical Denial-of-Service Risk

Update brotli to 1.2.0. This update provides the necessary Python APIs in python3-brotli to fix denial- of-service security issues related to \u201cdecompression bombs,\u201d such as CVE-2025-66471 or CVE-2025-6176, but actually fixing them would require separate updates in affected packages.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-9e233a4e22 2025-12-18 01:10:20.380939+00:00 -------------------------------------------------------------------------------- Name : perl-Alien-Brotli Product : Fedora 42 Version : 0.2.2 Release : 11.fc42 URL : http://metacpan.org/dist/Alien-Brotli Summary : Find and install the Brotli compressor Description : This distribution installs the brotli compressor, so that it can be used by other distributions, and provides a way to find the executable. -------------------------------------------------------------------------------- Update Information: Update brotli to 1.2.0. This update provides the necessary Python APIs in python3-brotli to fix denial- of-service security issues related to \u201cdecompression bombs,\u201d such as CVE-2025-66471 or CVE-2025-6176, but actually fixing them would require separate updates in affected packages. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 10 2025 Miro Hron\u010dok - 0.2.2-11 - Rebuilt for brotli 1.2.0 * Fri Jul 25 2025 Fedora Release Engineering - 0.2.2-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2419491 - CVE-2025-6176 brotli: Brotli decompression bomb DoS in scrapy/scrapy [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2419491 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2025-9e233a4e22' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Critical update for perl-Alien-Brotli in Fedora to address DoS issues from decompression bombs effectively.. perl Alien Brotli update DoS Fedora. . LinuxSecurity.com Team

Calendar%202 Dec 18, 2025 Fedora
100

SUSE: 2020:2057-1 Important: python-Pillow Buffer Overflow Patch

An update that fixes 8 vulnerabilities is now available. . SUSE Security Update: Security update for python-Pillow ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2057-1 Rating: important References: #1153191 #1160152 #1160153 #1160192 #1173413 #1173416 #1173418 #965582 Cross-References: CVE-2016-0775 CVE-2019-16865 CVE-2019-19911 CVE-2020-10177 CVE-2020-10378 CVE-2020-10994 CVE-2020-5312 CVE-2020-5313 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for python-Pillow fixes the following issues: - Add 0019-FLI-overflow-error-fix-and-testcase.patch * Fixes CVE-2016-0775, bsc#965582 - Add 0020-Fix-OOB-reads-in-FLI-decoding.patch * Fixes CVE-2020-10177, bsc#1173413 - Add 0021-Fix-bounds-overflow-in-JPEG-2000-decoding.patch * Fixes CVE-2020-10994, bsc#1173418 - Add 0022-Fix-bounds-overflow-in-PCX-decoding.patch * Fixes CVE-2020-10378, bsc#1173416 - Add 0008-Corrected-negative-seeks.patch * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0009-Make-Image.crop-an-immediate-operation.patch * Fixes https://github.com/python-pillow/Pillow/issues/1077 * Used by 0012-Added-decompression-bomb-checks.patch - Add 0010-Crop-decompression.patch * Used by 0012-Added-decompression-bomb-checks.patch - Add 0011-Added-DecompressionBombError.patch * Used by 0012-Added-decompression-bomb-checks.patch - Add 0012-Added-decompression-bomb-checks.patch * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0013-Raise-error-if-dimension-is-a-string.patch * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0014-Catch-buffer-overruns.patch * Fixes part of CVE-2019-16865, bsc#1153191 - Add0015-Catch-PCX-P-mode-buffer-overrun.patch * Fixes CVE-2020-5312, bsc#1160152 - Add 0016-Ensure-previous-FLI-frame-is-loaded.patch * Fixes https://github.com/python-pillow/Pillow/issues/2649 * Uncovers CVE-2020-5313, bsc#1160153 - Add 0017-Catch-FLI-buffer-overrun.patch * Fixes CVE-2020-5313, bsc#1160153 - Add 018-Invalid-number-of-bands-in-FPX-image.patch * Fixes CVE-2019-19911, bsc#1160192 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2057=1 Package List: - SUSE Enterprise Storage 5 (aarch64 x86_64): python-Pillow-2.8.1-3.9.1 python-Pillow-debuginfo-2.8.1-3.9.1 python-Pillow-debugsource-2.8.1-3.9.1 References: https://www.suse.com/security/cve/CVE-2016-0775.html https://www.suse.com/security/cve/CVE-2019-16865.html https://www.suse.com/security/cve/CVE-2019-19911.html https://www.suse.com/security/cve/CVE-2020-10177.html https://www.suse.com/security/cve/CVE-2020-10378.html https://www.suse.com/security/cve/CVE-2020-10994.html https://www.suse.com/security/cve/CVE-2020-5312.html https://www.suse.com/security/cve/CVE-2020-5313.html https://bugzilla.suse.com/1153191 https://bugzilla.suse.com/1160152 https://bugzilla.suse.com/1160153 https://bugzilla.suse.com/1160192 https://bugzilla.suse.com/1173413 https://bugzilla.suse.com/1173416 https://bugzilla.suse.com/1173418 https://bugzilla.suse.com/965582 _______________________________________________ sle-security-updates mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. http://lists.suse.com/mailman/listinfo/sle-security-updates . SUSE has unveiled a crucial enhancement for python-Pillow addressing several concerns pertaining to security flaws.. python-Pillow Update,SUSE Security Patch,ImageProcessing Issues,Threated Fixes. . LinuxSecurity.com Team

Calendar%202 Jul 27, 2020 SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":100,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200