Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
219
security advisorylowlibarchiveRocky Linux 8 RLSA-2023-3023 libarchive Minor Memory Patch Released
Low: libarchive security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:3018", "synopsis": "Low: libarchive security update", "severity": "SEVERITY_LOW", "topic": "An update is available for libarchive.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.\n\nSecurity Fix(es):\n\n* libarchive: NULL pointer dereference in archive_write.c (CVE-2022-36227)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2144972", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2144972", "description": ""}], "cves": [{"name": "CVE-2022-36227", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2022-36227", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-476"}], "references": [], "publishedAt": "2026-03-20T00:02:50.766829Z", "rpms": {"Rocky Linux 8": {"nvras": ["bsdtar-0:3.3.3-5.el8.aarch64.rpm", "bsdtar-0:3.3.3-5.el8.x86_64.rpm", "bsdtar-debuginfo-0:3.3.3-5.el8.aarch64.rpm", "bsdtar-debuginfo-0:3.3.3-5.el8.x86_64.rpm", "libarchive-0:3.3.3-5.el8.aarch64.rpm", "libarchive-0:3.3.3-5.el8.i686.rpm", "libarchive-0:3.3.3-5.el8.x86_64.rpm","libarchive-debuginfo-0:3.3.3-5.el8.aarch64.rpm", "libarchive-debuginfo-0:3.3.3-5.el8.i686.rpm", "libarchive-debuginfo-0:3.3.3-5.el8.x86_64.rpm", "libarchive-debugsource-0:3.3.3-5.el8.aarch64.rpm", "libarchive-debugsource-0:3.3.3-5.el8.i686.rpm", "libarchive-debugsource-0:3.3.3-5.el8.x86_64.rpm", "libarchive-devel-0:3.3.3-5.el8.aarch64.rpm", "libarchive-devel-0:3.3.3-5.el8.i686.rpm", "libarchive-devel-0:3.3.3-5.el8.x86_64.rpm", "libarchive-0:3.3.3-5.el8.src.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Discover security update for libarchive on Rocky Linux 8 addressing low severity issues with NULL pointer dereference.. libarchive security update, Rocky Linux vulnerabilities, NULL pointer dereference. . Severity: Low. LinuxSecurity.com Team
Mar 20, 2026
•Low
Rocky Linux
202
security advisorymoderatenull pointeropenSUSE harfbuzz Moderate NULL Pointer Dereference Fix 2026-0287-1
An update that solves one vulnerability can now be installed.. # Security update for harfbuzz Announcement ID: SUSE-SU-2026:0287-1 Release Date: 2026-01-23T23:35:55Z Rating: moderate References: * bsc#1256459 Cross-References: * CVE-2026-22693 CVSS scores: * CVE-2026-22693 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22693 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22693 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for harfbuzz fixes the following issues: * CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create (bsc#1256459). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-287=1 SUSE-2026-287=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-287=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * harfbuzz-devel-8.3.0-150600.3.3.1 * libharfbuzz-gobject0-debuginfo-8.3.0-150600.3.3.1 * libharfbuzz-subset0-8.3.0-150600.3.3.1 * harfbuzz-tools-debuginfo-8.3.0-150600.3.3.1 * harfbuzz-debugsource-8.3.0-150600.3.3.1 * libharfbuzz-gobject0-8.3.0-150600.3.3.1 * libharfbuzz-icu0-debuginfo-8.3.0-150600.3.3.1 * typelib-1_0-HarfBuzz-0_0-8.3.0-150600.3.3.1 * libharfbuzz-icu0-8.3.0-150600.3.3.1 * libharfbuzz-subset0-debuginfo-8.3.0-150600.3.3.1 *libharfbuzz0-8.3.0-150600.3.3.1 * libharfbuzz-cairo0-debuginfo-8.3.0-150600.3.3.1 * harfbuzz-tools-8.3.0-150600.3.3.1 * libharfbuzz0-debuginfo-8.3.0-150600.3.3.1 * libharfbuzz-cairo0-8.3.0-150600.3.3.1 * openSUSE Leap 15.6 (x86_64) * libharfbuzz-cairo0-32bit-8.3.0-150600.3.3.1 * libharfbuzz-icu0-32bit-debuginfo-8.3.0-150600.3.3.1 * libharfbuzz-gobject0-32bit-debuginfo-8.3.0-150600.3.3.1 * libharfbuzz0-32bit-8.3.0-150600.3.3.1 * libharfbuzz-gobject0-32bit-8.3.0-150600.3.3.1 * libharfbuzz-subset0-32bit-8.3.0-150600.3.3.1 * libharfbuzz-subset0-32bit-debuginfo-8.3.0-150600.3.3.1 * libharfbuzz-icu0-32bit-8.3.0-150600.3.3.1 * libharfbuzz-cairo0-32bit-debuginfo-8.3.0-150600.3.3.1 * libharfbuzz0-32bit-debuginfo-8.3.0-150600.3.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libharfbuzz-icu0-64bit-8.3.0-150600.3.3.1 * libharfbuzz-gobject0-64bit-debuginfo-8.3.0-150600.3.3.1 * libharfbuzz-icu0-64bit-debuginfo-8.3.0-150600.3.3.1 * libharfbuzz-subset0-64bit-8.3.0-150600.3.3.1 * libharfbuzz-cairo0-64bit-8.3.0-150600.3.3.1 * libharfbuzz0-64bit-8.3.0-150600.3.3.1 * libharfbuzz0-64bit-debuginfo-8.3.0-150600.3.3.1 * libharfbuzz-gobject0-64bit-8.3.0-150600.3.3.1 * libharfbuzz-cairo0-64bit-debuginfo-8.3.0-150600.3.3.1 * libharfbuzz-subset0-64bit-debuginfo-8.3.0-150600.3.3.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * harfbuzz-devel-8.3.0-150600.3.3.1 * libharfbuzz-gobject0-debuginfo-8.3.0-150600.3.3.1 * libharfbuzz-subset0-8.3.0-150600.3.3.1 * libharfbuzz-gobject0-8.3.0-150600.3.3.1 * harfbuzz-debugsource-8.3.0-150600.3.3.1 * libharfbuzz-icu0-debuginfo-8.3.0-150600.3.3.1 * typelib-1_0-HarfBuzz-0_0-8.3.0-150600.3.3.1 * libharfbuzz-icu0-8.3.0-150600.3.3.1 * libharfbuzz-subset0-debuginfo-8.3.0-150600.3.3.1 * libharfbuzz0-8.3.0-150600.3.3.1 * libharfbuzz-cairo0-debuginfo-8.3.0-150600.3.3.1 * libharfbuzz0-debuginfo-8.3.0-150600.3.3.1 * libharfbuzz-cairo0-8.3.0-150600.3.3.1 * Basesystem Module 15-SP7 (x86_64) * libharfbuzz0-32bit-8.3.0-150600.3.3.1 * libharfbuzz0-32bit-debuginfo-8.3.0-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-22693.html * https://bugzilla.suse.com/show_bug.cgi?id=1256459 . An important update for harfbuzz resolves a NULL pointer dereference issue with moderate severity for openSUSE users.. harfbuzz openSUSE update patch security. . LinuxSecurity.com Team
Jan 26, 2026
OpenSUSE
203
security advisorysecurity issuecriticalMageia 9: MGASA-2025-0128 critical: augeas null pointer issue
Hercules Augeas fa.c re_case_expand null pointer dereference. (CVE-2025-2588) References: - https://bugs.mageia.org/show_bug.cgi?id=34141 . MGASA-2025-0128 - Updated augeas packages fix security vulnerability Publication date: 05 Apr 2025 URL: https://advisories.mageia.org/MGASA-2025-0128.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-2588 Hercules Augeas fa.c re_case_expand null pointer dereference. (CVE-2025-2588) References: - https://bugs.mageia.org/show_bug.cgi?id=34141 - https://lists.fedoraproject.org/archives/list/
Apr 05, 2025
•Critical
Mageia
100
security advisorymoderatebuffer overflowSUSE Linux Enterprise 12-SP5 Moderate Git Buffer Overflow Fixes
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4271-1 Rating: moderate References: #1204455 #1204456 Cross-References: CVE-2022-39253 CVE-2022-39260 CVSS scores: CVE-2022-39253 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-39253 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2022-39260 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-39260 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-4271=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4271=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4271=1 - HPE Helion Openstack 8: zypper in -t patchHPE-Helion-OpenStack-8-2022-4271=1 Package List: - SUSE OpenStack Cloud 8 (x86_64): git-2.26.2-27.60.1 git-debugsource-2.26.2-27.60.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): git-2.26.2-27.60.1 git-arch-2.26.2-27.60.1 git-core-2.26.2-27.60.1 git-core-debuginfo-2.26.2-27.60.1 git-cvs-2.26.2-27.60.1 git-daemon-2.26.2-27.60.1 git-daemon-debuginfo-2.26.2-27.60.1 git-debugsource-2.26.2-27.60.1 git-email-2.26.2-27.60.1 git-gui-2.26.2-27.60.1 git-svn-2.26.2-27.60.1 git-svn-debuginfo-2.26.2-27.60.1 git-web-2.26.2-27.60.1 gitk-2.26.2-27.60.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): git-doc-2.26.2-27.60.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): git-2.26.2-27.60.1 git-core-2.26.2-27.60.1 git-core-debuginfo-2.26.2-27.60.1 git-cvs-2.26.2-27.60.1 git-daemon-2.26.2-27.60.1 git-daemon-debuginfo-2.26.2-27.60.1 git-debugsource-2.26.2-27.60.1 git-email-2.26.2-27.60.1 git-gui-2.26.2-27.60.1 git-svn-2.26.2-27.60.1 git-web-2.26.2-27.60.1 gitk-2.26.2-27.60.1 - HPE Helion Openstack 8 (x86_64): git-2.26.2-27.60.1 git-debugsource-2.26.2-27.60.1 References: https://www.suse.com/security/cve/CVE-2022-39253.html https://www.suse.com/security/cve/CVE-2022-39260.html https://bugzilla.suse.com/1204455 https://bugzilla.suse.com/1204456 . The recent git update tackles three critical vulnerabilities in Ubuntu Linux, providing insights on impact level, fixes, and the versions impacted.. SUSE Security Patch, Git Update, SUSE Linux Enterprise, Software Update, Security Advisory. . LinuxSecurity.com Team
Nov 29, 2022
SuSE
197
security advisorycriticaldebianDebian 10: DLA-3133-1 Critical Lighttpd NULL Pointer Dereference
An invalid HTTP request (websocket handshake) may cause a NULL pointer dereference in the wstunnel module. For Debian 10 buster, this problem has been fixed in version . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3133-1
Oct 03, 2022
•Critical
Debian LTS
89
security advisorycriticalFedoraFedora 31: curl 2020-126a0dd319 Critical: Pointer Dereference Threat
- fix expired pointer dereference via multi API with `CURLOPT_CONNECT_ONLY` option set (CVE-2020-8231). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-126a0dd319 2020-09-03 16:25:10.755327 --------------------------------------------------------------------------------Name : curl Product : Fedora 31 Version : 7.66.0 Release : 3.fc31 URL : https://curl.se/ Summary : A utility for getting files from remote servers (FTP, HTTP, and others) Description : curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. --------------------------------------------------------------------------------Update Information: - fix expired pointer dereference via multi API with `CURLOPT_CONNECT_ONLY` option set (CVE-2020-8231) --------------------------------------------------------------------------------ChangeLog: * Wed Aug 19 2020 Kamil Dudka - 7.66.0-3 - libcurl: wrong connect-only connection (CVE-2020-8231) --------------------------------------------------------------------------------References: [ 1 ] Bug #1868032 - CVE-2020-8231 curl: Expired pointer dereference via multi API with `CURLOPT_CONNECT_ONLY` option set https://bugzilla.redhat.com/show_bug.cgi?id=1868032 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-126a0dd319' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Sep 03, 2020
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!