Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 169 articles for you...
89
security advisoryfedoraupdateFedora 41: FEDORA-2025-297c7ac7fe critical: gotify-desktop double free
Rebuild applications to apply two recent security updates: build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels that do not produce any non-ASCII when decoded) build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double- free on Drop). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-297c7ac7fe 2025-06-25 01:42:08.365038+00:00 -------------------------------------------------------------------------------- Name : gotify-desktop Product : Fedora 41 Version : 1.3.7 Release : 5.fc41 URL : https://github.com/desbma/gotify-desktop Summary : Small Gotify daemon to receive and forward messages Description : Small Gotify daemon to receive messages and forward them as desktop notifications. Read Gotify messages, and forward them as standard desktop notification. Forward message priority. Auto reconnect if server connection is lost and get missed messages. Automatically download, cache, and show app icons. -------------------------------------------------------------------------------- Update Information: Rebuild applications to apply two recent security updates: build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels that do not produce any non-ASCII when decoded) build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double- free on Drop) -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 16 2025 Fabio Valentini - 1.3.7-5 - Rebuild for idna crate > = v1.0.0 (CVE-2024-12224) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2366525 - CVE-2025-4574 atuin: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2366525 [ 2 ] Bug #2366527 - CVE-2025-4574 awatcher: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2366527 [ 3 ] Bug #2370559 - CVE-2024-12224 atuin: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2370559 [ 4 ] Bug #2370561 - CVE-2024-12224 awatcher: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2370561 [ 5 ] Bug #2370566 - CVE-2024-12224 gotify-desktop: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2370566 [ 6 ] Bug #2370568 - CVE-2024-12224 keylime-agent-rust: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2370568 [ 7 ] Bug #2370570 - CVE-2024-12224 mirrorlist-server: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2370570 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-297c7ac7fe' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 25, 2025
•Critical
Fedora
89
security advisoryfedoraimportantFedora 42: FEDORA-2025-8a18a5a077 crucial security updates for mirrors
Rebuild applications to apply two recent security updates: build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels that do not produce any non-ASCII when decoded) build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double- free on Drop). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-8a18a5a077 2025-06-25 01:17:21.616266+00:00 -------------------------------------------------------------------------------- Name : mirrorlist-server Product : Fedora 42 Version : 3.0.7 Release : 7.fc42 URL : https://github.com/adrianreber/mirrorlist-server Summary : Mirrorlist Server Description : The mirrorlist-server uses the data created by MirrorManager2 (https://github.com/fedora-infra/mirrormanager2) to answer client request for the "best" mirror. This implementation of the mirrorlist-server is written in Rust. The original version of the mirrorlist-server was part of the MirrorManager2 repository and it is implemented using Python. While moving from Python2 to Python3 one of the problems was that the data exchange format (Python Pickle) did not support running the MirrorManager2 backend with Python2 and the mirrorlist frontend with Python3. To have a Pickle independent data exchange format protobuf was introduced. The first try to use protobuf in the python mirrorlist implementation required a lot more memory than the Pickle based implementation (3.5GB instead of 1.1GB). That is one of the reasons a new mirrorlist-server implementation was needed. Another reason to rewrite the mirrorlist-server is its architecture. The Python based version requires the Apache HTTP server or something that can run the included wsgi. The wsgi talks over a socket to the actual mirrorlist-server. In Fedora's MirrorManager2 instance this runs in a container which runs behind HAProxy. This implementation in Rust directly uses a HTTP library to reduce the number ofinvolved components. In addition to being simpler this implementation also requires less memory than the Python version. -------------------------------------------------------------------------------- Update Information: Rebuild applications to apply two recent security updates: build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels that do not produce any non-ASCII when decoded) build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double- free on Drop) -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 16 2025 Fabio Valentini - 3.0.7-7 - Rebuild for idna crate > = v1.0.0 (CVE-2024-12224) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2366549 - CVE-2025-4574 atuin: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366549 [ 2 ] Bug #2366551 - CVE-2025-4574 awatcher: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366551 [ 3 ] Bug #2370578 - CVE-2024-12224 atuin: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2370578 [ 4 ] Bug #2370580 - CVE-2024-12224 awatcher: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2370580 [ 5 ] Bug #2370586 - CVE-2024-12224 gotify-desktop: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2370586 [ 6 ] Bug #2370591 - CVE-2024-12224 mirrorlist-server: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2370591 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8a18a5a077' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 25, 2025
•Critical
Fedora
89
security advisoryfedoraimportantFedora 42: FEDORA-2025-8a18a5a077 important: awatcher security updates
Rebuild applications to apply two recent security updates: build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels that do not produce any non-ASCII when decoded) build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double- free on Drop). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-8a18a5a077 2025-06-25 01:17:21.616266+00:00 -------------------------------------------------------------------------------- Name : awatcher Product : Fedora 42 Version : 0.3.1 Release : 2.fc42 URL : https://github.com/2e3s/awatcher Summary : A window activity and idle watcher Description : A window activity and idle watcher. -------------------------------------------------------------------------------- Update Information: Rebuild applications to apply two recent security updates: build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels that do not produce any non-ASCII when decoded) build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double- free on Drop) -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 16 2025 Fabio Valentini - 0.3.1-2 - Rebuild for idna crate > = v1.0.0 (CVE-2024-12224) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2366549 - CVE-2025-4574 atuin: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366549 [ 2 ] Bug #2366551 - CVE-2025-4574 awatcher: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366551 [ 3 ] Bug #2370578 - CVE-2024-12224 atuin: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2370578 [ 4 ] Bug #2370580 - CVE-2024-12224awatcher: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2370580 [ 5 ] Bug #2370586 - CVE-2024-12224 gotify-desktop: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2370586 [ 6 ] Bug #2370591 - CVE-2024-12224 mirrorlist-server: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2370591 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8a18a5a077' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 25, 2025
•Important
Fedora
89
security advisoryfedoracriticalFedora 42 rust-git-interactive-rebase-tool double free issue in 2025
Rebuild for CVE-2024-12224, CVE-2025-4574. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-da9b58be96 2025-06-18 14:42:09.231396+00:00 -------------------------------------------------------------------------------- Name : rust-git-interactive-rebase-tool Product : Fedora 42 Version : 2.4.1 Release : 9.fc42 URL : https://crates.io/crates/git-interactive-rebase-tool Summary : Full-featured terminal-based sequence editor for Git interactive rebase Description : Full-featured terminal-based sequence editor for Git interactive rebase. -------------------------------------------------------------------------------- Update Information: Rebuild for CVE-2024-12224, CVE-2025-4574 -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 8 2025 Benjamin Gilbert - 2.4.1-9 - Rebuild for CVE-2024-12224, CVE-2025-4574 (rhbz#2370599, rhbz#2366573) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2366573 - CVE-2025-4574 rust-git-interactive-rebase-tool: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366573 [ 2 ] Bug #2370599 - CVE-2024-12224 rust-git-interactive-rebase-tool: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2370599 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-da9b58be96' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 18, 2025
•Important
Fedora
89
security advisoryfedoradouble freeFedora 41: FEDORA-2025-26640e9e35 - crucial update for rust-git-tool
Rebuild for CVE-2024-12224, CVE-2025-4574. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-26640e9e35 2025-06-17 02:28:46.265681+00:00 -------------------------------------------------------------------------------- Name : rust-git-interactive-rebase-tool Product : Fedora 41 Version : 2.4.1 Release : 9.fc41 URL : https://crates.io/crates/git-interactive-rebase-tool Summary : Full-featured terminal-based sequence editor for Git interactive rebase Description : Full-featured terminal-based sequence editor for Git interactive rebase. -------------------------------------------------------------------------------- Update Information: Rebuild for CVE-2024-12224, CVE-2025-4574 -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 8 2025 Benjamin Gilbert - 2.4.1-9 - Rebuild for CVE-2024-12224, CVE-2025-4574 (rhbz#2370599, rhbz#2366573) * Sun Jan 19 2025 Fedora Release Engineering - 2.4.1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2366573 - CVE-2025-4574 rust-git-interactive-rebase-tool: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366573 [ 2 ] Bug #2370599 - CVE-2024-12224 rust-git-interactive-rebase-tool: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2370599 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-26640e9e35' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label Allpackages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 17, 2025
•Critical
Fedora
100
security advisoryimportantSUSESUSE 15 SP7: 2025:01639-2 important: libwebp double free issue
* bsc#1136199 Cross-References: * CVE-2016-9969 . # Security update for libwebp Announcement ID: SUSE-SU-2025:01639-2 Release Date: 2025-06-10T08:12:52Z Rating: important References: * bsc#1136199 Cross-References: * CVE-2016-9969 CVSS scores: * CVE-2016-9969 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2016-9969 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2016-9969 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for libwebp fixes the following issues: * CVE-2016-9969: freeing of uninitialized memory pointer in SetFrame() of AnimEncoder can lead to double free (bsc#1136199). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-1639=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2025-1639=1 ## Package List: * SUSE Package Hub 15 15-SP7 (x86_64) * libwebp6-32bit-0.5.0-150000.3.17.1 * libwebp6-32bit-debuginfo-0.5.0-150000.3.17.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * libwebp6-0.5.0-150000.3.17.1 * libwebp6-debuginfo-0.5.0-150000.3.17.1 * libwebp-debugsource-0.5.0-150000.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2016-9969.html * https://bugzilla.suse.com/show_bug.cgi?id=1136199 . This release tackles a significantvulnerability in libjpeg, affecting Debian platforms. Urgent updates are recommended for protection.. SUSE Linux, libwebp security, memory issue fix, important update. . Severity: Important. LinuxSecurity.com Team
Jun 10, 2025
•Important
SuSE
89
security advisoryupdateFedoraFedora 41 Advisory: Details on the Double Free Patch for libvpx
Add patch for double free. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-15220f1411 2025-06-08 02:30:29.772019+00:00 -------------------------------------------------------------------------------- Name : libvpx Product : Fedora 41 Version : 1.15.0 Release : 3.fc41 URL : http://www.webmproject.org/code/ Summary : VP8/VP9 Video Codec SDK Description : libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications with the VP8 and VP9 video codecs, high quality, royalty free, open source codecs deployed on millions of computers and devices worldwide. -------------------------------------------------------------------------------- Update Information: Add patch for double free -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 3 2025 Wim Taymans - 1.15.0-3 - Add patch for double free Resolves: rhbz#2368931 * Fri Jan 17 2025 Fedora Release Engineering - 1.15.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Tue Jan 14 2025 Pete Walter - 1.15.0-1 - Update to 1.15.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2368931 - CVE-2025-5262 libvpx: Double-free in libvpx encoder [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2368931 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-15220f1411' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 08, 2025
•Important
Fedora
89
security advisoryupdateFedoraFedora 42: FEDORA-2025-f5bf0fb721 critical: libvpx double free
Add patch for double free. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-f5bf0fb721 2025-06-06 01:43:35.179050+00:00 -------------------------------------------------------------------------------- Name : libvpx Product : Fedora 42 Version : 1.15.0 Release : 3.fc42 URL : http://www.webmproject.org/code/ Summary : VP8/VP9 Video Codec SDK Description : libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications with the VP8 and VP9 video codecs, high quality, royalty free, open source codecs deployed on millions of computers and devices worldwide. -------------------------------------------------------------------------------- Update Information: Add patch for double free -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 3 2025 Wim Taymans - 1.15.0-3 - Add patch for double free Resolves: rhbz#2368931 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2368931 - CVE-2025-5262 libvpx: Double-free in libvpx encoder [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2368931 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-f5bf0fb721' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 06, 2025
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!