Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 44 Transmission 4.1.2 Important Clickjacking Fix CVE-2026-38978

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 libre 4.8.1 Critical Update Details for Real-Time Communication

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 NextCloud Update Denial of Service JSON Tampering 2026-30881a5be7

Calendar White Jun 05, 2026
Important
Fedora Large Esm H800
Fedora

Fedora 44 python-starlette Security Fix for CVE-2026-48710

Calendar White Jun 05, 2026
Critical
Fedora Large Esm H900
Fedora

Fedora 44 perl-Cpanel-JSON-XS Moderate Denial of Service CVE-2026-9516

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 rubygem-yard High Path Traversal Fix Vuln 2026-acefc1fe48

Calendar White Jun 05, 2026
high
Fedora Large Esm H800
Fedora

Fedora 44 Rust Sequoia Sop Low-Severity Fix Advisory 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Fedora Large Esm H900
Fedora

Fedora 44 rust-sequoia-sq Low Threat Security Advisory 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Fedora Large Esm H900
Fedora

Fedora 44 rust-sequoia-wot Low Severity Security Fix 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraupdate

Ubuntu 24: glyphutils Severe RCE Unrestricted File Access 2025-abcd1234ef

Update to 17.0.0 version (#2412270) Update fonttools 4.61.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-58e2bb0f1e 2025-12-20 01:18:41.356091+00:00 -------------------------------------------------------------------------------- Name : fonttools Product : Fedora 42 Version : 4.61.0 Release : 1.fc42 URL : https://github.com/fonttools/fonttools/ Summary : Tools to manipulate font files Description : fontTools is a library for manipulating fonts, written in Python. The project includes the TTX tool, that can convert TrueType and OpenType fonts to and from an XML text format, which is also called TTX. It supports TrueType, OpenType, AFM and to an extent Type 1 and some Mac-specific formats. -------------------------------------------------------------------------------- Update Information: Update to 17.0.0 version (#2412270) Update fonttools 4.61.0 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 9 2025 Parag Nemade - 4.61.0-1 - Update to 4.61.0 version (#2419183) * Thu Oct 2 2025 Parag Nemade - 4.60.1-1 - Update to 4.60.1 version (#2400374) * Fri Sep 19 2025 Python Maint - 4.60.0-2 - Rebuilt for Python 3.14.0rc3 bytecode * Wed Sep 17 2025 Parag Nemade - 4.60.0-1 - Update to 4.60.0 version (#2396057) * Thu Aug 28 2025 Parag Nemade - 4.59.2-1 - Update to 4.59.2 version (#2391330) * Fri Aug 15 2025 Python Maint - 4.59.1-2 - Rebuilt for Python 3.14.0rc2 bytecode * Fri Aug 15 2025 Parag Nemade - 4.59.1-1 - Update to 4.59.1 version (#2388618) * Wed Jul 23 2025 Fedora Release Engineering - 4.59.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Fri Jul 18 2025 Parag Nemade - 4.59.0-2 - Skip failing test test_ttcompile_timestamp_calcs * Wed Jul 16 2025 Parag Nemade - 4.59.0-1 - Update to 4.59.0 version (#2381317) * Fri Jul 4 2025 Parag Nemade - 4.58.5-1 - Update to4.58.5 version (#2376209) * Mon Jun 16 2025 Benjamin A. Beasley - 4.58.4-1 - Update to 4.58.4 version (#2370864) - No longer bootstrapping (build with tests enabled) * Sun Jun 15 2025 Python Maint - 4.58.1-3 - Bootstrap for Python 3.14 * Tue Jun 3 2025 Python Maint - 4.58.1-2 - Bootstrap for Python 3.14 * Thu May 29 2025 Parag Nemade - 4.58.1-1 - Update to 4.58.1 version (#2368984) * Mon May 12 2025 Parag Nemade - 4.58.0-1 - Update to 4.58.0 version (#2365442) * Fri Apr 4 2025 Parag Nemade - 4.57.0-1 - Update to 4.57.0 version (#2357231) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2421330 - CVE-2025-66034 fonttools: fontTools: Arbitrary file write leading to remote code execution via malicious .designspace file [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2421330 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-58e2bb0f1e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it:https://pagure.io/fedora-infrastructure/new_issue . Critical security advisory for fonttools in Fedora 42 addresses arbitrary file write leading to remote code execution.. fonttools update, Fedora 42 security, remote code execution, Python library update, arbitrary file write issue. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Dec 20, 2025 Critical Fedora
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisoryremote code executionUbuntu

Ubuntu 22.04 LTS: fontTools Important Path Traversal Risk CVE-2025-66034

Several security issues were fixed in fontTools.. ========================================================================== Ubuntu Security Notice USN-7917-1 December 09, 2025 fonttools vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in fontTools. Software Description: - fonttools: a library for manipulating fonts, written in Python Details: It was discovered that the subsetting module of fontTools was vulnerable to an XML External Entity (XEE) attack. An unauthenticated remote attacker could possibly use this issue to include arbitrary files from the file system or make web requests from the host system. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-45139) It was discovered that fontTools was vulnerable to path traversal attacks. If a user or automated system were tricked into extracting a specially crafted .designspace file, an attacker could possibly use this issue to write arbitrary files outside the target directory, resulting in remote code execution. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04 and Ubuntu 25.10. (CVE-2025-66034) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 fonttools 4.55.3-2ubuntu0.25.10.1 python3-fonttools 4.55.3-2ubuntu0.25.10.1 Ubuntu 25.04 fonttools 4.55.3-2ubuntu0.25.04.1 python3-fonttools 4.55.3-2ubuntu0.25.04.1 Ubuntu 24.04 LTS fonttools 4.46.0-1ubuntu0.1~esm1 Available with Ubuntu Pro python3-fonttools 4.46.0-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS fonttools 4.29.1-2ubuntu0.1~esm1 Available with Ubuntu Pro python3-fonttools 4.29.1-2ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7917-1 CVE-2023-45139, CVE-2025-66034 Package Information: https://launchpad.net/ubuntu/+source/fonttools/4.55.3-2ubuntu0.25.10.1 https://launchpad.net/ubuntu/+source/fonttools/4.55.3-2ubuntu0.25.04.1 . Several critical security issues in fontTools for Ubuntu users require immediate updates for protection against threats.. Ubuntu fontTools update security. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Dec 09, 2025 Important Ubuntu
Banner 1 1028x280 1708121660 1771599717
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorycriticalarbitrary access

Mageia 9: 2024-0060 Critical: FontTools XXE Injection Attack

As of fonttools> =4.28.2 the subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem . MGASA-2024-0060 - Updated fonttools packages fix security vulnerabilities Publication date: 14 Mar 2024 URL: https://advisories.mageia.org/MGASA-2024-0060.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-45139 As of fonttools> =4.28.2 the subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem fontTools is running on or make web requests from the host system. References: - https://bugs.mageia.org/show_bug.cgi?id=32955 - https://www.openwall.com/lists/oss-security/2024/03/08/2 - https://github.com/fonttools/fonttools/security/advisories/GHSA-6673-4983-2vx5 - https://www.cve.org/CVERecord?id=CVE-2023-45139 SRPMS: - 9/core/fonttools-4.38.0-2.1.mga9 . Revised fonttools libraries in Mageia address security concerns linked to XXE vulnerability present in OT-SVG typefaces.. FontTools Security Update, Mageia Security Advisory, XXE Vulnerability. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 14, 2024 Critical Mageia
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorycritical issuefedora

Fedora 39: 2024-6d1d9f70d2 critical: fonttools XML Injection

Security fix for CVE-2023-45139. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-6d1d9f70d2 2024-01-25 00:38:48.210927 -------------------------------------------------------------------------------- Name : fonttools Product : Fedora 39 Version : 4.43.1 Release : 1.fc39 URL : https://github.com/fonttools/fonttools/ Summary : Tools to manipulate font files Description : fontTools is a library for manipulating fonts, written in Python. The project includes the TTX tool, that can convert TrueType and OpenType fonts to and from an XML text format, which is also called TTX. It supports TrueType, OpenType, AFM and to an extent Type 1 and some Mac-specific formats. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2023-45139 -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 8 2023 Parag Nemade - 4.43.1-1 - Update to 4.43.1 version (#2241574) * Tue Aug 22 2023 Parag Nemade - 4.42.1-1 - Update to 4.42.1 version (#2232931) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2257808 - CVE-2023-45139 fonttools: XML External Entity Injection (XXE) Vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=2257808 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-6d1d9f70d2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Keep updated on CVE-2023-45139 impacting fonttools in Fedora 39; ensure you upgrade for safeguarding against security risks.. Fonttools Security Fix, XXE Vulnerability Advisory, Fedora Software Patch. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 25, 2024 Critical Fedora
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here