Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
203
security advisorybuffer overflowimportantMageia 9 ntfs-3g Important Heap Overflow Fix MGASA-2026-0118
MGASA-2026-0118 - Updated ntfs-3g packages fix security vulnerability. MGASA-2026-0118 - Updated ntfs-3g packages fix security vulnerability Publication date: 07 May 2026 URL: https://advisories.mageia.org/MGASA-2026-0118.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-40706 Description: In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path (stat, readdir, open) when processing a security descriptor with multiple ACCESS_DENIED ACEs containing WRITE_OWNER from distinct group SIDs. (CVE-2026-40706) References: - https://bugs.mageia.org/show_bug.cgi?id=35412 - https://www.openwall.com/lists/oss-security/2026/04/21/4 - https://lists.debian.org/debian-security-announce/2026/msg00131.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40706 SRPMS: - 9/core/ntfs-3g-2022.10.3-1.2.mga9 . Updated ntfs-3g packages in Mageia fix a critical heap memory overflow. Refer to MGASA-2026-0118 for details.. Mageia ntfs-3g security update, buffer overflow fix, heap memory protection. . Severity: Important. LinuxSecurity.com Team
May 07, 2026 •Important Mageia 100
security advisorydenial of serviceMozilla FirefoxSUSE: 2015:0446-1 Important: Mozilla Firefox Denial of Service Risk
An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available. It includes one version update. It includes one version update.. SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0446-1 Rating: important References: #916196 #917100 #917300 #917597 Cross-References: CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. It includes one version update. Description: MozillaFirefox has been updated to version 31.5.0 ESR to fix five security issues. These security issues have been fixed: * CVE-2015-0836: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.5 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bnc#917597). * CVE-2015-0827: Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 31.5 allowed remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic (bnc#917597). * CVE-2015-0835: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allowed remote attackers to cause a denial of service (memory corruption and application crash) orpossibly execute arbitrary code via unknown vectors (bnc#917597). * CVE-2015-0831: Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 31.5 allowed remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation (bnc#917597). * CVE-2015-0822: The Form Autocompletion feature in Mozilla Firefox before 31.5 allowed remote attackers to read arbitrary files via crafted JavaScript code (bnc#917597). These non-security issues have been fixed: * Reverted desktop file name back to MozillaFirefox.desktop (bnc#916196, bnc#917100) * Obsolete subpackages of firefox-gcc47 from SLE11-SP1/2, that caused problems when upgrading to SLE11-SP3 (bnc#917300) Security Issues: * CVE-2015-0822 * CVE-2015-0827 * CVE-2015-0831 * CVE-2015-0836 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-MozillaFirefox=10373 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-MozillaFirefox=10373 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-MozillaFirefox=10373 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-MozillaFirefox=10373 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-31.5.0esr-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 31.5.0esr]: MozillaFirefox-31.5.0esr-0.7.1 MozillaFirefox-translations-31.5.0esr-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 31.5.0esr]: MozillaFirefox-31.5.0esr-0.7.1 MozillaFirefox-translations-31.5.0esr-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 31.5.0esr]: MozillaFirefox-31.5.0esr-0.7.1 MozillaFirefox-translations-31.5.0esr-0.7.1 References: https://www.suse.com/security/cve/CVE-2015-0822.html https://www.suse.com/security/cve/CVE-2015-0827.html https://www.suse.com/security/cve/CVE-2015-0831.html https://www.suse.com/security/cve/CVE-2015-0836.html https://bugzilla.suse.com/show_bug.cgi?id=916196 https://bugzilla.suse.com/show_bug.cgi?id=917100 https://bugzilla.suse.com/show_bug.cgi?id=917300 https://bugzilla.suse.com/show_bug.cgi?id=917597 https://scc.suse.com:443/patches/ . SUSE issues important security updates for Mozilla Firefox to resolve multiple issues and enhance stability.. SUSE Security Update, Mozilla Firefox, application patch, software vulnerabilities, system integrity. . Severity: Important. LinuxSecurity.com Team
Mar 07, 2015 •Important SuSE 
172
security advisoryinformation leakDoSUbuntu 10.04 LTS USN-1976-1 Critical HID and DoS Issues
Several security issues were fixed in the kernel.. =========================================================================Ubuntu Security Notice USN-1976-1 September 30, 2013 linux vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.04 LTS Summary: Several security issues were fixed in the kernel. Software Description: - linux: Linux kernel Details: An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. (CVE-2013-0343) Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. (CVE-2013-2888) Kees Cook discovered a flaw in the Human Interface Device (HID) subsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically proximate attacker could cause a denial of service (heap out-of-bounds write) via a specially crafted device. (CVE-2013-2892) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: linux-image-2.6.32-52-386 2.6.32-52.114 linux-image-2.6.32-52-generic 2.6.32-52.114 linux-image-2.6.32-52-generic-pae 2.6.32-52.114 linux-image-2.6.32-52-ia64 2.6.32-52.114 linux-image-2.6.32-52-lpia 2.6.32-52.114 linux-image-2.6.32-52-powerpc 2.6.32-52.114 linux-image-2.6.32-52-powerpc-smp 2.6.32-52.114 linux-image-2.6.32-52-powerpc64-smp 2.6.32-52.114 linux-image-2.6.32-52-preempt 2.6.32-52.114 linux-image-2.6.32-52-server 2.6.32-52.114 linux-image-2.6.32-52-sparc64 2.6.32-52.114 linux-image-2.6.32-52-sparc64-smp 2.6.32-52.114 linux-image-2.6.32-52-versatile 2.6.32-52.114 linux-image-2.6.32-52-virtual 2.6.32-52.114 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-1976-1 CVE-2013-0343, CVE-2013-2888, CVE-2013-2892 Package Information: https://launchpad.net/ubuntu/+source/linux/2.6.32-52.114 . Several crucial vulnerabilities in the core kernel were resolved through significant updates for Ubuntu LTS, enhancing overall system protection and stability.. Ubuntu Kernel Security,System Updates,DoS Protection. . Severity: Critical. LinuxSecurity.com Team
Sep 30, 2013 •Critical Ubuntu 98
security advisorybuffer overflowRed Hat Enterprise LinuxRed Hat Enterprise Linux 6 RHSA-2012:1068-01 Critical: OpenJPEG Heap Issue
Updated openjpeg packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: openjpeg security update Advisory ID: RHSA-2012:1068-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:1068.html Issue date: 2012-07-11 CVE Names: CVE-2009-5030 CVE-2012-3358 ==================================================================== 1. Summary: Updated openjpeg packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrarycode with the privileges of the user running the application. (CVE-2012-3358) OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG (such as image_to_j2k), would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5030) Users of OpenJPEG should upgrade to these updated packages, which contain patches to correct these issues. All running applications using OpenJPEG must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 812317 - CVE-2009-5030 openjpeg: Heap memory corruption leading to invalid free by processing certain Gray16 TIFF images 835767 - CVE-2012-3358 openjpeg: heap-based buffer overflow when processing JPEG2000 image files 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: i386: openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-libs-1.3-8.el6_3.i686.rpm x86_64: openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.x86_64.rpm openjpeg-libs-1.3-8.el6_3.i686.rpm openjpeg-libs-1.3-8.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: i386: openjpeg-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-devel-1.3-8.el6_3.i686.rpm x86_64: openjpeg-1.3-8.el6_3.x86_64.rpm openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.x86_64.rpm openjpeg-devel-1.3-8.el6_3.i686.rpm openjpeg-devel-1.3-8.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v.6): Source: x86_64: openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.x86_64.rpm openjpeg-libs-1.3-8.el6_3.i686.rpm openjpeg-libs-1.3-8.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: x86_64: openjpeg-1.3-8.el6_3.x86_64.rpm openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.x86_64.rpm openjpeg-devel-1.3-8.el6_3.i686.rpm openjpeg-devel-1.3-8.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-libs-1.3-8.el6_3.i686.rpm ppc64: openjpeg-debuginfo-1.3-8.el6_3.ppc.rpm openjpeg-debuginfo-1.3-8.el6_3.ppc64.rpm openjpeg-libs-1.3-8.el6_3.ppc.rpm openjpeg-libs-1.3-8.el6_3.ppc64.rpm s390x: openjpeg-debuginfo-1.3-8.el6_3.s390.rpm openjpeg-debuginfo-1.3-8.el6_3.s390x.rpm openjpeg-libs-1.3-8.el6_3.s390.rpm openjpeg-libs-1.3-8.el6_3.s390x.rpm x86_64: openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.x86_64.rpm openjpeg-libs-1.3-8.el6_3.i686.rpm openjpeg-libs-1.3-8.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: i386: openjpeg-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-devel-1.3-8.el6_3.i686.rpm ppc64: openjpeg-1.3-8.el6_3.ppc64.rpm openjpeg-debuginfo-1.3-8.el6_3.ppc.rpm openjpeg-debuginfo-1.3-8.el6_3.ppc64.rpm openjpeg-devel-1.3-8.el6_3.ppc.rpm openjpeg-devel-1.3-8.el6_3.ppc64.rpm s390x: openjpeg-1.3-8.el6_3.s390x.rpm openjpeg-debuginfo-1.3-8.el6_3.s390.rpm openjpeg-debuginfo-1.3-8.el6_3.s390x.rpm openjpeg-devel-1.3-8.el6_3.s390.rpm openjpeg-devel-1.3-8.el6_3.s390x.rpm x86_64: openjpeg-1.3-8.el6_3.x86_64.rpm openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.x86_64.rpm openjpeg-devel-1.3-8.el6_3.i686.rpm openjpeg-devel-1.3-8.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: i386: openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-libs-1.3-8.el6_3.i686.rpm x86_64: openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.x86_64.rpm openjpeg-libs-1.3-8.el6_3.i686.rpm openjpeg-libs-1.3-8.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: openjpeg-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-devel-1.3-8.el6_3.i686.rpm x86_64: openjpeg-1.3-8.el6_3.x86_64.rpm openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.x86_64.rpm openjpeg-devel-1.3-8.el6_3.i686.rpm openjpeg-devel-1.3-8.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2009-5030 https://access.redhat.com/security/cve/CVE-2012-3358 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. . Crucial security patch released for OpenJPEG on Red Hat Enterprise Linux 6. Addresses severe vulnerabilities impacting various software applications.. OpenJPEG Security Update, Red Hat Enterprise Linux, Image Processing Patch. . Severity: Important. LinuxSecurity.com Team
Jul 11, 2012 •Important Red Hat 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!