Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":100,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 3 articles for you...
217

Oracle Linux 9 ELSA-2026-20612 GnuTLS Important Heap Overwrite

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-20612 http://linux.oracle.com/errata/ELSA-2026-20612.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: gnutls-3.8.10-4.el9_8.i686.rpm gnutls-3.8.10-4.el9_8.x86_64.rpm gnutls-c++-3.8.10-4.el9_8.i686.rpm gnutls-c++-3.8.10-4.el9_8.x86_64.rpm gnutls-dane-3.8.10-4.el9_8.i686.rpm gnutls-dane-3.8.10-4.el9_8.x86_64.rpm gnutls-devel-3.8.10-4.el9_8.i686.rpm gnutls-devel-3.8.10-4.el9_8.x86_64.rpm gnutls-utils-3.8.10-4.el9_8.x86_64.rpm aarch64: gnutls-3.8.10-4.el9_8.aarch64.rpm gnutls-c++-3.8.10-4.el9_8.aarch64.rpm gnutls-dane-3.8.10-4.el9_8.aarch64.rpm gnutls-devel-3.8.10-4.el9_8.aarch64.rpm gnutls-utils-3.8.10-4.el9_8.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/gnutls-3.8.10-4.el9_8.src.rpm Related CVEs: CVE-2026-3832 CVE-2026-3833 CVE-2026-5260 CVE-2026-5419 CVE-2026-33845 CVE-2026-33846 CVE-2026-42009 CVE-2026-42010 CVE-2026-42011 CVE-2026-42012 CVE-2026-42013 CVE-2026-42014 CVE-2026-42015 Description of changes: [3.8.10-4] - Fix CVE-2026-33846 (DTLS fragment reassembly, High, heap overwrite) - Fix CVE-2026-42009 (DTLS fragment reassembly, High, undefined behaviour) - Fix CVE-2026-33845 (DTLS fragment reassembly, High, heap overread) - Fix CVE-2026-42010 (PSK authentication, High, authentication bypass) - Fix CVE-2026-3833 (Name constraints, Medium, name constraint bypass) - Fix CVE-2026-42011 (Name constraints, Medium, name constraint bypass) - Fix CVE-2026-42012 (CN fallback, Medium, certificate misuse) - Fix CVE-2026-42013 (CN fallback, Medium, certificate misuse) - Fix CVE-2026-42014 (PKCS#11 PIN change, Medium, use-after-free) - Fix CVE-2026-5260 (PKCS#11 RSA, Medium, heap overread) - Fix CVE-2026-42015 (PKCS#12 appending, Low, heap overwrite) - Fix CVE-2026-3832 (OCSP, Low, revocation bypass) - Fix CVE-2026-5419 (PKCS#7, Low, timing side-channel) - Fix upstream security issue #1808(PSK rehandshake) - Fix upstream security issue #1810 (EKU OID prefix match) - Fix upstream security issue #1813 (pkcs11-provider persistent keys) - Fix upstream security issue #1818 (RSA correctness, OpenSSL format import) - Fix upstream security issue #1819 (PKCS#11 trust removal error path) - Fix upstream security issue #1822 (SCT extension parser OOB read) - Fix upstream security issue #1841 (key zeroization in hybrid kex) - Fix upstream security issue #1823 (malformed certtool template) - Fix upstream security issue #1817 (session parameter loading robustness) - Fix upstream security issue #1820 (PKCS#11 KDF succeeding w/o deriving) - gnutls-3.8.10-CVE-2025-9820.patch: update Makefile.in _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Critical updates for Oracle Linux 9 addressing important vulnerabilities in gnutls, ensuring security improvements and bug fixes.. Oracle Linux 9 Updates, GnuTLS Security Fixes, Important Oracle Alerts. . LinuxSecurity.com Team

Calendar%202 Jun 26, 2026 Oracle
99

Slackware Dnsmasq Significant Heap Overwrite Patch SSA 2026-155-01

New dnsmasq packages are available for Slackware 15.0 and -current to fix a security issue.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] dnsmasq (SSA:2026-155-01) New dnsmasq packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/dnsmasq-2.93-i586-1_slack15.0.txz: Upgraded. Rework storage allocation for domain names. This fixes a security bug that can cause heap-overwrite with long domain names. For more information, see: https://www.cve.org/CVERecord?id=CVE-2026-2291 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/dnsmasq-2.93-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/dnsmasq-2.93-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/dnsmasq-2.93-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/dnsmasq-2.93-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 6c4c2e00903ef7369dcce7d17469ba72 dnsmasq-2.93-i586-1_slack15.0.txz Slackware x86_64 15.0 package: a467649db9898cf052548832221ea939 dnsmasq-2.93-x86_64-1_slack15.0.txz Slackware -current package: 2b95678be475195b96ffdf9b77eab789 n/dnsmasq-2.93-i686-1.txz Slackware x86_64 -current package: 18adfd72ea72c5583f6df4f3a26e9d87 n/dnsmasq-2.93-x86_64-1.txz Installationinstructions: +------------------------+ Upgrade the package as root: # upgradepkg dnsmasq-2.93-i586-1_slack15.0.txz If dnsmasq is running, restart it: # sh /etc/rc.d/rc.dnsmasq restart +-----+ . New dnsmasq packages released for Slackware 15.0 and -current address security issue of heap-overwrite.. dnsmasq packages, Slackware security update, heap-overwrite fix, buffer overflow, dnsmasq version 2.93. . LinuxSecurity.com Team

Calendar%202 Jun 04, 2026 Slackware
99

Slackware 15.0 gnutls Critical Security Issue CVE-2026-33846 2026-122-02

New gnutls packages are available for Slackware 15.0 and -current to fix a security issue.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gnutls (SSA:2026-122-02) New gnutls packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/gnutls-3.8.13-i586-1_slack15.0.txz: Upgraded. This update fixes a security issue: Add more checks to DTLS reassembly. Previously, gnutls didn't check that DTLS fragments claimed a consistent message_length value. Additionally, a crucial array size check was missing, enabling an attacker to cause a heap overwrite. Reject fragments with mismatching length and add a missing boundary check. Independently reported by Haruto Kimura (Stella), Oscar Reparaz and Zou Dikai. For more information, see: https://www.cve.org/CVERecord?id=CVE-2026-33846 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/gnutls-3.8.13-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/gnutls-3.8.13-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnutls-3.8.13-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnutls-3.8.13-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 3a3bb3af6749fde3e3f2cdff9d4d808d gnutls-3.8.13-i586-1_slack15.0.txz Slackware x86_64 15.0package: bcb120c7aa4d40316cf12bfb1ea71602 gnutls-3.8.13-x86_64-1_slack15.0.txz Slackware -current package: 738265af0134c0dc52948633a7c5582a n/gnutls-3.8.13-i686-1.txz Slackware x86_64 -current package: 2d8db9e17516c1fce34aa9eeaa539d88 n/gnutls-3.8.13-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg gnutls-3.8.13-i586-1_slack15.0.txz +-----+ . Critical gnutls security fix for Slackware 15.0 addresses a heap overwrite vulnerability ensuring safer updates.. Slackware Security, gnutls Upgrade, Security Fix. . LinuxSecurity.com Team

Calendar%202 May 02, 2026 Slackware
100

SUSE Linux Micro 6.0 Openssl-3 Critical Security Update 2026-20349-1

An update that solves eight vulnerabilities can now be installed.. # Security update for openssl-3 Announcement ID: SUSE-SU-2026:20349-1 Release Date: 2026-02-12T14:47:59Z Rating: critical References: * bsc#1256830 * bsc#1256834 * bsc#1256835 * bsc#1256836 * bsc#1256837 * bsc#1256838 * bsc#1256839 * bsc#1256840 Cross-References: * CVE-2025-15467 * CVE-2025-68160 * CVE-2025-69418 * CVE-2025-69419 * CVE-2025-69420 * CVE-2025-69421 * CVE-2026-22795 * CVE-2026-22796 CVSS scores: * CVE-2025-15467 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-15467 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-15467 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68160 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68160 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68160 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-69418 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-69418 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-69418 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-69419 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-69419 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-69419 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-69420 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-69420 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-69420 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-69421 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-69421 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-69421 ( NVD ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22795 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-22795 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22795 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-22796 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22796 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830). * CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). * CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). * CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). * CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). * CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). * CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). * CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-572=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libopenssl3-debuginfo-3.1.4-11.1 * openssl-3-debuginfo-3.1.4-11.1 * openssl-3-3.1.4-11.1 * libopenssl-3-devel-3.1.4-11.1 * libopenssl-3-fips-provider-debuginfo-3.1.4-11.1 *openssl-3-debugsource-3.1.4-11.1 * libopenssl3-3.1.4-11.1 * libopenssl-3-fips-provider-3.1.4-11.1 ## References: * https://www.suse.com/security/cve/CVE-2025-15467.html * https://www.suse.com/security/cve/CVE-2025-68160.html * https://www.suse.com/security/cve/CVE-2025-69418.html * https://www.suse.com/security/cve/CVE-2025-69419.html * https://www.suse.com/security/cve/CVE-2025-69420.html * https://www.suse.com/security/cve/CVE-2025-69421.html * https://www.suse.com/security/cve/CVE-2026-22795.html * https://www.suse.com/security/cve/CVE-2026-22796.html * https://bugzilla.suse.com/show_bug.cgi?id=1256830 * https://bugzilla.suse.com/show_bug.cgi?id=1256834 * https://bugzilla.suse.com/show_bug.cgi?id=1256835 * https://bugzilla.suse.com/show_bug.cgi?id=1256836 * https://bugzilla.suse.com/show_bug.cgi?id=1256837 * https://bugzilla.suse.com/show_bug.cgi?id=1256838 * https://bugzilla.suse.com/show_bug.cgi?id=1256839 * https://bugzilla.suse.com/show_bug.cgi?id=1256840 . Critical update for openssl-3 resolves eight high-severity issues affecting SUSE Linux Micro, enhancing security.. openssl security fix, SUSE Linux patch, critical update, vulnerability fix. . LinuxSecurity.com Team

Calendar%202 Feb 17, 2026 SuSE
89

Fedora 38: 2023-0984b63b23 critical: GStreamer heap overwrite

Update to 1.22.7, fixes CVE-2023-37327, CVE-2023-37328, CVE-2023-37329.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-0984b63b23 2023-12-25 03:36:41.790176 -------------------------------------------------------------------------------- Name : mingw-gstreamer1-plugins-base Product : Fedora 38 Version : 1.22.7 Release : 1.fc38 URL : https://gstreamer.freedesktop.org/ Summary : Cross compiled GStreamer1 media framework base plug-ins Description : GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plug-ins. This package contains a set of well-maintained base plug-ins. -------------------------------------------------------------------------------- Update Information: Update to 1.22.7, fixes CVE-2023-37327, CVE-2023-37328, CVE-2023-37329. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 15 2023 Sandro Mani - 1.22.7-1 - Update to 1.22.7 * Thu Sep 21 2023 Sandro Mani - 1.22.6-1 - Update to 1.22.6 * Sat Jul 29 2023 Sandro Mani - 1.22.5-1 - Update to 1.22.5 * Thu Jul 20 2023 Fedora Release Engineering - 1.22.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jul 4 2023 Sandro Mani - 1.22.4-1 - Update to 1.22.4 * Thu May 25 2023 Sandro Mani - 1.22.3-1 - Update to 1.22.3 * Sat Apr 15 2023 Sandro Mani - 1.22.2-1 - Update to 1.22.2 * Sun Mar 19 2023 Sandro Mani - 1.22.1-1 - Update to 1.22.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2254680 - CVE-2023-37327 mingw-gstreamer1-plugins-good:gstreamer-plugins-good: integer overflow leading to heap overwrite in FLAC image tag handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254680 [ 2 ] Bug #2254682 - CVE-2023-37328 mingw-gstreamer1-plugins-base: gstreamer-plugins-base: heap overwrite in subtitle parsing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254682 [ 3 ] Bug #2254684 - CVE-2023-37329 mingw-gstreamer1-plugins-bad-free: gstreamer-plugins-bad: heap overwrite in PGS subtitle overlay decoder [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254684 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-0984b63b23' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . The most recent Fedora 38 release for mingw-gstreamer1-plugins-base version 1.22.7 resolves significant heap corruption vulnerabilities related to subtitle handling.. GStreamer Plugins,Fedora Updates,Heap Overwrite Fixes,Cross Compiled Packages. . LinuxSecurity.com Team

Calendar%202 Dec 25, 2023 Fedora
89

Fedora 38: FEDORA-2023-0984b63b23 Critical: GStreamer Plugin Fix

Update to 1.22.7, fixes CVE-2023-37327, CVE-2023-37328, CVE-2023-37329.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-0984b63b23 2023-12-25 03:36:41.790176 -------------------------------------------------------------------------------- Name : mingw-gstreamer1-plugins-good Product : Fedora 38 Version : 1.22.7 Release : 1.fc38 URL : https://gstreamer.freedesktop.org/ Summary : Cross compiled GStreamer1 plug-ins good Description : GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plugins. GStreamer Good Plugins is a collection of well-supported plugins of good quality and under the LGPL license. -------------------------------------------------------------------------------- Update Information: Update to 1.22.7, fixes CVE-2023-37327, CVE-2023-37328, CVE-2023-37329. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 15 2023 Sandro Mani - 1.22.7-1 - Update to 1.22.7 * Thu Sep 21 2023 Sandro Mani - 1.22.6-1 - Update to 1.22.6 * Sat Jul 29 2023 Sandro Mani - 1.22.5-1 - Update to 1.22.5 * Thu Jul 20 2023 Fedora Release Engineering - 1.22.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jul 4 2023 Sandro Mani - 1.22.4-1 - Update to 1.22.4 * Thu May 25 2023 Sandro Mani - 1.22.3-1 - Update to 1.22.3 * Sat Apr 15 2023 Sandro Mani - 1.22.2-1 - Update to 1.22.2 * Sun Mar 19 2023 Sandro Mani - 1.22.1-1 - Update to 1.22.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2254680 - CVE-2023-37327mingw-gstreamer1-plugins-good: gstreamer-plugins-good: integer overflow leading to heap overwrite in FLAC image tag handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254680 [ 2 ] Bug #2254682 - CVE-2023-37328 mingw-gstreamer1-plugins-base: gstreamer-plugins-base: heap overwrite in subtitle parsing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254682 [ 3 ] Bug #2254684 - CVE-2023-37329 mingw-gstreamer1-plugins-bad-free: gstreamer-plugins-bad: heap overwrite in PGS subtitle overlay decoder [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254684 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-0984b63b23' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Crucial patches released for mingw-gstreamer components in Fedora 38 addressing memory corruption issues. Stay updated!. Mingw-gstreamer Plugins, Fedora Security Advisories, Heap Issues. . LinuxSecurity.com Team

Calendar%202 Dec 25, 2023 Fedora
89

Urgent: Memory Corruption Issue in Mingw-GStreamer2 for Fedora 38

Update to 1.22.7, fixes CVE-2023-37327, CVE-2023-37328, CVE-2023-37329.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-0984b63b23 2023-12-25 03:36:41.790176 -------------------------------------------------------------------------------- Name : mingw-gstreamer1 Product : Fedora 38 Version : 1.22.7 Release : 1.fc38 URL : https://gstreamer.freedesktop.org/ Summary : MinGW Windows Streaming-Media Framework Runtime Description : GStreamer is a streaming-media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plug-in-based architecture means that new data types or processing capabilities can be added by installing new plug-ins. -------------------------------------------------------------------------------- Update Information: Update to 1.22.7, fixes CVE-2023-37327, CVE-2023-37328, CVE-2023-37329. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 15 2023 Sandro Mani - 1.22.7-1 - Update to 1.22.7 * Thu Sep 21 2023 Sandro Mani - 1.22.6-1 - Update to 1.22.6 * Sat Jul 29 2023 Sandro Mani - 1.22.5-1 - Update to 1.22.5 * Thu Jul 20 2023 Fedora Release Engineering - 1.22.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jul 4 2023 Sandro Mani - 1.22.4-1 - Update to 1.22.4 * Thu May 25 2023 Sandro Mani - 1.22.3-1 - Update to 1.22.3 * Sat Apr 15 2023 Sandro Mani - 1.22.2-1 - Update to 1.22.2 * Sun Mar 19 2023 Sandro Mani - 1.22.1-1 - Update to 1.22.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2254680 - CVE-2023-37327 mingw-gstreamer1-plugins-good: gstreamer-plugins-good: integer overflow leading to heap overwrite in FLAC image tag handling[fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254680 [ 2 ] Bug #2254682 - CVE-2023-37328 mingw-gstreamer1-plugins-base: gstreamer-plugins-base: heap overwrite in subtitle parsing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254682 [ 3 ] Bug #2254684 - CVE-2023-37329 mingw-gstreamer1-plugins-bad-free: gstreamer-plugins-bad: heap overwrite in PGS subtitle overlay decoder [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254684 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-0984b63b23' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Fedora 38 updates mingw-gstreamer1 to release 1.22.7, tackling significant security flaws linked to associated CVEs.. Gstreamer Update,Fedora Advisory,Security Fixes,Threat Management,Software Update. . LinuxSecurity.com Team

Calendar%202 Dec 25, 2023 Fedora
89

Fedora 39: Security Advisory for Indent Heap Overwrites and Overreads

This release fixes a heap buffer overwrite in search_brace() (CVE-2023-40305) and a heap overread in lexi().. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-845edc1181 2023-09-15 18:36:13.239410 -------------------------------------------------------------------------------- Name : indent Product : Fedora 39 Version : 2.2.13 Release : 5.fc39 URL : Summary : A GNU program for formatting C code Description : Indent is a GNU program for beautifying C code, so that it is easier to read. Indent can also convert from one C writing style to a different one. Indent understands correct C syntax and tries to handle incorrect C syntax. Install the indent package if you are developing applications in C and you want a program to format your code. -------------------------------------------------------------------------------- Update Information: This release fixes a heap buffer overwrite in search_brace() (CVE-2023-40305) and a heap overread in lexi(). -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 16 2023 Petr Pisar - 2.2.13-5 - Fix a heap overread in search_brace/lexi - Fix CVE-2023-40305 (a heap buffer overwrite in search_brace) (bug #2231919) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2231854 - CVE-2023-40305 indent: heap-based buffer overflow in search_brace() in indent.c https://bugzilla.redhat.com/show_bug.cgi?id=2231854 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-845edc1181' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPGkeys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Fedora 39 patch addresses critical heap vulnerabilities, improving C code structuring. Successfully mitigate CVE-2023-40305.. indent fix,Fedora update,heap overflow,C programming,code formatting. . LinuxSecurity.com Team

Calendar%202 Sep 15, 2023 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":100,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Your message here