Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 12 articles for you...
89
security advisoryfedorabuffer overflowFedora 39: 2023-2840932fa8 Moderate Buffer Overflow in FreeImage
Update to latest svn revision.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-2840932fa8 2023-09-15 18:36:13.239197 -------------------------------------------------------------------------------- Name : freeimage Product : Fedora 39 Version : 3.19.0 Release : 0.19.svn1909.fc39 URL : https://freeimage.sourceforge.io/ Summary : Multi-format image decoder library Description : FreeImage is a library for developers who would like to support popular graphics image formats like PNG, BMP, JPEG, TIFF and others as needed by today's multimedia applications. -------------------------------------------------------------------------------- Update Information: Update to latest svn revision. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 28 2023 Sandro Mani - 3.19.0-0.19.svn1909 - Update to svn rev 1909 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2235358 - CVE-2020-22524 freeimage: buffer overflow in FreeImage_Load() in Plugin.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235358 [ 2 ] Bug #2235359 - CVE-2020-22524 mingw-freeimage: freeimage: buffer overflow in FreeImage_Load() in Plugin.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235359 [ 3 ] Bug #2235406 - CVE-2020-21426 mingw-freeimage: freeimage: buffer overflow in C_IStream::read() in PluginEXR.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235406 [ 4 ] Bug #2235407 - CVE-2020-21426 freeimage: buffer overflow in C_IStream::read() in PluginEXR.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235407 [ 5 ] Bug #2235412 - CVE-2020-21427 mingw-freeimage: freeimage: buffer overflow in LoadPixelDataRLE8() in PluginBMP.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235412 [ 6 ] Bug#2235414 - CVE-2020-21427 freeimage: buffer overflow in LoadPixelDataRLE8() in PluginBMP.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235414 [ 7 ] Bug #2235417 - CVE-2020-21428 freeimage: buffer overflow in LoadRGB() in PluginDDS.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235417 [ 8 ] Bug #2235418 - CVE-2020-21428 mingw-freeimage: freeimage: buffer overflow in LoadRGB() in PluginDDS.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235418 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-2840932fa8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Sep 15, 2023 •Important Fedora 89
security advisoryFedoralibtiffFedora 37 tkimg Advisory 2023-f5d075f7f2 Critical: Out-Of-Bounds Fix
Apply upstream libtiff fix for CVE-2022-4645. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-f5d075f7f2 2023-03-16 18:30:53.696085 --------------------------------------------------------------------------------Name : tkimg Product : Fedora 37 Version : 1.4.14 Release : 3.fc37 URL : https://sourceforge.net/projects/tkimg/ Summary : Image support library for Tk Description : This package contains a collection of image format handlers for the Tk photo image type, and a new image type, pixmaps. --------------------------------------------------------------------------------Update Information: Apply upstream libtiff fix for CVE-2022-4645 --------------------------------------------------------------------------------ChangeLog: * Tue Mar 7 2023 Tom Callaway - 1.4.14-3 - apply upstream libtiff fix for CVE-2022-4645 * Sat Jan 21 2023 Fedora Release Engineering - 1.4.14-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2176220 - CVE-2022-4645 libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c https://bugzilla.redhat.com/show_bug.cgi?id=2176220 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-f5d075f7f2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 16, 2023 •Critical Fedora 
89
security advisorymoderateupdateFedora 38: FEDORA-2023-6c1200da3d Moderate: tkimg LibTiff Fix
Apply upstream libtiff fix for CVE-2022-4645. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-6c1200da3d 2023-03-11 03:04:11.190461 --------------------------------------------------------------------------------Name : tkimg Product : Fedora 38 Version : 1.4.14 Release : 3.fc38 URL : https://sourceforge.net/projects/tkimg/ Summary : Image support library for Tk Description : This package contains a collection of image format handlers for the Tk photo image type, and a new image type, pixmaps. --------------------------------------------------------------------------------Update Information: Apply upstream libtiff fix for CVE-2022-4645 --------------------------------------------------------------------------------ChangeLog: * Tue Mar 7 2023 Tom Callaway - 1.4.14-3 - apply upstream libtiff fix for CVE-2022-4645 --------------------------------------------------------------------------------References: [ 1 ] Bug #2176220 - CVE-2022-4645 libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c https://bugzilla.redhat.com/show_bug.cgi?id=2176220 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-6c1200da3d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 11, 2023 Fedora 89
security advisorymoderatefedoraFedora 33 gdk-pixbuf2: FEDORA-2021-2e59756cbe Moderate DoS Fix
gdk-pixbuf2 2.42.2 release, fixing CVE-2021-20240 and CVE-2020-29385. This update also includes new gdk-pixbuf2-xlib package that was split out from gdk-pixbuf2 to its own source rpm. The gdk-pixbuf2-xlib and gdk-pixbuf2-xlib-devel binary package names are identical to what they were before the split.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-2e59756cbe 2021-02-23 00:24:50.566187 --------------------------------------------------------------------------------Name : gdk-pixbuf2 Product : Fedora 33 Version : 2.42.2 Release : 2.fc33 URL : Summary : An image loading library Description : gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. --------------------------------------------------------------------------------Update Information: gdk-pixbuf2 2.42.2 release, fixing CVE-2021-20240 and CVE-2020-29385. This update also includes new gdk-pixbuf2-xlib package that was split out from gdk-pixbuf2 to its own source rpm. The gdk-pixbuf2-xlib and gdk-pixbuf2-xlib-devel binary package names are identical to what they were before the split. --------------------------------------------------------------------------------ChangeLog: * Fri Feb 19 2021 Kalev Lember - 2.42.2-2 - Avoid using deprecated meson options - Fix gtk-doc directory ownership * Fri Feb 19 2021 Kalev Lember - 2.42.2-1 - Update to 2.42.2 - Split out gdk-pixbuf2-xlib to separate source package - Update upstream URLs * Tue Jan 26 2021 Fedora Release Engineering - 2.40.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1926787 - CVE-2021-20240 gdk-pixbuf: integer wraparound in the GIF loader of gdk-pixbuf via crafted input leads to segmentation fault https://bugzilla.redhat.com/show_bug.cgi?id=1926787 [ 2 ] Bug #1927237 - CVE-2020-29385 gdk-pixbuf: DoS in lzw.c https://bugzilla.redhat.com/show_bug.cgi?id=1927237 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-2e59756cbe' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Feb 22, 2021 Fedora 172
security advisorydenial of serviceupdateUbuntu 18.04 LTS: USN-4238-1 Addresses Critical SDL_Image Vulnerabilities
Several security issues were fixed in SDL_image.. =========================================================================Ubuntu Security Notice USN-4238-1 January 14, 2020 sdl-image1.2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in SDL_image. Software Description: - sdl-image1.2: Image loading library for Simple DirectMedia Layer 1.2 Details: It was discovered that SDL_image incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libsdl-image1.2 1.2.12-8ubuntu0.1 Ubuntu 16.04 LTS: libsdl-image1.2 1.2.12-5+deb9u1ubuntu0.16.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4238-1 CVE-2018-3977, CVE-2019-12216, CVE-2019-12217, CVE-2019-12218, CVE-2019-12219, CVE-2019-12220, CVE-2019-12221, CVE-2019-12222, CVE-2019-13616, CVE-2019-5051, CVE-2019-5052, CVE-2019-7635 Package Information: https://launchpad.net/ubuntu/+source/sdl-image1.2/1.2.12-8ubuntu0.1 https://launchpad.net/ubuntu/+source/sdl-image1.2/1.2.12-5+deb9u1ubuntu0.16.04.1 . Uncover the vulnerabilities addressed in SDL_image as detailed in Ubuntu USN-4238-1, bolstering the overall security and reliability of the system.. sdl_image vulnerabilities, ubuntu update, denial of service threat, security patch. . Severity: Critical. LinuxSecurity.com Team
Jan 14, 2020 •Critical Ubuntu 197
security advisorybuffer overflowdebianDebian LTS: DLA-1865-1 Critical: sdl-image1.2 Buffer Overflow Threat
The following issues have been found in sdl-image1.2, the 1.x version of the image file loading library. CVE-2018-3977 . Package : sdl-image1.2 Version : 1.2.12-5+deb9u2 CVE ID : CVE-2018-3977 CVE-2019-5051 CVE-2019-5052 CVE-2019-7635 CVE-2019-12216 CVE-2019-12217 CVE-2019-12218 CVE-2019-12219 CVE-2019-12220 CVE-2019-12221 CVE-2019-12222 The following issues have been found in sdl-image1.2, the 1.x version of the image file loading library. CVE-2018-3977 Heap buffer overflow in IMG_xcf.c. This vulnerability might be leveraged by remote attackers to cause remote code execution or denial of service via a crafted XCF file. CVE-2019-5051 Heap based buffer overflow in IMG_LoadPCX_RW, in IMG_pcx.c. This vulnerability might be leveraged by remote attackers to cause remote code execution or denial of service via a crafted PCX file. CVE-2019-5052 Integer overflow and subsequent buffer overflow in IMG_pcx.c. This vulnerability might be leveraged by remote attackers to cause remote code execution or denial of service via a crafted PCX file. CVE-2019-7635 Heap buffer overflow affecting Blit1to4, in IMG_bmp.c. This vulnerability might be leveraged by remote attackers to cause denial of service or any other unspecified impact via a crafted BMP file. CVE-2019-12216, CVE-2019-12217, CVE-2019-12218, CVE-2019-12219, CVE-2019-12220, CVE-2019-12221, CVE-2019-12222 Multiple out-of-bound read and write accesses affecting IMG_LoadPCX_RW, in IMG_pcx.c. These vulnerabilities might be leveraged by remote attackers to cause denial of service or any other unspecified impact via a crafted PCX file. For Debian 8 "Jessie", these problems have been fixed in version 1.2.12-5+deb9u2. We recommend that you upgrade your sdl-image1.2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at:https://wiki.debian.org/LTS . Address risks of remote code execution in sdl-image1.2. Implement patches to resolve heap overflow vulnerabilities.. sdl-image1.2, security update, buffer overflow, remote execution. . Severity: Critical. LinuxSecurity.com Team
Jul 27, 2019 •Critical Debian LTS 91
security advisorygentooremote executionGentoo: GLSA-201903-17 Normal: Multiple SDL2_Image Issues
Multiple vulnerabilities have been found in the image loading library for Simple DirectMedia Layer, the worst of which could result in the remote execution of arbitrary code. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: SDL2_Image: Multiple vulnerabilities Date: March 28, 2019 Bugs: #655226, #674132 ID: 201903-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in the image loading library for Simple DirectMedia Layer, the worst of which could result in the remote execution of arbitrary code. Background ========= SDL_image is an image file library that loads images as SDL surfaces, and supports various formats like BMP, GIF, JPEG, LBM, PCX, PNG, PNM, TGA, TIFF, XCF, XPM, and XV. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/sdl2-image < 2.0.4 > = 2.0.4 Description ========== Multiple vulnerabilities have been discovered in SDL2_Image. Please review the CVE identifiers referenced below for details. Impact ===== A remote attacker, by enticing a user to process a specially crafted image file, could execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround ========= There is no known workaround at this time. Resolution ========= All SDL2_Image users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/sdl2-image-2.0.4" References ========= [ 1 ] CVE-2017-12122 https://nvd.nist.gov/vuln/detail/CVE-2017-12122 [ 2 ] CVE-2017-14440 https://nvd.nist.gov/vuln/detail/CVE-2017-14440 [ 3 ] CVE-2017-14441 https://nvd.nist.gov/vuln/detail/CVE-2017-14441 [ 4 ] CVE-2017-14442 https://nvd.nist.gov/vuln/detail/CVE-2017-14442 [ 5 ] CVE-2017-14448 https://nvd.nist.gov/vuln/detail/CVE-2017-14448 [ 6 ] CVE-2017-14449 https://nvd.nist.gov/vuln/detail/CVE-2017-14449 [ 7 ] CVE-2017-14450 https://nvd.nist.gov/vuln/detail/CVE-2017-14450 [ 8 ] CVE-2018-3837 https://nvd.nist.gov/vuln/detail/CVE-2018-3837 [ 9 ] CVE-2018-3838 https://nvd.nist.gov/vuln/detail/CVE-2018-3838 [ 10 ] CVE-2018-3839 https://nvd.nist.gov/vuln/detail/CVE-2018-3839 [ 11 ] CVE-2018-3977 https://nvd.nist.gov/vuln/detail/CVE-2018-3977 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201903-17 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Mar 27, 2019 Gentoo 89
security advisoryupdatecriticalFedora 29: 2018-70c2222171 Critical: SDL2_image Code Execution Fix
Security fix for CVE-2018-3977. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-70c2222171 2018-11-15 03:13:27.032173 --------------------------------------------------------------------------------Name : SDL2_image Product : Fedora 29 Version : 2.0.4 Release : 1.fc29 URL : http://www.libsdl.org/projects/SDL_image/ Summary : Image loading library for SDL Description : Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This package contains a simple library for loading images of various formats (BMP, PPM, PCX, GIF, JPEG, PNG) as SDL surfaces. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2018-3977 --------------------------------------------------------------------------------ChangeLog: * Tue Nov 6 2018 Pete Walter - 2.0.4-1 - Update to 2.0.4 --------------------------------------------------------------------------------References: [ 1 ] Bug #1646575 - CVE-2018-3977 SDL2_image: code execution in the XCF image rendering functionality https://bugzilla.redhat.com/show_bug.cgi?id=1646575 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-70c2222171' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 15, 2018 •Critical Fedora 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!