Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
202
security advisoryremote accessimportantopenSUSE 1.6.15 Roundcube Moderate Security Update 2026-0144-1
An update that solves one vulnerability and has one errata is now available.. openSUSE Security Update: Security update for roundcubemail ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0144-1 Rating: important References: #1261157 #1261488 Cross-References: CVE-2026-35537 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for roundcubemail fixes the following issues: - update to 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability: SVG Animate FUNCIRI Attribute Bypass \u2014 Remote Image Loading via fill/filter/stroke, reported by class_nzm. This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating! + Fix regression where mail search would fail on non-ascii search criteria (#10121) + Fix regression where some data url images could get ignored/lost (#10128) + Fix SVG Animate FUNCIRI Attribute Bypass \u2014 Remote Image Loading via fill/filter/stroke (boo#1261157) - update to 1.6.14 This is a security update to the stable version 1.6 of Roundcube Webmail. + Fix Postgres connection using IPv6 address (#10104) + Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler (boo#1261488, CVE-2026-35537) + Security: Fix bug where a password could get changed without providing the old password + Security: Fix IMAP Injection + CSRF bypass in mail search + Security: Fix remote image blocking bypass viavarious SVG animate attributes + Security: Fix remote image blocking bypass via a crafted body background attribute + Security: Fix fixed position mitigation bypass via use of !important + Security: Fix XSS issue in a HTML attachment preview + Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2026-144=1 Package List: - openSUSE Backports SLE-15-SP6 (noarch): roundcubemail-1.6.15-bp156.2.15.1 References: https://www.suse.com/security/cve/CVE-2026-35537.html https://bugzilla.suse.com/1261157 https://bugzilla.suse.com/1261488 . openSUSE Roundcube Webmail update resolves security risks and bug fixes with emphasis on critical image loading issues.. openSUSE Roundcube Webmail security update, important data protection, remote risks resolution. . Severity: Important. LinuxSecurity.com Team
Apr 20, 2026
•Important
OpenSUSE
89
security advisoryfedoracriticalFedora 42: gdk-pixbuf2 Critical Memory Disclosure and Heap Overflow CVE Fix
This update fixes CVE-2025-7345 and CVE-2025-6199.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-f0bec53a1d 2025-08-03 01:14:05.386507+00:00 -------------------------------------------------------------------------------- Name : gdk-pixbuf2 Product : Fedora 42 Version : 2.42.12 Release : 12.fc42 URL : Summary : An image loading library Description : gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2025-7345 and CVE-2025-6199. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 31 2025 Marek Kasik - 2.42.12-12 - jpeg: Be more careful with chunked icc data * Thu Jul 31 2025 Marek Kasik - 2.42.12-11 - lzw: Fix reporting of bytes written in decoder -------------------------------------------------------------------------------- References: [ 1 ] Bug #2373147 - CVE-2025-6199 gdk-pixbuf: Uninitialized Memory Disclosure in GdkPixbuf GIF LZW Decoder https://bugzilla.redhat.com/show_bug.cgi?id=2373147 [ 2 ] Bug #2377063 - CVE-2025-7345 gdk\u2011pixbuf: Heap\u2011buffer\u2011overflow in gdk\u2011pixbuf https://bugzilla.redhat.com/show_bug.cgi?id=2377063 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-f0bec53a1d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- . To address the vulnerabilities CVE-2025-7345 and CVE-2025-6199 in gdk-pixbuf2 on Fedora 42, users must quickly update their systems for crucial security fixes. Fedora 42 gdk-pixbuf2 CVE fix security update. . Severity: Critical. LinuxSecurity.com Team
Aug 03, 2025
•Critical
Fedora
197
security advisorycriticaldebianDebian 11 DLA-4225-1 critical: gdk-pixbuf memory disclosure fixed
Memory disclosure has been fixed in the GIF LZW Decoder of the GdkPixbuf image loading library. For Debian 11 bullseye, this problem has been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4225-1
Jun 23, 2025
•Critical
Debian LTS
100
security advisorymoderatepatchSUSE Micro 6.0: 2025:20217-1 moderate: gdk-pixbuf boost
* bsc#1219276 * bsc#1223903 Cross-References: * CVE-2022-48622 . # Security update for gdk-pixbuf Announcement ID: SUSE-SU-2025:20217-1 Release Date: 2025-05-06T10:27:07Z Rating: moderate References: * bsc#1219276 * bsc#1223903 Cross-References: * CVE-2022-48622 CVSS scores: * CVE-2022-48622 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2022-48622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for gdk-pixbuf fixes the following issues: Update to version 2.42.12: * Fix a build failure, * Fix occasional build failures, * ani: Reject files with multiple INA or IART chunks, * ani: Reject files with multiple anih chunks (CVE-2022-48622 bsc#1219276), * ani: validate chunk size, * Updated translations. * Enable other image loaders (most notably needed seems xpm,xbm). (boo#1223903, glgo#GNOME/gdk-pixbuf!169). Update to version 2.42.11: * Disable fringe loaders by default. * Introspection fixes. * Updated translations. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-310=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-1.1 * gdk-pixbuf-query-loaders-debuginfo-2.42.12-1.1 * gdk-pixbuf-debugsource-2.42.12-1.1 * libgdk_pixbuf-2_0-0-2.42.12-1.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-1.1 * gdk-pixbuf-query-loaders-2.42.12-1.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48622.html * https://bugzilla.suse.com/show_bug.cgi?id=1219276 * https://bugzilla.suse.com/show_bug.cgi?id=1223903 . The latest update of gdk-pixbuf addresses significantvulnerabilities and enhances the image processing performance in SUSE Linux Micro.. gdk-pixbuf security update, SUSE Micro patch, moderate severity patch, image loader fix, Linux security advisory. . LinuxSecurity.com Team
Jun 04, 2025
SuSE
89
security advisoryFedorasecurity fixFedora 39: FEDORA-2024-04877592b7 Critical: Rust Linux Loader Security Fix
Update rust-vmm components and their consumers to address CVE-2023-50711. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-04877592b7 2024-02-10 01:24:59.648730 -------------------------------------------------------------------------------- Name : rust-linux-loader Product : Fedora 39 Version : 0.11.0 Release : 1.fc39 URL : Summary : Linux kernel image loading crate Description : A Linux kernel image loading crate. -------------------------------------------------------------------------------- Update Information: Update rust-vmm components and their consumers to address CVE-2023-50711 -------------------------------------------------------------------------------- ChangeLog: * Sun Jan 28 2024 David Michael - 0.11.0-1 - Update to version 0.11.0 (fedora#2259672) * Fri Jan 26 2024 Fedora Release Engineering - 0.10.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Tue Jan 9 2024 David Michael - 0.10.0-2 - Bump vm-memory to 0.14 for CVE-2023-50711 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-04877592b7' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 10, 2024
•Critical
Fedora
197
security advisorydenial of servicebuffer overflowDebian 8: DLA-1861-1 Moderate: libsdl2-image Buffer Overflow
The following issues have been found in libsdl2-image, the image file loading library. . Package : libsdl2-image Version : 2.0.0+dfsg-3+deb8u2 CVE ID : CVE-2018-3977 CVE-2019-5052 CVE-2019-7635 CVE-2019-12216 CVE-2019-12217 CVE-2019-12218 CVE-2019-12219 CVE-2019-12220 CVE-2019-12221 CVE-2019-12222 Debian Bug : 932754, 932755 The following issues have been found in libsdl2-image, the image file loading library. CVE-2018-3977 Heap buffer overflow in IMG_xcf.c. This vulnerability might be leveraged by remote attackers to cause remote code execution or denial of service via a crafted XCF file. CVE-2019-5052 Integer overflow and subsequent buffer overflow in IMG_pcx.c. This vulnerability might be leveraged by remote attackers to cause remote code execution or denial of service via a crafted PCX file. CVE-2019-7635 Heap buffer overflow affecting Blit1to4, in IMG_bmp.c. This vulnerability might be leveraged by remote attackers to cause denial of service or any other unspecified impact via a crafted BMP file. CVE-2019-12216, CVE-2019-12217, CVE-2019-12218, CVE-2019-12219, CVE-2019-12220, CVE-2019-12221, CVE-2019-12222 Multiple out-of-bound read and write accesses affecting IMG_LoadPCX_RW, in IMG_pcx.c. These vulnerabilities might be leveraged by remote attackers to cause denial of service or any other unspecified impact via a crafted PCX file. For Debian 8 "Jessie", these problems have been fixed in version 2.0.0+dfsg-3+deb8u2. We recommend that you upgrade your libsdl2-image packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Addressing multiple security issues in libsdl2-image with updates recommended. Protect against exploitation in Debian 8.. libsdl2-image, debian, buffer overflow, security update, remote code execution. . Severity: Important.LinuxSecurity.com Team
Jul 22, 2019
•Important
Debian LTS
87
security advisorycode executiondebianDebian: DSA-4177-1 Critical: Libsdl2-Image DoS and Code Execution
Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4177-1
Apr 20, 2018
•Critical
Debian
197
security advisorybuffer overflowdebianDebian Wheezy: DLA-1134-1 Critical Buffer Overflow in SDL-Image 1.2
It was discovered that there was a buffer overflow vulnerability in sdl-image1.2, an image loading library. A specially crafted .xcf file could cause a stack-based buffer overflow . Hash: SHA256 Package : sdl-image1.2 Version : 1.2.12-2+deb7u1 CVE ID : CVE-2017-2887 Debian Bug : #878267 It was discovered that there was a buffer overflow vulnerability in sdl-image1.2, an image loading library. A specially crafted .xcf file could cause a stack-based buffer overflow resulting in potential code execution. For Debian 7 "Wheezy", this issue has been fixed in sdl-image1.2 version 1.2.12-2+deb7u1. We recommend that you upgrade your sdl-image1.2 packages. Regards, - -- ,'`. : :' : Chris Lamb `. `'`
Oct 16, 2017
•Critical
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!