Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisorydenial of servicefedoraFedora 44 Siril Security Advisory on CVE-2026-5318 and CVE-2026-5342
LibRaw 0.22.1 and rebuilds Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0 oiiotool: Better type understanding with -i:ch= and other cleanup #5056 texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal Lecocq) (3.1.12.0, 3.0.17.0). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-bef0050737 2026-04-13 21:06:00.498961+00:00 -------------------------------------------------------------------------------- Name : siril Product : Fedora 44 Version : 1.4.2 Release : 3.fc44 URL : https://siril.org Summary : Astronomical image processing software Description : Siril is an image processing tool specially tailored for noise reduction and improving the signal/noise ratio of an image from multiple captures, as required in astronomy. Siril can align automatically or manually, stack and enhance pictures from various file formats, even images sequences (movies and SER files) -------------------------------------------------------------------------------- Update Information: LibRaw 0.22.1 and rebuilds Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0 oiiotool: Better type understanding with -i:ch= and other cleanup #5056 texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal Lecocq) (3.1.12.0, 3.0.17.0) IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0) ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0) bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0, 3.0.17.0) heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64 #5095 (by Brecht Van Lommel) ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0, 3.0.17.0) jpeg: Improved safety and error reporting for jpeg and iptc #5081 jpeg2000: Suppress leak when reading with OpenJPH #5098 psd: Fixes against corrupt files with better validation #5089(3.1.12.0, 3.0.17.0) rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0) tiff: Support GPS fields, and other metadata enhancements #5050 tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of values passed to invert_photometric #5083, check for invalid bit depth in palette images #5091 ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0) fix: Fix UB-sanitizer warning about alignment #5097 fix: Catch exceptions in print-uncaught-messages destructor #5103 fix: Enhanced exception safety for our use of OpenColorIO #5114 fix: Fix possible fmt exceptions where we might have passed null string #5115 build: Test building with clang 22.1, fix warnings uncovered #5067 build: Improve security by pinning auto-build dependencies by hash #5076 build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0) build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058 build(win): Embed manifest in OIIO executables to enable long path handling #5066 (by Nathan Rusch) ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0) ci: For security, replace workflow substitutions with safer env substitutions #5070 ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077 ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0, 3.0.17.0) ci: Bump GitHub Actions to latest versions #5078 #5110 #5119 ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100 #5101 (3.1.12.0, 3.0.17.0) ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0) ci: Turn off nightly workflows for user forks #5042 tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075 #5079 #5099 #5112 docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza) docs: Fix formatting examples for version macros #5073 docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0) docs: Fix typos and incorrect attribute name in acomment #5093 (3.1.12.0, 3.0.17.0) docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0) admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0) ci: Freetype adjustments #4999 Update to 5.1 (#2451401) Update to 5.0 (#2447841) -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 8 2026 Gwyn Ciesla - 1.4.2-3 - Libraw rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2447841 - swayimg-.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2447841 [ 2 ] Bug #2451401 - swayimg-5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451401 [ 3 ] Bug #2454235 - CVE-2026-5318 LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454235 [ 4 ] Bug #2454464 - CVE-2026-5342 LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454464 [ 5 ] Bug #2455346 - LibRaw-0.22.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2455346 [ 6 ] Bug #2456557 - CVE-2026-20884 LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456557 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-bef0050737' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 13, 2026
•Important
Fedora
89
security advisoryfedoraDoSFedora 42 node-exporter 1.10.2 Critical Update Fix DoS Issues
Update to 1.10.2 Update was blocked by a ppc64 issue, but a workaround has been found.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-126cd91d11 2026-02-09 01:11:14.394467+00:00 -------------------------------------------------------------------------------- Name : node-exporter Product : Fedora 42 Version : 1.10.2 Release : 3.fc42 URL : https://github.com/prometheus/node_exporter Summary : Exporter for machine metrics Description : Prometheus exporter for hardware and OS metrics exposed by *NIX kernels, written in Go with pluggable metric collectors. -------------------------------------------------------------------------------- Update Information: Update to 1.10.2 Update was blocked by a ppc64 issue, but a workaround has been found. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 30 2026 Alejandro Sez - 1.10.2-3 - Fix race condition * Fri Jan 16 2026 Fedora Release Engineering - 1.10.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Thu Dec 4 2025 Mikel Olasagasti Uranga - 1.10.2-1 - Update to 1.10.2 - Closes rhbz#2406209 rhbz#2408331 rhbz#2409804 rhbz#2410754 rhbz#2411650 * Fri Oct 10 2025 Alejandro Sez - 1.9.1-4 - rebuild * Fri Aug 15 2025 Maxwell G - 1.9.1-3 - Rebuild for golang-1.25.0 * Thu Jul 24 2025 Fedora Release Engineering - 1.9.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2398866 - CVE-2025-47910 node-exporter: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398866 [ 2 ] Bug #2399538 - CVE-2025-47906 node-exporter: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399538 [ 3 ] Bug #2408076 - CVE-2025-58189 node-exporter: go crypto/tls ALPNnegotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408076 [ 4 ] Bug #2409546 - CVE-2025-61723 node-exporter: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409546 [ 5 ] Bug #2410497 - CVE-2025-58185 node-exporter: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2410497 [ 6 ] Bug #2411395 - CVE-2025-58188 node-exporter: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411395 [ 7 ] Bug #2424021 - [Minor Incident] CVE-2025-52881 node-exporter: container escape and denial of service due to arbitrary write gadgets and procfs write redirects [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2424021 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-126cd91d11' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update details for Fedora's node-exporter 1.10.2, including bug fixes and workaround for ppc64 issue.. node-exporter security update Fedora 42. . Severity: Important. LinuxSecurity.com Team
Feb 09, 2026
•Important
Fedora
89
security advisorydata protectionFedoraFedora 24 Security Advisory: Globus GASS Cache Program Update
globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-5f8ebbd2b1 2017-07-03 18:56:27.414469 --------------------------------------------------------------------------------Name : globus-gass-cache-program Product : Fedora 24 Version : 6.7 Release : 1.fc24 URL : http://toolkit.globus.org/ Summary : Globus Toolkit - Tools to manipulate local and remote GASS caches Description : The Globus Toolkit is an open source software toolkit used for building Grid systems and applications. It is being developed by the Globus Alliance and many others all over the world. A growing number of projects and companies are using the Globus Toolkit to unlock the potential of grids for their cause. The globus-gass-cache-program package contains: Tools to manipulate local and remote GASS caches --------------------------------------------------------------------------------Update Information: globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public handle (9.26) * Prevent some race conditions (9.27) globus-gram-job-manager * Default to running personal gatekeeper on an ephemeral port globus-gridftp-server * New error message format (12.0) * Configuration database (12.0) * Better delay for end ofsession ref check (12.1) * Fix tests when getgroups() does not return effective gid (12.2) globus-gssapi-gsi * Don't unlock unlocked mutex (12.14) * Remove legacy SSLv3 support (12.15) * Test fixes (12.16) * Drop patch globus-gssapi-gsi-mutex-unlock.patch (fixed upstream 12.14) globus-io * Remove legacy SSLv3 support globus-net-manager * Fix .pc typo * Drop patch globus-net-manager-pkgconfig.patch (fixed upstream) globus-xio * Don't rely on globus_error_put(NULL) to be GLOBUS_SUCCESS (5.15) * Fix crash in error handling in http driver (5.16) globus-xio-gsi-driver * Fix crash when checking for anonymous GSS name when name comparison fails globus-xio-pipe-driver * Fix .pc typo globus-xio-udt-driver * Don't force --static flag to pkg-config * Drop some BuildRequires no longer needed with above change * Fix undefined symbols during linking myproxy * Fix error check (6.1.26) * Remove legacy SSLv3 support (6.1.27) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade globus-gass-cache-program' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jul 04, 2017
•Important
Fedora
89
security advisoryupdatecriticalFedora 23 OpenVPN Update FEDORA-2016-e91ca003d4 Critical Improvement
. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-e91ca003d4 2016-01-05 18:28:21.528684 -------------------------------------------------------------------------------- Name : openvpn Product : Fedora 23 Version : 2.3.10 Release : 1.fc23 URL : https://openvpn.net/ Summary : A full-featured SSL VPN solution Description : OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library for compression. -------------------------------------------------------------------------------- Update Information: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update openvpn' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Jan 05, 2016
•Critical
Fedora
89
security advisorysoftware updateFedora Core 4Fedora Core 4: mtr Update 0.71-0.FC4.1 Critical Network Tool Fix
Updated package.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2006-226 2006-03-27 ---------------------------------------------------------------------Product : Fedora Core 4 Name : mtr Version : 0.71 Release : 0.FC4.1 Summary : A network diagnostic tool. Description : Mtr is a network diagnostic tool that combines ping and traceroute into one program. Mtr provides two interfaces: an ncurses interface, useful for using Mtr from a telnet session; and a GTK+ interface for X (provided in the mtr-gtk package). ---------------------------------------------------------------------* Mon Mar 27 2006 Miroslav Lichvar - 2:0.71-0.FC4.1 - update to mtr-0.71 (fixes #162029, #165339) ---------------------------------------------------------------------This update can be downloaded from: b068a80943de18fe01fba49403c171b0a9bc7578 SRPMS/mtr-0.71-0.FC4.1.src.rpm 0b2484a42cad4a86fc990e8eb1ca0b5ba8baa07d ppc/mtr-0.71-0.FC4.1.ppc.rpm b74ee64188f42502e4a2c4f6b315cfa4e4a5c44a ppc/mtr-gtk-0.71-0.FC4.1.ppc.rpm 068c211ce3eca9c415281798dc677bcc7255cb2d ppc/debug/mtr-debuginfo-0.71-0.FC4.1.ppc.rpm 34b15276d0d804c823c737a48047325b7503a74c x86_64/mtr-0.71-0.FC4.1.x86_64.rpm 46a57a129920f878f724f7a53ec11e1aae7cdfad x86_64/mtr-gtk-0.71-0.FC4.1.x86_64.rpm 89addcbcdc49de3f1f4087b278ece5fba02894c8 x86_64/debug/mtr-debuginfo-0.71-0.FC4.1.x86_64.rpm e72d434c12ca0f5b20b6451c9d27ca5019e62564 i386/mtr-0.71-0.FC4.1.i386.rpm d9d805adedc81079ca7a20543b3d670c463e3d7a i386/mtr-gtk-0.71-0.FC4.1.i386.rpm d068fa52419b5003b7c314019a5f9eee6a6e83a8 i386/debug/mtr-debuginfo-0.71-0.FC4.1.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . ----------------------------------------------------------------------- fedora-announce-list mailinglist
Mar 27, 2006
•Critical
Fedora
89
security advisoryupdateFedoraFedora: 2005-974 Important: Lvm2 Update Enhancements and Fixes
Updated packages.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-383 2005-05-23 ---------------------------------------------------------------------Product : Fedora Core 3 Name : dmraid Version : 1.0.0.rc8 Release : FC3_2 Summary : dmraid (Device-mapper RAID tool and library) Description : DMRAID supports RAID device discovery, RAID set activation and display of properties for ATARAID on Linux > = 2.4 using device-mapper. ---------------------------------------------------------------------* Fri May 20 2005 Heinz Mauelshagen 1.0.0.rc8-FC4_2 - specfile change to build static and dynamic binray into one package * Thu May 19 2005 Heinz Mauelshagen 1.0.0.rc8-FC4_1 - nv.c: fixed stripe size - sil.c: avoid incarnation_no in name creation, because the Windows driver changes it every time - added --ignorelocking option to avoid taking out locks in early boot where no read/write access to /var is given * Wed Mar 16 2005 Elliot Lee - rebuilt * Tue Mar 15 2005 Heinz Mauelshagen 1.0.0.rc6.1-4_FC4 - VIA metadata format handler - added RAID10 to lsi metadata format handler - "dmraid -rD": file device size into {devicename}_{formatname}.size - "dmraid -tay": pretty print multi-line tables ala "dmsetup table" - "dmraid -l": display supported RAID levels + manual update - _sil_read() used LOG_NOTICE rather than LOG_INFO in order to avoid messages about valid metadata areas being displayed during "dmraid -vay". - isw, sil filed metadata offset on "-r -D" in sectors rather than in bytes. - isw needed dev_sort() to sort RAID devices in sets correctly. - pdc metadata format handler name creation. Lead to wrong RAID set grouping logic in some configurations. - pdc RAID1 size calculation fixed (rc6.1) - dos.c: partition table code fixes by Paul Moore - _free_dev_pointers(): fixed potential OOB error - hpt37x_check: deal with raid_disks = 1 in mirror sets - pdc_check: status & 0x80doesn't always show a failed device; removed that check for now. Status definitions needed. - sil addition of RAID sets to global list of sets - sil spare device memory leak - group_set(): removal of RAID set in case of error - hpt37x: handle total_secs > device size - allow -p with -f - enhanced error message by checking target type against list of registered target types * Fri Jan 21 2005 Alasdair Kergon 1.0.0.rc5f-2 - Rebuild to pick up new libdevmapper. ---------------------------------------------------------------------This update can be downloaded from: b34a910ff039dab28774115aaa5b57d0 SRPMS/dmraid-1.0.0.rc8-FC3_2.src.rpm 226e14ef402e82606a21ddde2ea31caf x86_64/dmraid-1.0.0.rc8-FC3_2.i386.rpm 226e14ef402e82606a21ddde2ea31caf i386/dmraid-1.0.0.rc8-FC3_2.i386.rpm a7644c419121f1fd46b3dff6e0134e61 i386/debug/dmraid-debuginfo-1.0.0.rc8-FC3_2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
May 23, 2005
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!