Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
89
security advisoryfedoraupdateFedora 44 PIE 1.4.1 Important Update Released on 2026-7acc0ad1fc
Version 1.4.1 Update bundled Composer to 2.9.7 Version 1.4.0 New features! Prompt to install missing system dependencies. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-7acc0ad1fc 2026-04-25 01:21:36.173020+00:00 -------------------------------------------------------------------------------- Name : pie Product : Fedora 44 Version : 1.4.1 Release : 1.fc44 URL : https://github.com/php/pie Summary : PHP Installer for Extensions Description : PIE (PHP Installer for Extensions). PIE can install an extension to any installed PHP version. A list of extensions that support PIE can be found on https://packagist.org/extensions. Documentation: /usr/share/doc/pie/docs/usage.md -------------------------------------------------------------------------------- Update Information: Version 1.4.1 Update bundled Composer to 2.9.7 Version 1.4.0 New features! Prompt to install missing system dependencies Prompt to install build toolchain Support pre-packaged-binary for download-url-method Support INSTALL_ROOT environment variable to override destination For more information, see Upstream annoucenement -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2026 Remi Collet - 1.4.1-1 - update to 1.4.1 * Wed Apr 8 2026 Remi Collet - 1.4.0-1 - update to 1.4.0 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-7acc0ad1fc' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 25, 2026
•Critical
Fedora
89
security advisorycriticalFedoraFedora 40: FEDORA-2025-6f07616b52 critical rust-coreos-installer flaw
Update the openssl crate to version 0.10.70 and the openssl-sys crate to version 0.9.105. This includes a fix for RUSTSEC-2025-0004 / CVE-2025-0977 and rebuilds of all packages that statically link the openssl crate.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-6f07616b52 2025-02-13 02:00:53.381620+00:00 -------------------------------------------------------------------------------- Name : rust-coreos-installer Product : Fedora 40 Version : 0.23.0 Release : 2.fc40 URL : https://crates.io/crates/coreos-installer Summary : Installer for Fedora CoreOS and RHEL CoreOS Description : coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal machines (or, occasionally, to virtual machines). -------------------------------------------------------------------------------- Update Information: Update the openssl crate to version 0.10.70 and the openssl-sys crate to version 0.9.105. This includes a fix for RUSTSEC-2025-0004 / CVE-2025-0977 and rebuilds of all packages that statically link the openssl crate. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 6 2025 Fabio Valentini - 0.23.0-2 - Rebuild for openssl crate > = v0.10.70 (RUSTSEC-2025-0004) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2343478 - CVE-2025-0977 rust-openssl: ssl::select_next_proto use after free [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2343478 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6f07616b52' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPGkey. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 13, 2025
•Critical
Fedora
89
security advisoryupdateFedoraFedora 41: FEDORA-2025-f8be7978e3 critical: rust-coreos-installer update
Update the openssl crate to version 0.10.70 and the openssl-sys crate to version 0.9.105. This includes a fix for RUSTSEC-2025-0004 / CVE-2025-0977 and rebuilds of all packages that statically link the openssl crate.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-f8be7978e3 2025-02-08 02:15:29.328151+00:00 -------------------------------------------------------------------------------- Name : rust-coreos-installer Product : Fedora 41 Version : 0.23.0 Release : 2.fc41 URL : https://crates.io/crates/coreos-installer Summary : Installer for Fedora CoreOS and RHEL CoreOS Description : coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal machines (or, occasionally, to virtual machines). -------------------------------------------------------------------------------- Update Information: Update the openssl crate to version 0.10.70 and the openssl-sys crate to version 0.9.105. This includes a fix for RUSTSEC-2025-0004 / CVE-2025-0977 and rebuilds of all packages that statically link the openssl crate. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 6 2025 Fabio Valentini - 0.23.0-2 - Rebuild for openssl crate > = v0.10.70 (RUSTSEC-2025-0004) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2343479 - CVE-2025-0977 rust-openssl: ssl::select_next_proto use after free [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2343479 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-f8be7978e3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPGkey. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 08, 2025
•Critical
Fedora
89
security advisorydenial of serviceupdateFedora 39: FEDORA-2024-40ee18b2e7 Critical: Rust CoreOS Installer DoS Issue
This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-40ee18b2e7 2024-06-02 03:36:56.060441 -------------------------------------------------------------------------------- Name : rust-coreos-installer Product : Fedora 39 Version : 0.21.0 Release : 3.fc39 URL : Summary : Installer for Fedora CoreOS and RHEL CoreOS Description : coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal machines (or, occasionally, to virtual machines). -------------------------------------------------------------------------------- Update Information: This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority security and / or safety fixes in crate dependencies that had not yet been handled via a separate (targeted) rebuild: h2 v0.3.26+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0332.html glib v0.19.4+ and backports (UB): core/pull/1343 hashbrown v0.14.5+ (UB): https://github.com/rust-lang/hashbrown/pull/511 rustls v0.22.4+, v0.21.11+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0336.html -------------------------------------------------------------------------------- ChangeLog: * Thu May 23 2024 Fabio Valentini - 0.21.0-3 - Rebuild with Rust 1.78 to fix incomplete debuginfo and backtraces. * Sat Mar 30 2024 Fabio Valentini -0.21.0-2 - Relax too-strict dependencies to fix building with clap v4.5 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-40ee18b2e7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 02, 2024
•Critical
Fedora
100
security advisoryimportantSUSESUSE: 2023:4631-1 Critical: python-Pillow resource issue
* bsc#1216894 Cross-References: * CVE-2023-44271 . # Security update for python-Pillow Announcement ID: SUSE-SU-2023:4631-1 Rating: important References: * bsc#1216894 Cross-References: * CVE-2023-44271 CVSS scores: * CVE-2023-44271 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44271 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud Crowbar 8 An update that solves one vulnerability can now be installed. ## Description: This update for python-Pillow fixes the following issues: * CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (bsc#1216894). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-4631=1 * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-4631=1 * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-4631=1 ## Package List: * SUSE OpenStack Cloud Crowbar 8 (x86_64) * python-Pillow-debuginfo-4.2.1-3.23.2 * python-Pillow-4.2.1-3.23.2 * python-Pillow-debugsource-4.2.1-3.23.2 * HPE Helion OpenStack 8 (x86_64) * python-Pillow-debuginfo-4.2.1-3.23.2 * python-Pillow-4.2.1-3.23.2 * python-Pillow-debugsource-4.2.1-3.23.2 * SUSE OpenStack Cloud 8 (x86_64) * python-Pillow-debuginfo-4.2.1-3.23.2 * python-Pillow-4.2.1-3.23.2 * python-Pillow-debugsource-4.2.1-3.23.2 ## References: * https://www.suse.com/security/cve/CVE-2023-44271.html * https://bugzilla.suse.com/show_bug.cgi?id=1216894 . Critical fix forpython-Pillow addresses a significant resource dispute affecting various OpenSUSE iterations.. Python-Pillow, resource management, SUSE update methods, security advice. . Severity: Important. LinuxSecurity.com Team
Dec 01, 2023
•Important
SuSE
89
security advisorycriticalFedoraFedora 37: 2023-37ae269843 Critical CoreOS Installer Security Fixes
Recent updates for the `tokio`, `h2`, and `openssl` crates addressed some (potential or confirmed) security or soundness issues: - `tokio`: [RUSTSEC-2023-0005](https://rustsec.org/advisories/RUSTSEC-2023-0005.html) - `h2`: [RUSTSEC-2023-0034](https://rustsec.org/advisories/RUSTSEC-2023-0034.html) / [CVE-2023-26964](https://nvd.nist.gov/vuln/detail/CVE-2023-26964) - `openssl`:. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-37ae269843 2023-05-18 00:49:56.087782 --------------------------------------------------------------------------------Name : rust-coreos-installer Product : Fedora 37 Version : 0.17.0 Release : 2.fc37 URL : Summary : Installer for Fedora CoreOS and RHEL CoreOS Description : coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal machines (or, occasionally, to virtual machines). --------------------------------------------------------------------------------Update Information: Recent updates for the `tokio`, `h2`, and `openssl` crates addressed some (potential or confirmed) security or soundness issues: - `tokio`: [RUSTSEC-2023-0005](https://rustsec.org/advisories/RUSTSEC-2023-0005.html) -`h2`: [RUSTSEC-2023-0034](https://rustsec.org/advisories/RUSTSEC-2023-0034.html) / [CVE-2023-26964](https://nvd.nist.gov/vuln/detail/CVE-2023-26964) - `openssl`: [RUSTSEC-2023-0022](https://rustsec.org/advisories/RUSTSEC-2023-0022.html), [RUSTSEC-2023-0023](https://rustsec.org/advisories/RUSTSEC-2023-0023.html), [RUSTSEC-2023-0024](https://rustsec.org/advisories/RUSTSEC-2023-0024.html) This update contains rebuilds of all affected applications against the latest versions of these crates, which have addressed all linked issues. --------------------------------------------------------------------------------ChangeLog: * Wed May 3 2023 Fabio Valentini - 0.17.0-2 - Rebuild for tokio, h2, and openssl crate securityupdates --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-37ae269843' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 18, 2023
•Critical
Fedora
89
security advisoryupdatecriticalFedora 33: 2021-449a2bdaf3 Critical: Rust-CoreOS Signature Issue
[New upstream release](https://github.com/coreos/coreos-installer/releases/tag/v0.10.1) fixing CVE-2021-20319.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-449a2bdaf3 2021-10-20 19:26:10.134714 --------------------------------------------------------------------------------Name : rust-coreos-installer Product : Fedora 33 Version : 0.10.1 Release : 2.fc33 URL : Summary : Installer for Fedora CoreOS and RHEL CoreOS Description : coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal machines (or, occasionally, to virtual machines). --------------------------------------------------------------------------------Update Information: [New upstream release](https://github.com/coreos/coreos-installer/releases/tag/v0.10.1) fixing CVE-2021-20319. --------------------------------------------------------------------------------ChangeLog: * Tue Oct 12 2021 Benjamin Gilbert - 0.10.1-2 - Rebuild for F33 bump * Mon Oct 11 2021 Benjamin Gilbert - 0.10.1-1 - New release * Tue Sep 14 2021 Sahana Prasad - 0.10.0-3 - Rebuilt with OpenSSL 3.0.0 * Tue Aug 17 2021 Dusty Mabe - 0.10.0-2 - Add F36 signing key * Wed Aug 4 2021 Jonathan Lebon - 0.10.0-1 - New release * Fri Jul 23 2021 Fedora Release Engineering - 0.9.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Tue Jul 13 2021 Jonathan Lebon - 0.9.1-2 - Backport "install: restrict access permissions on /boot/ignition{,/config.ign}" https://github.com/coreos/coreos-installer/pull/571 * Mon May 17 2021 Sohan Kunkerkar - 0.9.1-1 - New release --------------------------------------------------------------------------------References: [ 1 ] Bug #2011862 - CVE-2021-20319 coreos-installer: incorrect signature verification on gzip-compressed install images https://bugzilla.redhat.com/show_bug.cgi?id=2011862 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-449a2bdaf3' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 20, 2021
•Critical
Fedora
89
security advisoryupdatecriticalFedora: 2021-3d52eb54ca Critical: Rust-CoreOS-Installer Signature Issue
[New upstream release](https://github.com/coreos/coreos-installer/releases/tag/v0.10.1) fixing CVE-2021-20319.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-3d52eb54ca 2021-10-20 19:22:32.242141 --------------------------------------------------------------------------------Name : rust-coreos-installer Product : Fedora 34 Version : 0.10.1 Release : 1.fc34 URL : Summary : Installer for Fedora CoreOS and RHEL CoreOS Description : coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal machines (or, occasionally, to virtual machines). --------------------------------------------------------------------------------Update Information: [New upstream release](https://github.com/coreos/coreos-installer/releases/tag/v0.10.1) fixing CVE-2021-20319. --------------------------------------------------------------------------------ChangeLog: * Mon Oct 11 2021 Benjamin Gilbert - 0.10.1-1 - New release * Tue Sep 14 2021 Sahana Prasad - 0.10.0-3 - Rebuilt with OpenSSL 3.0.0 --------------------------------------------------------------------------------References: [ 1 ] Bug #2011862 - CVE-2021-20319 coreos-installer: incorrect signature verification on gzip-compressed install images https://bugzilla.redhat.com/show_bug.cgi?id=2011862 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-3d52eb54ca' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list
Oct 20, 2021
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!