Explore top 10 tips to secure your open-source projects now. Read More
×
Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we ensure that it uses version 0.5.15 of the crossbeam-channel crate library. rust-hashlink 0.10.0 API incompatible change: upgrade hashbrown to 0.15 API incompatible change: we now wrap DefaultHashBuilder and DefaultHasher. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-04894ce9bd 2025-05-30 01:14:13.237137+00:00 -------------------------------------------------------------------------------- Name : rust-rusqlite Product : Fedora 42 Version : 0.31.0 Release : 6.fc42 URL : https://crates.io/crates/rusqlite Summary : Ergonomic wrapper for SQLite Description : Ergonomic wrapper for SQLite. -------------------------------------------------------------------------------- Update Information: Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we ensure that it uses version 0.5.15 of the crossbeam-channel crate library. rust-hashlink 0.10.0 API incompatible change: upgrade hashbrown to 0.15 API incompatible change: we now wrap DefaultHashBuilder and DefaultHasher from hashbrown so that in the future upgrading hashbrown is not an API incompatible change -------------------------------------------------------------------------------- ChangeLog: * Wed May 21 2025 Benjamin A. Beasley - 0.31.0-6 - Allow hashlink 0.10 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2331134 - rust-hashlink-0.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2331134 [ 2 ] Bug #2366571 - CVE-2025-4574 ruff: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366571 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2025-04894ce9bd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to LibRaw 0.21.4.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-caed275f11 2025-04-29 20:37:25.511077+00:00 -------------------------------------------------------------------------------- Name : mingw-LibRaw Product : Fedora 42 Version : 0.21.4 Release : 1.fc42 URL : http://www.libraw.org Summary : Library for reading RAW files obtained from digital photo cameras Description : MinGW Windows LibRaw library. -------------------------------------------------------------------------------- Update Information: Update to LibRaw 0.21.4. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 16 2025 Sandro Mani - 0.21.4-1 - Update to 0.21.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2361338 - CVE-2025-43963 mingw-LibRaw: out-of-buffer access [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2361338 [ 2 ] Bug #2361343 - CVE-2025-43963 mingw-LibRaw: out-of-buffer access [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2361343 [ 3 ] Bug #2361348 - CVE-2025-43963 mingw-LibRaw: out-of-buffer access [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2361348 [ 4 ] Bug #2361356 - CVE-2025-43964 mingw-LibRaw: Improper Validation of Specified Quantity in Input in LibRaw [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2361356 [ 5 ] Bug #2361361 - CVE-2025-43964 mingw-LibRaw: Improper Validation of Specified Quantity in Input in LibRaw [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2361361 [ 6 ] Bug #2361366 - CVE-2025-43964 mingw-LibRaw: Improper Validation of Specified Quantity in Input in LibRaw [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2361366 [ 7 ] Bug #2361374 - CVE-2025-43962 mingw-LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function[fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2361374 [ 8 ] Bug #2361379 - CVE-2025-43962 mingw-LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2361379 [ 9 ] Bug #2361384 - CVE-2025-43962 mingw-LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2361384 [ 10 ] Bug #2361401 - CVE-2025-43961 mingw-LibRaw: Out-of-Bounds Read in Fujifilm 0xf00c Tag Parser in LibRaw [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2361401 [ 11 ] Bug #2361406 - CVE-2025-43961 mingw-LibRaw: Out-of-Bounds Read in Fujifilm 0xf00c Tag Parser in LibRaw [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2361406 [ 12 ] Bug #2361411 - CVE-2025-43961 mingw-LibRaw: Out-of-Bounds Read in Fujifilm 0xf00c Tag Parser in LibRaw [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2361411 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-caed275f11' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
A security vulnerability has been discovered in simgear, a collection of libraries for constructing simulation and visualization applications such as FlightGear. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4034-1
DPDK could be made to crash if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-7178-1 December 19, 2024 dpdk vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: DPDK could be made to crash if it received specially crafted network traffic. Software Description: - dpdk: set of libraries for fast packet processing Details: It was discovered that DPDK incorrectly handled the Vhost library checksum offload feature. An malicious guest could possibly use this issue to cause the hypervisor's vSwitch to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 dpdk 23.11.2-0ubuntu1.1 Ubuntu 24.04 LTS dpdk 23.11-1ubuntu0.1 Ubuntu 22.04 LTS dpdk 21.11.6-0ubuntu0.22.04.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7178-1 CVE-2024-11614 Package Information: https://launchpad.net/ubuntu/+source/dpdk/23.11.2-0ubuntu1.1 https://launchpad.net/ubuntu/+source/dpdk/21.11.6-0ubuntu0.22.04.2 . Ubuntu Security Notice USN-7179-1 highlights vulnerabilities in OpenSSL due to specifically designed requests that could lead to service disruptions.. dpdk updates, Ubuntu security patches, network exploit details. . Severity: Critical. LinuxSecurity.com Team
Security fix for CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664 CVE-2023-45666 CVE-2023-45667 CVE-2023-45675 CVE-2023-43281 ---- A new parallel-installable stb_image_resize2 library is added (stb_image_resize2-devel). It should provide significantly better performance; the API is similar but not compatible. The original stb_image_resize library is. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-def2f95af4 2023-11-03 18:20:20.957605 -------------------------------------------------------------------------------- Name : usd Product : Fedora 39 Version : 23.08 Release : 2.fc39 URL : https://openusd.org/release/index.html Summary : 3D VFX pipeline interchange file format Description : Universal Scene Description (USD) is a time-sampled scene description for interchange between graphics applications. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664 CVE-2023-45666 CVE-2023-45667 CVE-2023-45675 CVE-2023-43281 ---- A new parallel-installable stb_image_resize2 library is added (stb_image_resize2-devel). It should provide significantly better performance; the API is similar but not compatible. The original stb_image_resize library is deprecated by the author, but will continue to be packaged as stb_image_resize- devel for the foreseeable future. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 25 2023 Benjamin A. Beasley - 23.08-2 - Ensure stb_image contains the latest CVE patches -------------------------------------------------------------------------------- References: [ 1 ] Bug #2246102 - CVE-2023-45661 stb: out of bounds read https://bugzilla.redhat.com/show_bug.cgi?id=2246102 [ 2 ] Bug #2246103 - CVE-2023-45662 stb: out of bounds read https://bugzilla.redhat.com/show_bug.cgi?id=2246103 [ 3 ] Bug #2246104 - CVE-2023-45663 stb: memory access violations https://bugzilla.redhat.com/show_bug.cgi?id=2246104 [ 4 ] Bug #2246105 - CVE-2023-45664 stb: memory access violations https://bugzilla.redhat.com/show_bug.cgi?id=2246105 [ 5 ] Bug #2246109 - CVE-2023-45666 stb: memory access violation https://bugzilla.redhat.com/show_bug.cgi?id=2246109 [ 6 ] Bug #2246110 - CVE-2023-45667 stb: memory access violation https://bugzilla.redhat.com/show_bug.cgi?id=2246110 [ 7 ] Bug #2246320 - CVE-2023-43281 stb: remote denial of service https://bugzilla.redhat.com/show_bug.cgi?id=2246320 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-def2f95af4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Upstream release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-5c7e48fd9c 2023-11-03 18:20:20.952150 -------------------------------------------------------------------------------- Name : libpano13 Product : Fedora 39 Version : 2.9.22 Release : 1.fc39 URL : Summary : Library for manipulating panoramic images Description : Helmut Dersch's Panorama Tools library. Provides very high quality manipulation, correction and stitching of panoramic photographs. -------------------------------------------------------------------------------- Update Information: Upstream release -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 11 2023 Bruno Postle - 2.9.22-1 - Upstream release -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-5c7e48fd9c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Update to latest svn revision.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-a8b26b910d 2023-09-06 01:18:36.084235 -------------------------------------------------------------------------------- Name : mingw-freeimage Product : Fedora 38 Version : 3.19.0 Release : 0.16.svn1909.fc38 URL : https://freeimage.sourceforge.io/ Summary : MinGW Windows freeimage library Description : MinGW Windows freeimage library. -------------------------------------------------------------------------------- Update Information: Update to latest svn revision. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 28 2023 Sandro Mani - 3.19.0-0.16.svn1889 - Update to r1909 * Thu Jul 20 2023 Fedora Release Engineering - 3.19.0-0.15.svn1889 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2235358 - CVE-2020-22524 freeimage: buffer overflow in FreeImage_Load() in Plugin.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235358 [ 2 ] Bug #2235359 - CVE-2020-22524 mingw-freeimage: freeimage: buffer overflow in FreeImage_Load() in Plugin.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235359 [ 3 ] Bug #2235406 - CVE-2020-21426 mingw-freeimage: freeimage: buffer overflow in C_IStream::read() in PluginEXR.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235406 [ 4 ] Bug #2235407 - CVE-2020-21426 freeimage: buffer overflow in C_IStream::read() in PluginEXR.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235407 [ 5 ] Bug #2235412 - CVE-2020-21427 mingw-freeimage: freeimage: buffer overflow in LoadPixelDataRLE8() in PluginBMP.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235412 [ 6 ] Bug #2235414 -CVE-2020-21427 freeimage: buffer overflow in LoadPixelDataRLE8() in PluginBMP.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235414 [ 7 ] Bug #2235417 - CVE-2020-21428 freeimage: buffer overflow in LoadRGB() in PluginDDS.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235417 [ 8 ] Bug #2235418 - CVE-2020-21428 mingw-freeimage: freeimage: buffer overflow in LoadRGB() in PluginDDS.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235418 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-a8b26b910d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
- Update the sequoia-openpgp crate to version 1.16.0. - Update the nettle crate to version 7.3.0. - Update the nettle-sys crate to version 2.2.0. - Update the buffered-reader crate to version 1.2.0. Version 1.16.0 of the sequoia-openpgp crate fixes some issues in parsing code, which could lead to attempted out-of- bounds accesses that result in crashes due to bounds checks which are included. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-1d0d71b6aa 2023-05-27 01:25:15.781100 --------------------------------------------------------------------------------Name : rust-nettle Product : Fedora 37 Version : 7.3.0 Release : 1.fc37 URL : Summary : Rust bindings for the Nettle cryptographic library Description : Rust bindings for the Nettle cryptographic library. --------------------------------------------------------------------------------Update Information: - Update the sequoia-openpgp crate to version 1.16.0. - Update the nettle crate to version 7.3.0. - Update the nettle-sys crate to version 2.2.0. - Update the buffered-reader crate to version 1.2.0. Version 1.16.0 of the sequoia-openpgp crate fixes some issues in parsing code, which could lead to attempted out-of-bounds accesses that result in crashes due to bounds checks which are included by default in Rust code. This update contains rebuilds of all applications that are based on sequoia-openpgp to address this issue. ---- Update to version 1.5.0. This release improves compatibility with the version of librnp that's bundled in recent versions of thunderbird. --------------------------------------------------------------------------------ChangeLog: * Wed May 17 2023 Fabio Valentini - 7.3.0-1 - Update to version 7.3.0; Fixes RHBZ#2207633 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2023-1d0d71b6aa' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.