Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 205 articles for you...
89

Fedora 44 LibTiff Critical Buffer Overflow DoS Vuln 2026-cfbf964c2e

updated to 4.7.2, fixes security issues. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-cfbf964c2e 2026-07-18 00:26:14.273082+00:00 -------------------------------------------------------------------------------- Name : libtiff Product : Fedora 44 Version : 4.7.2 Release : 1.fc44 URL : http://www.simplesystems.org/libtiff/ Summary : Library of functions for manipulating TIFF format image files Description : The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. -------------------------------------------------------------------------------- Update Information: updated to 4.7.2, fixes security issues -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 13 2026 Michal Hlavinka - 4.7.2-1 - updated to 4.7.2 (#2496751) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2450771 - CVE-2026-4775 libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2450771 [ 2 ] Bug #2494140 - CVE-2026-12912 libtiff: libtiff: Heap-based buffer overflow via crafted PixarLog-compressed TIFF image [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494140 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-cfbf964c2e' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fedora 44 updates libtiff to 4.7.2 addressing critical security issues related to code execution and DoS.. Fedora 44, libtiff, security update. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 17, 2026 Critical Fedora
217

Oracle Linux 10 ELSA-2026-19150 libtiff Important Signed Integer Overflow

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-19150 http://linux.oracle.com/errata/ELSA-2026-19150.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: libtiff-4.6.0-8.el10_2.1.x86_64.rpm libtiff-devel-4.6.0-8.el10_2.1.x86_64.rpm libtiff-tools-4.6.0-8.el10_2.1.x86_64.rpm aarch64: libtiff-4.6.0-8.el10_2.1.aarch64.rpm libtiff-devel-4.6.0-8.el10_2.1.aarch64.rpm libtiff-tools-4.6.0-8.el10_2.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/libtiff-4.6.0-8.el10_2.1.src.rpm Related CVEs: CVE-2026-4775 Description of changes: [4.6.0-8.1] - fix CVE-2026-4775: signed integer overflow in putcontig8bitYCbCr44tile (RHEL-159310) _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Updated rpms for Oracle Linux 10 include libtiff with important fixes to address a signed integer overflow.. Oracle Linux 10, libtiff, important advisory, security patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 17, 2026 Important Oracle
203

Mageia 10 libtiff Significant Denial of Service CVE-2026-36849

Security update. Publication date: 13 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0246.html Type: security Affected Mageia releases: 10 CVE: CVE-2026-36849 Description: The updated packages fix a security vulnerability: Denial of Service via large SamplesPerPixel tag. (CVE-2026-36849) References: - https://bugs.mageia.org/show_bug.cgi?id=35718 - https://www.openwall.com/lists/oss-security/2026/06/17/1 - https://gitlab.com/libtiff/libtiff/-/work_items/781 - https://www.cve.org/CVERecord?id=CVE-2026-36849 SRPMS: - 10/core/libtiff-4.7.2-1.mga10 . A security update in Mageia addresses the denial of service risk found in libtiff due to a large SamplesPerPixel tag.. Mageia Security Update, libtiff Denial of Service, CVE-2026-36849 Issue. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 Important Mageia
217

Oracle Linux 9 libtiff Important Buffer Overflow Fix ELSA-2026-19363

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-19363 http://linux.oracle.com/errata/ELSA-2026-19363.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: libtiff-4.4.0-18.el9_8.i686.rpm libtiff-4.4.0-18.el9_8.x86_64.rpm libtiff-devel-4.4.0-18.el9_8.i686.rpm libtiff-devel-4.4.0-18.el9_8.x86_64.rpm libtiff-tools-4.4.0-18.el9_8.x86_64.rpm aarch64: libtiff-4.4.0-18.el9_8.aarch64.rpm libtiff-devel-4.4.0-18.el9_8.aarch64.rpm libtiff-tools-4.4.0-18.el9_8.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/libtiff-4.4.0-18.el9_8.src.rpm Related CVEs: CVE-2026-4775 Description of changes: [4.4.0-18] - rebuild [4.4.0-15.3] - fix CVE-2026-4775: signed integer overflow in putcontig8bitYCbCr44tile (RHEL-159331) _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux Security Advisory ELSA-2026-19363 fixes a buffer overflow in libtiff ensuring system integrity and stability.. Oracle Linux,ElsA-2026-19363,libtiff,buffer overflow,CVE-2026-4775. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 25, 2026 Important Oracle
217

Oracle Linux 8 libtiff Important Signed Integer Overflow ELSA-2026-16055

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-16055 http://linux.oracle.com/errata/ELSA-2026-16055.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libtiff-4.0.9-37.el8_10.i686.rpm libtiff-4.0.9-37.el8_10.x86_64.rpm libtiff-devel-4.0.9-37.el8_10.i686.rpm libtiff-devel-4.0.9-37.el8_10.x86_64.rpm libtiff-tools-4.0.9-37.el8_10.x86_64.rpm aarch64: libtiff-4.0.9-37.el8_10.aarch64.rpm libtiff-devel-4.0.9-37.el8_10.aarch64.rpm libtiff-tools-4.0.9-37.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/libtiff-4.0.9-37.el8_10.src.rpm Related CVEs: CVE-2026-4775 Description of changes: [4.0.9-37] - fix CVE-2026-4775: signed integer overflow in putcontig8bitYCbCr44tile (RHEL-159316) _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 8 addresses an important signed integer overflow in libtiff with updated rpms to enhance system security.. Oracle Linux libtiff Integer Overflow Update Important. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 14, 2026 Important Oracle
219

Ubuntu Server 22.04 libjpeg Security Advisory USN-2026-34567 Warning

Important: libtiff security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:16055", "synopsis": "Important: libtiff security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for libtiff.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.\n\nSecurity Fix(es):\n\n* libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing (CVE-2026-4775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2450768", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2450768", "description": ""}], "cves": [{"name": "CVE-2026-4775", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4775", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-190"}], "references": [], "publishedAt": "2026-05-13T06:00:58.478905Z", "rpms": {"Rocky Linux 8": {"nvras": ["libtiff-0:4.0.9-37.el8_10.aarch64.rpm", "libtiff-0:4.0.9-37.el8_10.i686.rpm", "libtiff-0:4.0.9-37.el8_10.src.rpm", "libtiff-0:4.0.9-37.el8_10.x86_64.rpm", "libtiff-debuginfo-0:4.0.9-37.el8_10.aarch64.rpm", "libtiff-debuginfo-0:4.0.9-37.el8_10.i686.rpm", "libtiff-debuginfo-0:4.0.9-37.el8_10.x86_64.rpm", "libtiff-debugsource-0:4.0.9-37.el8_10.aarch64.rpm", "libtiff-debugsource-0:4.0.9-37.el8_10.i686.rpm", "libtiff-debugsource-0:4.0.9-37.el8_10.x86_64.rpm", "libtiff-devel-0:4.0.9-37.el8_10.aarch64.rpm", "libtiff-devel-0:4.0.9-37.el8_10.i686.rpm","libtiff-devel-0:4.0.9-37.el8_10.x86_64.rpm", "libtiff-tools-0:4.0.9-37.el8_10.aarch64.rpm", "libtiff-tools-0:4.0.9-37.el8_10.x86_64.rpm", "libtiff-tools-debuginfo-0:4.0.9-37.el8_10.aarch64.rpm", "libtiff-tools-debuginfo-0:4.0.9-37.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux 8 libtiff security update released for important issues, addressing arbitrary code execution and DoS threats.. libtiff security update, Rocky Linux 8 advisory, important security fixes. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 13, 2026 Important Rocky Linux
203

Mageia 9 libtiff Important Code Exec Denial of Service MGASA-2026-0114

MGASA-2026-0114 - Updated libtiff packages fix security vulnerability. MGASA-2026-0114 - Updated libtiff packages fix security vulnerability Publication date: 07 May 2026 URL: https://advisories.mageia.org/MGASA-2026-0114.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-4775 Description: Arbitrary code execution or denial of service via signed integer overflow in tiff file processing. (CVE-2026-4775) References: - https://bugs.mageia.org/show_bug.cgi?id=35340 - https://lwn.net/Articles/1066930/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4775 SRPMS: - 9/core/libtiff-4.5.1-1.8.mga9 . Arbitrary code execution or denial of service vulnerability fixed in Mageia 9 libtiff update. Enhanced security measures.. Mageia Security Update, LibTiff Advisory, Denial of Service Mageia, Code Execution Vulnerability, Mageia 9 Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 07, 2026 Important Mageia
219

Rocky Linux 10 RLSA-2026-67890 libjpeg Immediate Security Update Issued

Important: libtiff security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:12265", "synopsis": "Important: libtiff security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for libtiff.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.\n\nSecurity Fix(es):\n\n* libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing (CVE-2026-4775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2450768", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2450768", "description": ""}], "cves": [{"name": "CVE-2026-4775", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4775", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-190"}], "references": [], "publishedAt": "2026-05-01T12:06:42.394267Z", "rpms": {"Rocky Linux 10": {"nvras": ["libtiff-0:4.6.0-6.el10_1.3.s390x.rpm", "libtiff-debugsource-0:4.6.0-6.el10_1.3.ppc64le.rpm", "libtiff-tools-debuginfo-0:4.6.0-6.el10_1.3.aarch64.rpm", "libtiff-devel-0:4.6.0-6.el10_1.3.x86_64.rpm", "libtiff-tools-0:4.6.0-6.el10_1.3.aarch64.rpm", "libtiff-tools-debuginfo-0:4.6.0-6.el10_1.3.x86_64.rpm", "libtiff-0:4.6.0-6.el10_1.3.aarch64.rpm", "libtiff-tools-0:4.6.0-6.el10_1.3.x86_64.rpm", "libtiff-tools-0:4.6.0-6.el10_1.3.ppc64le.rpm", "libtiff-devel-0:4.6.0-6.el10_1.3.s390x.rpm", "libtiff-tools-debuginfo-0:4.6.0-6.el10_1.3.ppc64le.rpm", "libtiff-0:4.6.0-6.el10_1.3.src.rpm","libtiff-tools-debuginfo-0:4.6.0-6.el10_1.3.s390x.rpm", "libtiff-debuginfo-0:4.6.0-6.el10_1.3.x86_64.rpm", "libtiff-debugsource-0:4.6.0-6.el10_1.3.s390x.rpm", "libtiff-0:4.6.0-6.el10_1.3.x86_64.rpm", "libtiff-0:4.6.0-6.el10_1.3.ppc64le.rpm", "libtiff-debuginfo-0:4.6.0-6.el10_1.3.s390x.rpm", "libtiff-debuginfo-0:4.6.0-6.el10_1.3.ppc64le.rpm", "libtiff-tools-0:4.6.0-6.el10_1.3.s390x.rpm", "libtiff-debugsource-0:4.6.0-6.el10_1.3.x86_64.rpm", "libtiff-debuginfo-0:4.6.0-6.el10_1.3.aarch64.rpm", "libtiff-devel-0:4.6.0-6.el10_1.3.aarch64.rpm", "libtiff-debugsource-0:4.6.0-6.el10_1.3.aarch64.rpm", "libtiff-devel-0:4.6.0-6.el10_1.3.ppc64le.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Update on Rocky Linux 10 libtiff impacting security with denial of service potential. Important fix needed.. Rocky Linux libtiff security update, denial of service exploit, important security patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 01, 2026 Important Rocky Linux
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200