Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
202
security advisoryupdatelowopenSUSE Leap 16.0 Cairo Low Poppler Crash Vuln 2026-20697-1
An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for cairo ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20697-1 Rating: low References: * bsc#1247589 Cross-References: * CVE-2025-50422 Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for cairo fixes the following issue: - CVE-2025-50422: Poppler crash on malformed input (bsc#1247589). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-716=1 Package List: - openSUSE Leap 16.0: cairo-devel-1.18.4-160000.3.1 cairo-tools-1.18.4-160000.3.1 libcairo-gobject2-1.18.4-160000.3.1 libcairo-script-interpreter2-1.18.4-160000.3.1 libcairo2-1.18.4-160000.3.1 References: * https://www.suse.com/security/cve/CVE-2025-50422.html . This openSUSE advisory addresses a low-severity issue with cairo, providing installation instructions and details on the fix. . openSUSE security low Cairo update. . Severity: Low. LinuxSecurity.com Team
May 08, 2026
•Low
OpenSUSE
100
security advisorySuSEDoSSUSE: Cairo Low Severity Malformed Input Fix 2025:03449-1
* bsc#1247589 Cross-References: * CVE-2025-50422 . # Security update for cairo Announcement ID: SUSE-SU-2025:03449-1 Release Date: 2025-10-02T07:15:33Z Rating: low References: * bsc#1247589 Cross-References: * CVE-2025-50422 CVSS scores: * CVE-2025-50422 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-50422 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-50422 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP6 * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for cairo fixes the following issues: * CVE-2025-50422: Fixed Poppler crash on malformed input (bsc#1247589) * Update to version 1.18.4: * The dependency on LZO has been made optional through a build time configuration toggle. * You can build Cairo against a Freetype installation that does not have the FT_Color type. * Cairo tests now build on Solaris 11.4 with GCC 14. * The DirectWrite backend now builds on MINGW 11. * The DirectWrite backend now supports font variations and proper glyph coverage. * Use tarball in lieu of source service due to freedesktop gitlab migration, will switch back at next release at the latest. * Add pkgconfig(lzo2) BuildRequires: New optional dependency, build lzo2 support feature. * Convert to source service: allows for easier upgrades by the GNOME team. * Update to version 1.18.2: * The malloc-stats codehas been removed from the tests directory * Cairo now requires a version of pixman equal to, or newer than, 0.40. * There have been multiple build fixes for newer versions of GCC for MSVC; for Solaris; and on macOS 10.7. * PNG errors caused by loading malformed data are correctly propagated to callers, so they can handle the case. * Both stroke and fill colors are now set when showing glyphs on a PDF surface. * All the font options are copied when creating a fallback font object. * When drawing text on macOS, Cairo now tries harder to select the appropriate font name. * Cairo now prefers the COLRv1 table inside a font, if one is available. * Cairo requires a C11 toolchain when building. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3449=1 SUSE-2025-3449=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3449=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3449=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-3449=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-3449=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libcairo-script-interpreter2-debuginfo-1.18.4-150600.3.3.1 * libcairo2-1.18.4-150600.3.3.1 * libcairo-gobject2-1.18.4-150600.3.3.1 * libcairo-script-interpreter2-1.18.4-150600.3.3.1 * cairo-devel-1.18.4-150600.3.3.1 * libcairo2-debuginfo-1.18.4-150600.3.3.1 * cairo-tools-1.18.4-150600.3.3.1 * libcairo-gobject2-debuginfo-1.18.4-150600.3.3.1 * cairo-debugsource-1.18.4-150600.3.3.1 * cairo-tools-debuginfo-1.18.4-150600.3.3.1 * openSUSE Leap 15.6(x86_64) * libcairo-gobject2-32bit-debuginfo-1.18.4-150600.3.3.1 * libcairo-script-interpreter2-32bit-debuginfo-1.18.4-150600.3.3.1 * libcairo2-32bit-1.18.4-150600.3.3.1 * libcairo2-32bit-debuginfo-1.18.4-150600.3.3.1 * cairo-devel-32bit-1.18.4-150600.3.3.1 * libcairo-gobject2-32bit-1.18.4-150600.3.3.1 * libcairo-script-interpreter2-32bit-1.18.4-150600.3.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libcairo-script-interpreter2-64bit-1.18.4-150600.3.3.1 * libcairo-gobject2-64bit-debuginfo-1.18.4-150600.3.3.1 * libcairo-gobject2-64bit-1.18.4-150600.3.3.1 * libcairo-script-interpreter2-64bit-debuginfo-1.18.4-150600.3.3.1 * libcairo2-64bit-debuginfo-1.18.4-150600.3.3.1 * libcairo2-64bit-1.18.4-150600.3.3.1 * cairo-devel-64bit-1.18.4-150600.3.3.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libcairo-script-interpreter2-debuginfo-1.18.4-150600.3.3.1 * libcairo2-1.18.4-150600.3.3.1 * libcairo-gobject2-1.18.4-150600.3.3.1 * libcairo-script-interpreter2-1.18.4-150600.3.3.1 * libcairo2-debuginfo-1.18.4-150600.3.3.1 * libcairo-gobject2-debuginfo-1.18.4-150600.3.3.1 * cairo-debugsource-1.18.4-150600.3.3.1 * cairo-devel-1.18.4-150600.3.3.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libcairo-script-interpreter2-debuginfo-1.18.4-150600.3.3.1 * libcairo2-1.18.4-150600.3.3.1 * libcairo-gobject2-1.18.4-150600.3.3.1 * libcairo-script-interpreter2-1.18.4-150600.3.3.1 * libcairo2-debuginfo-1.18.4-150600.3.3.1 * libcairo-gobject2-debuginfo-1.18.4-150600.3.3.1 * cairo-debugsource-1.18.4-150600.3.3.1 * cairo-devel-1.18.4-150600.3.3.1 * Desktop Applications Module 15-SP6 (x86_64) * libcairo2-32bit-1.18.4-150600.3.3.1 * libcairo2-32bit-debuginfo-1.18.4-150600.3.3.1 * Desktop Applications Module 15-SP7 (x86_64) * libcairo2-32bit-1.18.4-150600.3.3.1 * libcairo2-32bit-debuginfo-1.18.4-150600.3.3.1 ## References: *https://www.suse.com/security/cve/CVE-2025-50422.html * https://bugzilla.suse.com/show_bug.cgi?id=1247589 . Update for Cairo addresses CVE-2025-50422 vulnerability with low severity, protecting against potential issues from malformed input.. SUSE Security Advisory, Cairo Update, CVE-2025-50422, Low Severity Issue, Linux Security Patch. . Severity: Low. LinuxSecurity.com Team
Oct 02, 2025
•Low
SuSE
100
security advisorysoftware updatelow severitySUSE: 2024:2333-1 Low Severity: Mitigation for Poppler Crash Issue
* bsc#1226916 Cross-References: * CVE-2024-6239 . # Security update for poppler Announcement ID: SUSE-SU-2024:2333-1 Rating: low References: * bsc#1226916 Cross-References: * CVE-2024-6239 CVSS scores: * CVE-2024-6239 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2024-6239 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2024-6239: Fixed crash when using pdfinfo with -dests parameter on malformed input files (bsc#12269160). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-2333=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-2333=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * poppler-tools-debuginfo-22.01.0-150400.3.22.1 * typelib-1_0-Poppler-0_18-22.01.0-150400.3.22.1 * libpoppler-devel-22.01.0-150400.3.22.1 * poppler-qt5-debugsource-22.01.0-150400.3.22.1 * libpoppler-cpp0-22.01.0-150400.3.22.1 * libpoppler-glib-devel-22.01.0-150400.3.22.1 * poppler-qt6-debugsource-22.01.0-150400.3.22.1 * libpoppler-qt5-1-debuginfo-22.01.0-150400.3.22.1 * libpoppler117-debuginfo-22.01.0-150400.3.22.1 * libpoppler-qt5-devel-22.01.0-150400.3.22.1 * poppler-debugsource-22.01.0-150400.3.22.1 * poppler-tools-22.01.0-150400.3.22.1 * libpoppler-qt5-1-22.01.0-150400.3.22.1 * libpoppler-qt6-3-22.01.0-150400.3.22.1 *libpoppler-qt6-3-debuginfo-22.01.0-150400.3.22.1 * libpoppler-qt6-devel-22.01.0-150400.3.22.1 * libpoppler-glib8-22.01.0-150400.3.22.1 * libpoppler117-22.01.0-150400.3.22.1 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.22.1 * libpoppler-glib8-debuginfo-22.01.0-150400.3.22.1 * openSUSE Leap 15.4 (x86_64) * libpoppler117-32bit-22.01.0-150400.3.22.1 * libpoppler-glib8-32bit-22.01.0-150400.3.22.1 * libpoppler117-32bit-debuginfo-22.01.0-150400.3.22.1 * libpoppler-qt5-1-32bit-debuginfo-22.01.0-150400.3.22.1 * libpoppler-qt5-1-32bit-22.01.0-150400.3.22.1 * libpoppler-cpp0-32bit-22.01.0-150400.3.22.1 * libpoppler-glib8-32bit-debuginfo-22.01.0-150400.3.22.1 * libpoppler-cpp0-32bit-debuginfo-22.01.0-150400.3.22.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libpoppler-cpp0-64bit-debuginfo-22.01.0-150400.3.22.1 * libpoppler-glib8-64bit-22.01.0-150400.3.22.1 * libpoppler-glib8-64bit-debuginfo-22.01.0-150400.3.22.1 * libpoppler117-64bit-22.01.0-150400.3.22.1 * libpoppler117-64bit-debuginfo-22.01.0-150400.3.22.1 * libpoppler-qt5-1-64bit-debuginfo-22.01.0-150400.3.22.1 * libpoppler-qt5-1-64bit-22.01.0-150400.3.22.1 * libpoppler-cpp0-64bit-22.01.0-150400.3.22.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * libpoppler117-22.01.0-150400.3.22.1 * libpoppler117-debuginfo-22.01.0-150400.3.22.1 * poppler-debugsource-22.01.0-150400.3.22.1 ## References: * https://www.suse.com/security/cve/CVE-2024-6239.html * https://bugzilla.suse.com/show_bug.cgi?id=1226916 . Enhance system stability with this low-severity Poppler update, fixing malformed input issues noted in CVE-2024-6239.. poppler update, SUSE advisory, openSUSE security, software fixes. . Severity: Low. LinuxSecurity.com Team
Jul 08, 2024
•Low
SuSE
203
security advisorydenial of servicecriticalMageia 7 Advisory MGASA-2021-0046 Critical: OpenLDAP Denial of Service
It was discovered that OpenLDAP incorrectly handled certain malformed inputs. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service (CVE-2020-25709, CVE-2020-25710). References: . MGASA-2021-0046 - Updated openldap packages fix security vulnerabilities Publication date: 19 Jan 2021 URL: https://advisories.mageia.org/MGASA-2021-0046.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-25709, CVE-2020-25710 It was discovered that OpenLDAP incorrectly handled certain malformed inputs. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service (CVE-2020-25709, CVE-2020-25710). References: - https://bugs.mageia.org/show_bug.cgi?id=27625 - https://ubuntu.com/security/notices/USN-4634-1 - https://www.cve.org/CVERecord?id=CVE-2020-25709 - https://www.cve.org/CVERecord?id=CVE-2020-25710 SRPMS: - 7/core/openldap-2.4.50-1.3.mga7 . The security update MGASA-2021-0046 for OpenLDAP highlights vulnerabilities that could lead to remote denial of service attacks and outlines the steps for patch implementation.. OpenLDAP Security Update,Mageia 2021,Remote Denial of Service,Malformed Input Issues. . Severity: Critical. LinuxSecurity.com Team
Jan 19, 2021
•Critical
Mageia
89
security advisoryhigh severityfedoraCentOS 8 High: Patch Released for Libjpeg Buffer Overflow Vulnerability
Previous fix for buffer overrun printing the contents of the sPLT chunk in certain malformed inputs (RHBZ#1905775) was incomplete; it should be properly fixed now. ---- Security fix for multiple buffer overflows from crafted file input (RHBZ#1902786,1902806,1902810: no CVE yet assigned), and for buffer overrun printing the contents of the sPLT chunk in certain malformed inputs. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-f3a397cbf8 2020-12-23 01:18:30.481735 --------------------------------------------------------------------------------Name : pngcheck Product : Fedora 33 Version : 2.4.0 Release : 5.fc33 URL : http://www.libpng.org/pub/png/apps/pngcheck.html Summary : Verifies the integrity of PNG, JNG and MNG files Description : pngcheck verifies the integrity of PNG, JNG and MNG files (by checking the internal 32-bit CRCs [checksums] and decompressing the image data); it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statistics about an image (dimensions, bit depth, etc.); to list the color and transparency info in its palette (assuming it has one); or to extract the embedded text annotations. This is a command-line program with batch capabilities. The current release supports all PNG, MNG and JNG chunks, including the newly approved sTER stereo-layout chunk. It correctly reports errors in all but two of the images in Chris Nokleberg's brokensuite-20061204. --------------------------------------------------------------------------------Update Information: Previous fix for buffer overrun printing the contents of the sPLT chunk in certain malformed inputs (RHBZ#1905775) was incomplete; it should be properly fixed now. ---- Security fix for multiple buffer overflows from crafted file input (RHBZ#1902786,1902806,1902810: no CVE yet assigned), and for buffer overrun printing thecontents of the sPLT chunk in certain malformed inputs (RHBZ#1905775: no tracking bug or CVE yet assigned); also, new eXIf support and assorted small bug fixes --------------------------------------------------------------------------------ChangeLog: * Mon Dec 14 2020 Benjamin A. Beasley - 2.4.0-5 - Previous fix for buffer overrun printing the contents of the sPLT chunk in certain malformed inputs (RHBZ#1905775) was incomplete; it should be properly fixed now. * Sun Dec 13 2020 Benjamin A. Beasley - 2.4.0-4 - Bounds-check all accesses into enumerated-value name arrays; a malformed file could have caused a buffer overrun in several of these cases. (RHBZ#1902810) - Fix buffer overrun when print_buffer() is passed a nonpositive size, which can occur in practice for certain malformed inputs. (RHBZ#1902810) - In some cases, the chunk length from the file data (sz) is used to index into the read buffer without sufficient bounds-checking, leading to a buffer overrun. Fix this for PPLT, hIST, sCAL, FRAM, SAVE, nEED, PAST, DISC, DROP, DBYK, ORDR, and SEEK chunks. (RHBZ#1902810) - Fix buffer overrun printing the contents of the sPLT chunk in certain malformed inputs. (RHBZ#1905775) - Backport fix for off-by-one bug in check_magic() from 3.0.0 - Backport fix for zlib version warnings going to stdout from 3.0.0 - Use name macro when referencing patches. - Add BR on make in anticipation of https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot. - New upstream version 2.4.0 - Added new license file for main package (same MIT-style license) - Drop format-security patch, now upstreamed - Use upstreamed man pages; no need to generate with help2man anymore - Add rpmlintrc rules for -extras subpackage - Add rpmlintrc file to suppress spurious rpmlint warnings --------------------------------------------------------------------------------References: [ 1 ] Bug #1902806 - pngcheck: Multiple buffer overflows from crafted file input https://bugzilla.redhat.com/show_bug.cgi?id=1902806 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-f3a397cbf8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Dec 22, 2020
Fedora
203
security advisorysegfaultmalformed inputMageia: 2020-0431 Moderate: Raptor2 Malformed Input Segfault
A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common. (CVE-2020-25713) References: - https://bugs.mageia.org/show_bug.cgi?id=27605 . MGASA-2020-0431 - Updated raptor2 packages fix a security vulnerability Publication date: 21 Nov 2020 URL: https://advisories.mageia.org/MGASA-2020-0431.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-25713 A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common. (CVE-2020-25713) References: - https://bugs.mageia.org/show_bug.cgi?id=27605 - https://bugs.librdf.org/mantis/view.php?id=650 - https://www.openwall.com/lists/oss-security/2020/11/13/1 - https://www.openwall.com/lists/oss-security/2020/11/16/1 - https://www.cve.org/CVERecord?id=CVE-2020-25713 SRPMS: - 7/core/raptor2-2.0.15-11.1.mga7 . Revised raptor2 distributions address a vulnerability in Mageia that arises from incorrect input processing, resulting in a segmentation fault.. Security Update,Mageia Advisory,Raptor2 Segfault,Input File Vulnerability. . LinuxSecurity.com Team
Nov 21, 2020
Mageia
202
security advisorymoderatesoftware updateopenSUSE: 2020:1500-1 Moderate Update for libqt4 Over-read and Fixes
An update that solves four vulnerabilities and has one errata is now available.. openSUSE Security Update: Security update for libqt4 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1500-1 Rating: moderate References: #1118595 #1118596 #1118599 #1121214 #1176315 Cross-References: CVE-2018-15518 CVE-2018-19869 CVE-2018-19873 CVE-2020-17507 Affected Products: openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for libqt4 fixes the following issues: * Fix buffer over-read in read_xbm_body (boo#1176315, CVE-2020-17507) * Fix "double free or corruption" in QXmlStreamReader (boo#1118595, CVE-2018-15518) * Fix QBmpHandler segfault on malformed BMP file boo#1118596, CVE-2018-19873) * Fix crash when parsing malformed url reference (boo#1118599, CVE-2018-19869) This update was imported from the openSUSE:Leap:15.1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2020-1500=1 Package List: - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64): libqt4-4.8.7-bp151.4.3.1 libqt4-devel-4.8.7-bp151.4.3.1 libqt4-devel-doc-4.8.7-bp151.4.3.1 libqt4-devel-doc-debuginfo-4.8.7-bp151.4.3.1 libqt4-devel-doc-debugsource-4.8.7-bp151.4.3.1 libqt4-linguist-4.8.7-bp151.4.3.1 libqt4-private-headers-devel-4.8.7-bp151.4.3.1 libqt4-qt3support-4.8.7-bp151.4.3.1 libqt4-sql-4.8.7-bp151.4.3.1 libqt4-sql-plugins-debugsource-4.8.7-bp151.4.3.1 libqt4-sql-postgresql-4.8.7-bp151.4.3.1 libqt4-sql-postgresql-debuginfo-4.8.7-bp151.4.3.1 libqt4-sql-sqlite-4.8.7-bp151.4.3.1 libqt4-sql-unixODBC-4.8.7-bp151.4.3.1 libqt4-sql-unixODBC-debuginfo-4.8.7-bp151.4.3.1 libqt4-x11-4.8.7-bp151.4.3.1 qt4-x11-tools-4.8.7-bp151.4.3.1 qt4-x11-tools-debuginfo-4.8.7-bp151.4.3.1 - openSUSE Backports SLE-15-SP1 (aarch64_ilp32): libqt4-64bit-4.8.7-bp151.4.3.1 libqt4-devel-64bit-4.8.7-bp151.4.3.1 libqt4-qt3support-64bit-4.8.7-bp151.4.3.1 libqt4-sql-64bit-4.8.7-bp151.4.3.1 libqt4-sql-postgresql-64bit-4.8.7-bp151.4.3.1 libqt4-sql-postgresql-64bit-debuginfo-4.8.7-bp151.4.3.1 libqt4-sql-sqlite-64bit-4.8.7-bp151.4.3.1 libqt4-sql-unixODBC-64bit-4.8.7-bp151.4.3.1 libqt4-sql-unixODBC-64bit-debuginfo-4.8.7-bp151.4.3.1 libqt4-x11-64bit-4.8.7-bp151.4.3.1 - openSUSE Backports SLE-15-SP1 (noarch): libqt4-devel-doc-data-4.8.7-bp151.4.3.1 References: https://www.suse.com/security/cve/CVE-2018-15518.html https://www.suse.com/security/cve/CVE-2018-19869.html https://www.suse.com/security/cve/CVE-2018-19873.html https://www.suse.com/security/cve/CVE-2020-17507.html https://bugzilla.suse.com/1118595 https://bugzilla.suse.com/1118596 https://bugzilla.suse.com/1118599 https://bugzilla.suse.com/1121214 https://bugzilla.suse.com/1176315 -- . This patch resolves three vulnerabilities in libqt5, focusing on potential memory leaks and heap corruption. Discover the steps to implement it.. openSUSE Security Update, libqt4 buffer over-read fix, moderate severity patch. . Severity: Important. LinuxSecurity.com Team
Sep 22, 2020
•Important
OpenSUSE
203
security advisorysoftware updatemalformed inputMageia: 2020-0329 Moderate: radare2 Shell Injection Issue
In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory (CVE-2020-15121). . MGASA-2020-0329 - Updated radare2 packages fix security vulnerability Publication date: 18 Aug 2020 URL: https://advisories.mageia.org/MGASA-2020-0329.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-15121 In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory (CVE-2020-15121). The radare2 package has been updated to version 4.5.0, fixing these issues and other bugs. Also, the radare2-cutter package has been updated to version 1.11.0. References: - https://bugs.mageia.org/show_bug.cgi?id=27060 - https://lists.fedoraproject.org/archives/list/
Aug 18, 2020
•Important
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!