Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 24 articles for you...
89
security advisoryfedoraupdateFedora 42: fcitx5-zhuyin Advisory Released for Security Issues
fcitx5-5.1.16 update. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-d11261d473 2025-11-07 01:27:09.764769+00:00 -------------------------------------------------------------------------------- Name : fcitx5-zhuyin Product : Fedora 42 Version : 5.1.5 Release : 1.fc42 URL : https://github.com/fcitx/fcitx5-zhuyin Summary : Libzhuyin Wrapper for Fcitx Description : Libzhuyin Wrapper for Fcitx. -------------------------------------------------------------------------------- Update Information: fcitx5-5.1.16 update -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 26 2025 Qiyu Yan - 5.1.5-1 - update to upstream release 5.1.5 * Wed Jul 23 2025 Fedora Release Engineering - 5.1.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d11261d473' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 07, 2025
Fedora
89
security advisoryfedoraDoSFedora 43: Critical BIRD 3.1.4 Updates Address Crash and Memory Problems
BIRD 3.1.4 (2025-09-22) BGP: Fixed crash on Notification with a message, CVE-2025-59688 BGP: Fixed invalid memory access in pending TX flush BGP: Fixed a rare bug with listening socket delay Pipe: Disabled statisticts for stopping pipe. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-182c305561 2025-10-01 00:14:58.043524+00:00 -------------------------------------------------------------------------------- Name : bird Product : Fedora 43 Version : 3.1.4 Release : 1.fc43 URL : https://bird.nic.cz/ Summary : BIRD Internet Routing Daemon Description : BIRD is a dynamic IP routing daemon supporting both, IPv4 and IPv6, Border Gateway Protocol (BGPv4), Routing Information Protocol (RIPv2, RIPng), Open Shortest Path First protocol (OSPFv2, OSPFv3), Babel Routing Protocol (Babel), Bidirectional Forwarding Detection (BFD), IPv6 router advertisements, static routes, inter-table protocol, command-line interface allowing on-line control and inspection of the status of the daemon, soft reconfiguration as well as a powerful language for route filtering. -------------------------------------------------------------------------------- Update Information: BIRD 3.1.4 (2025-09-22) BGP: Fixed crash on Notification with a message, CVE-2025-59688 BGP: Fixed invalid memory access in pending TX flush BGP: Fixed a rare bug with listening socket delay Pipe: Disabled statisticts for stopping pipe Hash: Read-only assertions ROA Aggregator: Fixed crash on multiwithdraw Protocol: Fixed broken state announcements -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 22 2025 Robert Scheck - 3.1.4-1 - Upgrade to 3.1.4 (#2397496) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2397496 - bird-3.1.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2397496 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-182c305561' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Oct 01, 2025
•Important
Fedora
89
security advisoryfedoraremote code executionFedora 41: Fix for Critical Memory Leak and Pointer Issue in libssh
New upstream release fixing the following security weaknesses (CVE-2025-8114, CVE-2025-8277). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-88ec28aaee 2025-09-24 15:53:08.490000+00:00 -------------------------------------------------------------------------------- Name : libssh Product : Fedora 41 Version : 0.11.3 Release : 1.fc41 URL : http://www.libssh.org Summary : A library implementing the SSH protocol Description : The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its Secure FTP implementation, you can play with remote files easily, without third-party programs others than libcrypto (from openssl). -------------------------------------------------------------------------------- Update Information: New upstream release fixing the following security weaknesses (CVE-2025-8114, CVE-2025-8277) -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 9 2025 Jakub Jelen - 0.11.3-1 - New upstream release fixing the following security weaknesses: - CVE-2025-8114: Fix NULL pointer dereference after allocation failure - CVE-2025-8277: Fix memory leak of ephemeral key pair during repeated wrong KEX * Thu Jul 24 2025 Fedora Release Engineering - 0.11.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2383236 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=2383236 [ 2 ] Bug #2394021 - libssh-0.11.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2394021 [ 3 ] Bug #2394047 - CVE-2025-8277 libssh:Memory Exhaustion via Repeated Key Exchange in libssh [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2394047 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-88ec28aaee' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Sep 24, 2025
•Critical
Fedora
89
security advisoryupdateFedoraFedora 40: 2024-08-29 Security Advisory on Kernel Updates
The 6.10.7 stable kernel update contains a number of important fixes across the tree.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-8bda3bcaea 2024-09-05 04:06:20.352654 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 40 Version : 6.10.7 Release : 200.fc40 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package -------------------------------------------------------------------------------- Update Information: The 6.10.7 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 29 2024 Augusto Caringi [6.10.7-0] - KVM: PPC: Book3S HV nestedv2: Keep nested guest HASHPKEYR in sync (Shivaprasad G Bhat) - KVM: PPC: Book3S HV: Add one-reg interface for HASHPKEYR register (Shivaprasad G Bhat) - KVM: PPC: Book3S HV nestedv2: Keep nested guest HASHKEYR in sync (Shivaprasad G Bhat) - KVM: PPC: Book3S HV: Add one-reg interface for HASHKEYR register (Shivaprasad G Bhat) - KVM: PPC: Book3S HV nestedv2: Keep nested guest DEXCR in sync (Shivaprasad G Bhat) - KVM: PPC: Book3S HV: Add one-reg interface for DEXCR register (Shivaprasad G Bhat) - Revert the F39 commits which should not have pushed (Justin M. Forbes) - Turn off libbpf dynamic for perf on F39 (Justin M. Forbes) - Revert "cpupower: Bump soname version" (Justin M. Forbes) - Drop soname for libcpupower.so since we reverted the bump (Justin M. Forbes) - Linux v6.10.7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2308100 - CVE-2024-43884 kernel: Bluetooth: MGMT: Add error handling to pair_device() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2308100 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-8bda3bcaea' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Sep 05, 2024
•Important
Fedora
89
security advisorycritical issuefedoraFedora 40: 2024-2e908e829a Critical: Roundcubemail XSS Issues
Version 1.6.8 Managesieve: Protect special scripts in managesieve_kolab_master mode Fix newmail_notifier notification focus in Chrome (#9467) Fix fatal error when parsing some TNEF attachments (#9462) Fix double scrollbar when composing a mail with many plain text lines (#7760). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-2e908e829a 2024-08-15 02:33:16.252055 -------------------------------------------------------------------------------- Name : roundcubemail Product : Fedora 40 Version : 1.6.8 Release : 1.fc40 URL : https://roundcube.net/ Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. -------------------------------------------------------------------------------- Update Information: Version 1.6.8 Managesieve: Protect special scripts in managesieve_kolab_master mode Fix newmail_notifier notification focus in Chrome (#9467) Fix fatal error when parsing some TNEF attachments (#9462) Fix double scrollbar when composing a mail with many plain text lines (#7760) Fix decoding mail parts with multiple base64-encoded text blocks (#9290) Fix bug where some messages could get malformed in an import from a MBOX file (#9510) Fix invalid line break characters in multi-line text in Sieve scripts (#9543) Fix bug where "with attachment" filter could fail on some fts engines (#9514) Fix bug where an unhandled exception was caused by an invalid image attachment (#9475) Fix bug where a long subject title could not bedisplayed in some cases (#9416) Fix infinite loop when parsing malformed Sieve script (#9562) Fix bug where imap_conn_option's 'socket' was ignored (#9566) Fix XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009 Fix XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008 Fix information leak (access to remote content) via insufficient CSS filtering CVE-2024-42010 -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 5 2024 Remi Collet - 1.6.8-1 - update to 1.6.8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2303071 - CVE-2024-42008 roundcubemail: A Cross-Site Scripting vulnerability in rcmail_action_mail_get-> run() in Roundcube [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2303071 [ 2 ] Bug #2303076 - CVE-2024-42009 roundcubemail: A Cross-Site Scripting vulnerability in Roundcube [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2303076 [ 3 ] Bug #2303096 - CVE-2024-42010 roundcubemail: information leak due to insufficient CSS filtering [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2303096 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-2e908e829a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Aug 15, 2024
•Critical
Fedora
89
security advisoryFedoraMySQLFedora 39: FEDORA-2023-e7aa13efc5 Critical MySQL 8.0.35 Update Notification
**MySQL 8.0.35** Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-35.html. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-e7aa13efc5 2023-11-10 01:43:43.599593 -------------------------------------------------------------------------------- Name : community-mysql Product : Fedora 39 Version : 8.0.35 Release : 1.fc39 URL : https://www.mysql.com/ Summary : MySQL client programs and shared libraries Description : MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. -------------------------------------------------------------------------------- Update Information: **MySQL 8.0.35** Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-35.html -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 21 2023 Lars Tangvald - 8.0.35-1 - Update to MySQL 8.0.35 - Remove patches now upstream -------------------------------------------------------------------------------- References: [ 1 ] Bug #2165809 - Testsuite suite 'query_rewrite_plugins' fails on Fedora 38 and later https://bugzilla.redhat.com/show_bug.cgi?id=2165809 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-e7aa13efc5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 10, 2023
•Critical
Fedora
89
security advisoryupdateFedoraFedora 38: FEDORA-2023-955e390a13 Moderate: Roundcube XSS Issue
**Version 1.6.4** - Fix PHP8 warnings (#9142, #9160) - Fix default 'mime.types' path on Windows (#9113) - Managesieve: Fix javascript error when relational or spamtest extension is not enabled (#9139) - Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages (#9168). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-955e390a13 2023-10-25 01:35:36.772688 -------------------------------------------------------------------------------- Name : roundcubemail Product : Fedora 38 Version : 1.6.4 Release : 1.fc38 URL : https://roundcube.net/ Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. -------------------------------------------------------------------------------- Update Information: **Version 1.6.4** - Fix PHP8 warnings (#9142, #9160) - Fix default 'mime.types' path on Windows (#9113) - Managesieve: Fix javascript error when relational or spamtest extension is not enabled (#9139) - Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages (#9168) -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 16 2023 Remi Collet - 1.6.4-1 - update to 1.6.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2244535 - roundcube: cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages https://bugzilla.redhat.com/show_bug.cgi?id=2244535 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-955e390a13' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Oct 25, 2023
Fedora
203
security advisoryupdatecriticalMageia 8 MGASA-2023-0147 Critical: Thunderbird Memory Issues
Fullscreen notification obscured. (CVE-2023-29533) Double-free in libwebp. (MFSA-TMP-2023-0001) Potential Memory Corruption following Garbage Collector compaction. (CVE-2023-29535) Invalid free from JavaScript code. (CVE-2023-29536) . MGASA-2023-0147 - Updated thunderbird packages fix security vulnerability Publication date: 15 Apr 2023 URL: https://advisories.mageia.org/MGASA-2023-0147.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-0547, CVE-2023-29479, CVE-2023-29539, CVE-2023-29541, CVE-2023-1945, CVE-2023-29548, CVE-2023-29550 Fullscreen notification obscured. (CVE-2023-29533) Double-free in libwebp. (MFSA-TMP-2023-0001) Potential Memory Corruption following Garbage Collector compaction. (CVE-2023-29535) Invalid free from JavaScript code. (CVE-2023-29536) Revocation status of S/Mime recipient certificates was not checked. (CVE-2023-0547) Hang when processing certain OpenPGP messages. (CVE-2023-29479) Content-Disposition filename truncation leads to Reflected File Download. (CVE-2023-29539) Files with malicious extensions could have been downloaded unsafely on Linux. (CVE-2023-29541) Memory Corruption in Safe Browsing Code. (CVE-2023-1945) Incorrect optimization result on ARM64. (CVE-2023-29548) Memory safety bugs fixed in Thunderbird 102.10. (CVE-2023-29550) References: - https://bugs.mageia.org/show_bug.cgi?id=31787 - https://www.thunderbird.net/en-US/thunderbird/102.10.0/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/ - https://www.cve.org/CVERecord?id=CVE-2023-29533 - https://www.cve.org/CVERecord?id=CVE-2023-29535 - https://www.cve.org/CVERecord?id=CVE-2023-29536 - https://www.cve.org/CVERecord?id=CVE-2023-0547 - https://www.cve.org/CVERecord?id=CVE-2023-29479 - https://www.cve.org/CVERecord?id=CVE-2023-29539 - https://www.cve.org/CVERecord?id=CVE-2023-29541 - https://www.cve.org/CVERecord?id=CVE-2023-1945 - https://www.cve.org/CVERecord?id=CVE-2023-29548 -https://www.cve.org/CVERecord?id=CVE-2023-29550 SRPMS: - 8/core/thunderbird-102.10.0-1.mga8 - 8/core/thunderbird-l10n-102.10.0-1.mga8 . Recent Thunderbird updates address significant vulnerabilities, including memory leaks and notification failures in Mageia 8.. Thunderbird Update, Mageia Security, Memory Issues, Notification Threats. . Severity: Critical. LinuxSecurity.com Team
Apr 15, 2023
•Critical
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!