Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
89
security advisorymoderatefedoraFedora 41: FEDORA-2025-8fdb7be3cb moderate: libheif out-of-bounds read
Latest upstream release. It adds support for tiles and fixes reading images generated by iOS 18+. See https://github.com/strukturag/libheif/releases for more details about the changes since 1.17.6. NOTE: heif-convert tool was renamed to heif-dec. How to test:. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-8fdb7be3cb 2025-02-15 02:35:33.711225+00:00 -------------------------------------------------------------------------------- Name : libheif Product : Fedora 41 Version : 1.19.5 Release : 3.fc41 URL : https://github.com/strukturag/libheif Summary : HEIF and AVIF file format decoder and encoder Description : libheif is an ISO/IEC 23008-12:2017 HEIF and AVIF (AV1 Image File Format) file format decoder and encoder. -------------------------------------------------------------------------------- Update Information: Latest upstream release. It adds support for tiles and fixes reading images generated by iOS 18+. See https://github.com/strukturag/libheif/releases for more details about the changes since 1.17.6. NOTE: heif-convert tool was renamed to heif-dec. How to test: Download and unzip sample images from mastodon issue #31570. Try opening them with e.g. loupe or gimp. They fail to open with libheif-1.17.6, but should open successfully with libheif-1.19.5. Fixes CVE-2024-41311 . -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 5 2025 Robert-André Mauchin - 1.19.5-3 - Rebuilt for aom 3.11.0 * Fri Jan 17 2025 Fedora Release Engineering - 1.19.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Sun Nov 24 2024 Packit - 1.19.5-1 - Update to version 1.19.5 - Resolves: rhbz#2327307 * Sun Nov 17 2024 Dominik Mierzejewski - 1.19.3-3 - disable OpenJPH encoder support to work-around crashes * Sat Nov 16 2024 Sérgio Basto - 1.19.3-2 - Add support to multilib in devel sub-package - Resolves: rhbz#2279891 * Tue Nov 12 2024Dominik Mierzejewski - 1.19.3-1 - update to 1.19.3 (resolves rhbz#2295525) - drop obsolete patches - enable OpenH264, OpenJPH (64-bit only) and Brotli decoders - run tests unconditionally, they no longer require special build options - drop conditional hevc subpackage - use fewer wildcards in the file lists - stop building rav1e and svt AV1 encoders as plugins -------------------------------------------------------------------------------- References: [ 1 ] Bug #2319289 - CVE-2024-41311 libheif: OOB read and write via ImageOverlay::parse() [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2319289 [ 2 ] Bug #2332519 - Update libheif https://bugzilla.redhat.com/show_bug.cgi?id=2332519 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8fdb7be3cb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . The recent Libheif enhancements for Fedora 41 address issues related to iOS image handling and additional features. Keep your software current to maintain the highest level of security.. Fedora 41, libheif update, security advisory, encoder security fixes. . LinuxSecurity.com Team
Feb 15, 2025
Fedora
89
security advisorycritical issuesoftware updateFedora 40: Update for ONNX 1.14.1 Critical Security Issues
Security fix for CVE-2024-27318 and CVE-2024-27319. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-abe1e34fdb 2024-03-29 00:16:07.816413 -------------------------------------------------------------------------------- Name : onnx Product : Fedora 40 Version : 1.14.1 Release : 2.fc40 URL : Summary : Open standard for machine learning interoperability Description : onnx provides an open source format for AI models, both deep learning and traditional ML. It defines an extensible computation graph model, as well as definitions of built-in operators and standard data types. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2024-27318 and CVE-2024-27319 -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 24 2024 Alejandro Alvarez Ayllon - 1.14.1-2 - Backport of fixes for CVE-2024-27318 and CVE-2024-27319 * Wed Feb 21 2024 Diego Herrera C - 1.14.1-1 - Release 1.14.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2265737 - CVE-2024-27318 onnx: directory traversal https://bugzilla.redhat.com/show_bug.cgi?id=2265737 [ 2 ] Bug #2265739 - CVE-2024-27319 onnx: oob read https://bugzilla.redhat.com/show_bug.cgi?id=2265739 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-abe1e34fdb' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 29, 2024
•Critical
Fedora
203
security advisoryinteger overflowmemory consumptionMageia: 2023:0209 Critical: OOB Read And Integer Overflow
The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. (CVE-2023-32307) References: . MGASA-2023-0209 - Updated sofia-sip packages fix security vulnerability Publication date: 28 Jun 2023 URL: https://advisories.mageia.org/MGASA-2023-0209.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-32307 The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. (CVE-2023-32307) References: - https://bugs.mageia.org/show_bug.cgi?id=32020 - https://lists.debian.org/debian-lts-announce/2023/06/msg00002.html - https://www.cve.org/CVERecord?id=CVE-2023-32307 SRPMS: - 8/core/sofia-sip-1.12.11-10.4.mga8 . Revised sofia-sip modules address out-of-bounds read and integer overflow vulnerabilities, which could result in system crashes and excessive memory consumption.. Mageia Security, Sofia-SIP, Memory Management, Integer Overflow Issues. . Severity: Critical. LinuxSecurity.com Team
Jun 28, 2023
•Critical
Mageia
203
security advisorycritical issuesoftware fixMageia 8: 2021-0239 Critical: cgal Out-Of-Bounds Read Security Update
Updated cgal packages fix security vulnerabilities: An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability (CVE-2020-28601). . MGASA-2021-0239 - Updated cgal packages fix security vulnerabilities Publication date: 08 Jun 2021 URL: https://advisories.mageia.org/MGASA-2021-0239.html Type: security Affected Mageia releases: 8 CVE: CVE-2020-28601, CVE-2020-28636, CVE-2020-35628, CVE-2020-35636 Updated cgal packages fix security vulnerabilities: An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability (CVE-2020-28601). An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh-> twin() An attacker can provide malicious input to trigger this vulnerability (CVE-2020-28636). An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh-> incident_sface. An attacker can provide malicious input to trigger this vulnerability (CVE-2020-35628). An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh-> volume(). An attacker can provide malicious input to trigger this vulnerability (CVE-2020-35636). The cgal package has been updated to version 5.2.1, fixing the issues and other bugs. The openfoam and openscad packages have been rebuilt against the updated cgal library. References: - https://bugs.mageia.org/show_bug.cgi?id=28881 - https://lists.fedoraproject.org/archives/list/
Jun 08, 2021
•Critical
Mageia
197
security advisorysecurity issuecriticalDebian 10: DLA-2650-1 High-Risk: GnuTLS Remote Exploitation Vulnerabilities
Four security issues have been discovered in cgal. A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL. CVE-2020-28601 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2649-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky May 04, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : cgal Version : 4.9-1+deb9u1 CVE ID : CVE-2020-28601 CVE-2020-28636 CVE-2020-35628 CVE-2020-35636 Four security issues have been discovered in cgal. A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL. CVE-2020-28601 An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability. CVE-2020-28636 An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh-> twin() An attacker can provide malicious input to trigger this vulnerability. CVE-2020-35628 An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh-> incident_sface. An attacker can provide malicious input to trigger this vulnerability. CVE-2020-35636 An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh-> volume(). An attacker can provide malicious input to trigger this vulnerability. For Debian 9 stretch, these problems have been fixed in version 4.9-1+deb9u1. We recommend that you upgrade your cgal packages. For the detailed security status of cgal please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/cgal Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at:https://wiki.debian.org/LTS . Uncover patches for cgal weaknesses in Debian LTS DLA-2650-1, tackling arbitrary code execution glitches and beyond.. Debian Security Advisory, CGAL Code Execution, Debian LTS Updates, cgal Security Fixes. . LinuxSecurity.com Team
May 05, 2021
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!