Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
202
security advisorybuffer overflowcriticalopenSUSE 2026 Critical osslsigncode Memory Corruption DoS 2026-0115-1
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for osslsigncode ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0115-1 Rating: critical References: #1260680 Cross-References: CVE-2025-70888 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for osslsigncode fixes the following issues: - Update to 2.13 (boo#1260680, CVE-2025-70888): * fixed integer overflows when processing APPX compressed data streams * fixed double-free vulnerabilities in APPX file processing * fixed multiple memory corruption issues in PE page hash computation - Changes from 2.12: * fixed a buffer overflow while extracting message digests - Changes from 2.11: * added keyUsage validation for signer certificate * added printing CRL details during signature verification * implemented a workaround for CRL servers returning the HTTP Content-Type header other than application/pkix-crl * fixed HTTP keep-alive handling * fixed macOS compiler and linker flags * fixed undefined BIO_get_fp() behavior with BIO_FLAGS_UPLINK_INTERNAL - update to 2.10: * added JavaScript signing * added PKCS#11 provider support (requires OpenSSL 3.0+) * added support for providers without specifying "-pkcs11module" option * (OpenSSL 3.0+, e.g., for the upcoming CNG provider) * added compatibility with the CNG engine version 1.1 or later * added the "-engineCtrl" option to control hardware and CNG engines * added the '-blobFile' option to specify a file containing the blob content * improved unauthenticated blob support (thanks to Asger Hautop Drewsen) * improved UTF-8 handling for certificate subjects and issuers *fixed support for multiple signerInfo contentType OIDs (CTL and Authenticode) * fixed tests for python-cryptography > = 43.0.0 - update to version 2.9: * added a 64 bit long pseudo-random NONCE in the TSA request * missing NID_pkcs9_signingTime is no longer an error * added support for PEM-encoded CRLs * fixed the APPX central directory sorting order * added a special "-" file name to read the passphrase from stdin * used native HTTP client with OpenSSL 3.x, removing libcurl dependency * added '-login' option to force a login to PKCS11 engines * added the "-ignore-crl" option to disable fetching and verifying CRL Distribution Points * changed error output to stderr instead of stdout * various testing framework improvements * various memory corruption fixes - update to version 2.8: * Microsoft PowerShell signing sponsored by Cisco Systems, Inc. * fixed setting unauthenticated attributes (Countersignature, Unauthenticated * Data Blob) in a nested signature * added the "-index" option to verify a specific signature or modify its unauthenticated attributes * added CAT file verification * added listing the contents of a CAT file with the "-verbose" option * added the new "extract-data" command to extract a PKCS#7 data content to be signed with "sign" and attached with "attach-signature" * added PKCS9_SEQUENCE_NUMBER authenticated attribute support * added the "-ignore-cdp" option to disable CRL Distribution Points (CDP) online verification * unsuccessful CRL retrieval and verification changed into a critical error the "-p" option modified to also use to configured proxy to connect CRL Distribution Points * added implicit allowlisting of the Microsoft Root Authority serial number 00C1008B3C3C8811D13EF663ECDF40 * added listing of certificate chain retrieved from the signature in case of verification failure -update to 2.7.0 * fixed signing CAB files (by Michael Brown) * fixed handling of unsupported commands (by Maxim Bagryantsev) * fixed writing DIFAT sectors * added APPX support (by Maciej Panek and Ma\u0142gorzata Olszwka) * added a built-in TSA response generation (-TSA-certs, -TSA-key and -TSA-time options) * added verification of CRLs specified in the signing certificate * added MSI DIFAT sectors support (by Max Bagryantsev) * added the "-h" option to set the cryptographic hash function for the "attach -signature" and "add" commands * set the default hash function to "sha256" * added the "attach-signature" option to compute and compare the leaf certificate hash for the "add" command * renamed the "-st" option "-time" * updated the "-time" option to also set explicit verification time * added the "-ignore-timestamp" option * removed the "-timestamp-expiration" option * numerous bugfixes * documentation updates Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2026-115=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): osslsigncode-2.13-bp156.2.3.1 References: https://www.suse.com/security/cve/CVE-2025-70888.html https://bugzilla.suse.com/1260680 . Critical security update for openSUSE's osslsigncode fixes multiple memory issues and buffer overflow risks effectively.. openSUSE osslsigncode critical security update memory overflow. . Severity: Critical. LinuxSecurity.com Team
Apr 03, 2026
•Critical
OpenSUSE
202
security advisorymoderatevulnerabilityopenSUSE Tumbleweed osslsigncode Moderate Update CVE-2025-70888
An update that solves one vulnerability can now be installed.. # osslsigncode-2.13-1.1 on GA media Announcement ID: openSUSE-SU-2026:10482-1 Rating: moderate Cross-References: * CVE-2025-70888 Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the osslsigncode-2.13-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * osslsigncode 2.13-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-70888.html . Update for openSUSE Tumbleweed addresses moderate issues in osslsigncode. Install to secure your system.. openSUSE Tumbleweed osslsigncode security update. . LinuxSecurity.com Team
Apr 03, 2026
OpenSUSE
89
security advisoryfedoraupdate informationFedora 42 OSSLSIGNCODE Update 2026-ab67a4d8b3 for Version 2.12
See commit history. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ab67a4d8b3 2026-02-12 01:09:28.578783+00:00 -------------------------------------------------------------------------------- Name : osslsigncode Product : Fedora 42 Version : 2.12 Release : 1.fc42 URL : https://github.com/mtrojnar/osslsigncode Summary : OpenSSL-based Authenticode signing for PE, CAB, CAT, MSI, APPX Description : osslsigncode is a small tool that implements part of the functionality of the Microsoft tool signtool.exe - more exactly the Authenticode signing and timestamping. But osslsigncode is based on OpenSSL and cURL, and thus should be able to compile on most platforms where these exist. -------------------------------------------------------------------------------- Update Information: See commit history -------------------------------------------------------------------------------- ChangeLog: * Mon Feb 2 2026 Packit - 2.12-1 - Update to 2.12 upstream release - Resolves: rhbz#2436077 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2436077 - osslsigncode-2.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2436077 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ab67a4d8b3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list
Feb 12, 2026
Fedora
89
security advisoryfedoraupdateDebian 12 OpenSSL 3.0.3 Security Update for 2026-5b7da93a41 Released
See commit history. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3c6cc85b52 2026-02-12 00:51:45.032320+00:00 -------------------------------------------------------------------------------- Name : osslsigncode Product : Fedora 43 Version : 2.12 Release : 1.fc43 URL : https://github.com/mtrojnar/osslsigncode Summary : OpenSSL-based Authenticode signing for PE, CAB, CAT, MSI, APPX Description : osslsigncode is a small tool that implements part of the functionality of the Microsoft tool signtool.exe - more exactly the Authenticode signing and timestamping. But osslsigncode is based on OpenSSL and cURL, and thus should be able to compile on most platforms where these exist. -------------------------------------------------------------------------------- Update Information: See commit history -------------------------------------------------------------------------------- ChangeLog: * Mon Feb 2 2026 Packit - 2.12-1 - Update to 2.12 upstream release - Resolves: rhbz#2436077 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2436077 - osslsigncode-2.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2436077 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3c6cc85b52' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list
Feb 12, 2026
•Important
Fedora
197
security advisoryupdatedebianDebian 11 osslsigncode Important Update CVE-2023-36377 DLA-4426-2
. Debian LTS Advisory DLA-4426-2
Jan 23, 2026
•Important
Debian LTS
197
security advisorybuffer overflowdebianDebian 11: Serious Buffer Overflow Flaw Detected in osslsigncode DLA-4426-1
A Buffer Overflow vulnerability has been found in osslsigncode, a OpenSSL based Authenticode signing tool for PE/MSI/Java CAB files, which possibly allows an malicious attacker to execute arbitrary code when signing a crafted file. For Debian 11 bullseye, this problem has been fixed in version. Debian LTS Advisory DLA-4426-1
Dec 30, 2025
•Important
Debian LTS
197
security advisorybuffer overflowcode executionDebian 10: DLA-3693-1 critical: osslsigncode buffer overflow
A Buffer Overflow vulnerability has been found in osslsigncode, a OpenSSL based Authenticode signing tool for PE/MSI/Java CAB files, which possibly allows an malicious attacker to execute arbitrary code when signing a crafted file. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3693-1
Dec 23, 2023
•Critical
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!