Explore top 10 tips to secure your open-source projects now. Read More
×
One vulnerability has been discovered in the Linux kernel that may lead to a local privilege escalation. For the oldstable distribution (bookworm), this problem has been fixed in version 6.1.172-1. We recommend that you upgrade your linux packages.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6275-1
Two integer overflows were discovered in the LittleCMS 2 colour management library. For the oldstable distribution (bookworm), this problem has been fixed in version 2.14-2+deb12u1. For the stable distribution (trixie), this problem has been fixed in. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6262-1
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-7569 http://linux.oracle.com/errata/ELSA-2025-7569.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: yelp-3.28.1-3.el8_10.1.x86_64.rpm yelp-libs-3.28.1-3.el8_10.1.i686.rpm yelp-libs-3.28.1-3.el8_10.1.x86_64.rpm yelp-xsl-3.28.0-2.el8_10.1.noarch.rpm yelp-devel-3.28.1-3.el8_10.1.i686.rpm yelp-devel-3.28.1-3.el8_10.1.x86_64.rpm aarch64: yelp-3.28.1-3.el8_10.1.aarch64.rpm yelp-libs-3.28.1-3.el8_10.1.aarch64.rpm yelp-xsl-3.28.0-2.el8_10.1.noarch.rpm yelp-devel-3.28.1-3.el8_10.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//yelp-3.28.1-3.el8_10.1.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//yelp-xsl-3.28.0-2.el8_10.1.src.rpm Related CVEs: CVE-2025-3155 Description of changes: yelp [2:3.28.1-3.1] - Fix CVE-2025-3155 (RHEL-85922) yelp-xsl [3.28.0-2.1] - Fix CVE-2025-3155 (RHEL-85922) _______________________________________________ El-errata mailing list
New libxslt packages are available for Slackware 15.0 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libxslt (SSA:2025-072-01) New libxslt packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/libxslt-1.1.43-i586-1_slack15.0.txz: Upgraded. This update addresses some security issues. Fix use-after-free of XPath context node. Fix UAF related to excluded namespaces. For more information, see: https://www.cve.org/CVERecord?id=CVE-2025-24855 https://www.cve.org/CVERecord?id=CVE-2024-55549 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libxslt-1.1.43-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libxslt-1.1.43-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libxslt-1.1.43-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libxslt-1.1.43-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: f1d1d2e5486264bdb2a74a503b895778 libxslt-1.1.43-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 541444169a37a7b5a95a4eaab902cfca libxslt-1.1.43-x86_64-1_slack15.0.txz Slackware -current package: eeac82872efa4ab96e496f8cdfdca5c3 l/libxslt-1.1.43-i686-1.txz Slackware x86_64 -current package: dc967349f714ec44bafee793def22bd5 l/libxslt-1.1.43-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg libxslt-1.1.43-i586-1_slack15.0.txz +-----+ . New libxslt packages for Slackware 15.0 fix important security issues related to use-after-free vulnerabilities.. libxslt, packages, slackware, -current, security, -----begi. . Severity: Important. LinuxSecurity.com Team
New libarchive packages are available for Slackware 15.0 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libarchive (SSA:2024-258-01) New libarchive packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/libarchive-3.7.5-i586-1_slack15.0.txz: Upgraded. This update fixes the following security issues: fix multiple vulnerabilities identified by SAST (#2251, #2256) cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258) lzop: prevent integer overflow (#2174) rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696) rar4: fix CVE-2024-26256 (#2269) rar4: fix OOB in delta and audio filter (#2148, #2149) rar4: fix out of boundary access with large files (#2179) rar4: add boundary checks to rgb filter (#2210) rar4: fix OOB access with unicode filenames (#2203) rar5: clear 'data ready' cache on window buffer reallocs (#2265) rpm: calculate huge header sizes correctly (#2158) unzip: unify EOF handling (#2175) util: fix out of boundary access in mktemp functions (#2160) uu: stop processing if lines are too long (#2168) For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-20696 https://www.cve.org/CVERecord?id=CVE-2024-26256 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: Updated package for Slackware x86_64 15.0: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 15.0 package: f3b7cdacc3d264f4bcc20f078c0c22b4 libarchive-3.7.5-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 2845ee62628435d7995d5351d6e84e79 libarchive-3.7.5-x86_64-1_slack15.0.txz Slackware -current package: cb11536dc6673f3c6b848229129d0363 l/libarchive-3.7.5-i686-1.txz Slackware x86_64 -current package: 35ec40489069558505b9db8bd66ca2c2 l/libarchive-3.7.5-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg libarchive-3.7.5-i586-1_slack15.0.txz +-----+ . New libarchive packages for Slackware 15.0 tackle various security concerns. Upgrading is advised for system protection.. libarchive Update, Slackware Security, Package Upgrade, SAST Issues, Linux Security Advisory. . Severity: Critical. LinuxSecurity.com Team
New httpd packages are available for Slackware 15.0 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2024-200-01) New httpd packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.62-i586-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. The first CVE is for Windows, but the second one is an additional fix for the source code disclosure regression when using AddType. Users are recommended to upgrade to version 2.4.62 which fixes this issue. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-40898 https://www.cve.org/CVERecord?id=CVE-2024-40725 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/httpd-2.4.62-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/httpd-2.4.62-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.62-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.62-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 26f16142dba75d509e78213ca5b78258 httpd-2.4.62-i586-1_slack15.0.txz Slackware x86_64 15.0 package: ebaaed99b90d8085efd2ade4e61dec98 httpd-2.4.62-x86_64-1_slack15.0.txz Slackware -currentpackage: c07f7b99705234a02bc0abbfe24c77e6 n/httpd-2.4.62-i586-1.txz Slackware x86_64 -current package: 963391e1167fa2b20f31f222f23d90ae n/httpd-2.4.62-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg httpd-2.4.62-i586-1_slack15.0.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ . Updated httpd packages for Slackware 15.0 released to mitigate serious security vulnerabilities and enhance stability through latest improvements.. Slackware httpd package upgrade, security advisory, apache fix, software update. . Severity: Important. LinuxSecurity.com Team
This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-40ee18b2e7 2024-06-02 03:36:56.060441 -------------------------------------------------------------------------------- Name : rust-cpc Product : Fedora 39 Version : 1.9.3 Release : 3.fc39 URL : Summary : Evaluates math expressions, with support for units and conversion between units Description : Evaluates math expressions, with support for units and conversion between units. -------------------------------------------------------------------------------- Update Information: This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority security and / or safety fixes in crate dependencies that had not yet been handled via a separate (targeted) rebuild: h2 v0.3.26+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0332.html glib v0.19.4+ and backports (UB): core/pull/1343 hashbrown v0.14.5+ (UB): https://github.com/rust-lang/hashbrown/pull/511 rustls v0.22.4+, v0.21.11+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0336.html -------------------------------------------------------------------------------- ChangeLog: * Thu May 23 2024 Fabio Valentini - 1.9.3-3 - Rebuild with Rust 1.78 to fix incomplete debuginfo and backtraces * Fri Jan 26 2024 Fedora Release Engineering - 1.9.3-2 -Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-40ee18b2e7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-ce2936b568 2024-05-26 01:25:15.719720 -------------------------------------------------------------------------------- Name : rust-uu_rm Product : Fedora 40 Version : 0.0.23 Release : 3.fc40 URL : Summary : rm ~ (uutils) remove PATHNAME Description : rm ~ (uutils) remove PATHNAME. -------------------------------------------------------------------------------- Update Information: This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority security and / or safety fixes in crate dependencies that had not yet been handled via a separate (targeted) rebuild: h2 v0.3.26+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0332.html glib v0.19.4+ and backports (UB): core/pull/1343 hashbrown v0.14.5+ (UB): https://github.com/rust-lang/hashbrown/pull/511 rustls v0.22.4+, v0.21.11+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0336.html -------------------------------------------------------------------------------- ChangeLog: * Thu May 23 2024 Fabio Valentini - 0.0.23-3 - Rebuild with Rust 1.78 to fix incomplete debuginfo and backtraces -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnfupgrade --advisory FEDORA-2024-ce2936b568' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.