Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
100
security advisoryimportantpackagingopenSUSE 15.6 TIFF Important Signed Integer Overflow Vuln 2026-1967-1
An update that solves one vulnerability can now be installed.. # Security update for tiff Announcement ID: SUSE-SU-2026:1967-1 Release Date: 2026-05-18T08:13:02Z Rating: important References: * bsc#1260411 Cross-References: * CVE-2026-4775 CVSS scores: * CVE-2026-4775 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-4775 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-4775 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for tiff fixes the following issue * CVE-2026-4775: signed integer overflow in the `putcontig8bitYCbCr44tile` function (bsc#1260411). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1967=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1967=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1967=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1967=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1967=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) *tiff-debugsource-4.7.1-150600.3.26.1 * tiff-debuginfo-4.7.1-150600.3.26.1 * libtiff-devel-4.7.1-150600.3.26.1 * libtiff6-4.7.1-150600.3.26.1 * tiff-4.7.1-150600.3.26.1 * libtiff6-debuginfo-4.7.1-150600.3.26.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libtiff-devel-64bit-4.7.1-150600.3.26.1 * libtiff6-64bit-debuginfo-4.7.1-150600.3.26.1 * libtiff6-64bit-4.7.1-150600.3.26.1 * openSUSE Leap 15.6 (x86_64) * libtiff6-32bit-debuginfo-4.7.1-150600.3.26.1 * libtiff-devel-32bit-4.7.1-150600.3.26.1 * libtiff6-32bit-4.7.1-150600.3.26.1 * openSUSE Leap 15.6 (noarch) * tiff-docs-4.7.1-150600.3.26.1 * libtiff-devel-docs-4.7.1-150600.3.26.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * tiff-debugsource-4.7.1-150600.3.26.1 * tiff-debuginfo-4.7.1-150600.3.26.1 * libtiff-devel-4.7.1-150600.3.26.1 * libtiff6-4.7.1-150600.3.26.1 * libtiff6-debuginfo-4.7.1-150600.3.26.1 * Basesystem Module 15-SP7 (x86_64) * libtiff6-32bit-debuginfo-4.7.1-150600.3.26.1 * libtiff6-32bit-4.7.1-150600.3.26.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * tiff-4.7.1-150600.3.26.1 * tiff-debugsource-4.7.1-150600.3.26.1 * tiff-debuginfo-4.7.1-150600.3.26.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * tiff-debugsource-4.7.1-150600.3.26.1 * tiff-debuginfo-4.7.1-150600.3.26.1 * libtiff-devel-4.7.1-150600.3.26.1 * libtiff6-4.7.1-150600.3.26.1 * libtiff6-debuginfo-4.7.1-150600.3.26.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libtiff6-32bit-debuginfo-4.7.1-150600.3.26.1 * libtiff6-32bit-4.7.1-150600.3.26.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * tiff-debugsource-4.7.1-150600.3.26.1 * tiff-debuginfo-4.7.1-150600.3.26.1 * libtiff-devel-4.7.1-150600.3.26.1 * libtiff6-4.7.1-150600.3.26.1 * libtiff6-debuginfo-4.7.1-150600.3.26.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) *libtiff6-32bit-debuginfo-4.7.1-150600.3.26.1 * libtiff6-32bit-4.7.1-150600.3.26.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4775.html * https://bugzilla.suse.com/show_bug.cgi?id=1260411 . SUSE provides an important update for tiff patching CVE-2026-4775 to enhance system security and stability.. SUSE tiff update signed integer overflow patch CVE-2026-4775. . Severity: Important. LinuxSecurity.com Team
May 18, 2026
•Important
SuSE
217
security advisoryDoSpackagingOracle Linux 8: ELSA-2025-3210 Important Update: podman DoS
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-3210 http://linux.oracle.com/errata/ELSA-2025-3210.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: aardvark-dns-1.10.1-2.module+el8.10.0+90541+332b2aa7.x86_64.rpm buildah-1.33.12-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm buildah-tests-1.33.12-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm cockpit-podman-84.1-1.module+el8.10.0+90541+332b2aa7.noarch.rpm conmon-2.1.10-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm containernetworking-plugins-1.4.0-5.module+el8.10.0+90541+332b2aa7.x86_64.rpm containers-common-1-82.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm container-selinux-2.229.0-2.module+el8.10.0+90541+332b2aa7.noarch.rpm crit-3.18-5.module+el8.10.0+90541+332b2aa7.x86_64.rpm criu-3.18-5.module+el8.10.0+90541+332b2aa7.x86_64.rpm criu-devel-3.18-5.module+el8.10.0+90541+332b2aa7.x86_64.rpm criu-libs-3.18-5.module+el8.10.0+90541+332b2aa7.x86_64.rpm crun-1.14.3-2.module+el8.10.0+90541+332b2aa7.x86_64.rpm fuse-overlayfs-1.13-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm libslirp-4.4.0-2.module+el8.10.0+90541+332b2aa7.x86_64.rpm libslirp-devel-4.4.0-2.module+el8.10.0+90541+332b2aa7.x86_64.rpm netavark-1.10.3-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm podman-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm podman-catatonit-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm podman-docker-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.noarch.rpm podman-gvproxy-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm podman-plugins-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm podman-remote-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm podman-tests-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.x86_64.rpm python3-criu-3.18-5.module+el8.10.0+90541+332b2aa7.x86_64.rpm python3-podman-4.9.0-3.module+el8.10.0+90541+332b2aa7.noarch.rpm runc-1.1.12-6.module+el8.10.0+90541+332b2aa7.x86_64.rpm skopeo-1.14.5-3.module+el8.10.0+90541+332b2aa7.x86_64.rpm skopeo-tests-1.14.5-3.module+el8.10.0+90541+332b2aa7.x86_64.rpm slirp4netns-1.2.3-1.module+el8.10.0+90541+332b2aa7.x86_64.rpm udica-0.2.6-21.module+el8.10.0+90541+332b2aa7.noarch.rpm aarch64: aardvark-dns-1.10.1-2.module+el8.10.0+90541+332b2aa7.aarch64.rpm buildah-1.33.12-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm buildah-tests-1.33.12-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm cockpit-podman-84.1-1.module+el8.10.0+90541+332b2aa7.noarch.rpm conmon-2.1.10-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm containernetworking-plugins-1.4.0-5.module+el8.10.0+90541+332b2aa7.aarch64.rpm containers-common-1-82.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm container-selinux-2.229.0-2.module+el8.10.0+90541+332b2aa7.noarch.rpm crit-3.18-5.module+el8.10.0+90541+332b2aa7.aarch64.rpm criu-3.18-5.module+el8.10.0+90541+332b2aa7.aarch64.rpm criu-devel-3.18-5.module+el8.10.0+90541+332b2aa7.aarch64.rpm criu-libs-3.18-5.module+el8.10.0+90541+332b2aa7.aarch64.rpm crun-1.14.3-2.module+el8.10.0+90541+332b2aa7.aarch64.rpm fuse-overlayfs-1.13-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm libslirp-4.4.0-2.module+el8.10.0+90541+332b2aa7.aarch64.rpm libslirp-devel-4.4.0-2.module+el8.10.0+90541+332b2aa7.aarch64.rpm netavark-1.10.3-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm podman-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm podman-catatonit-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm podman-docker-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.noarch.rpm podman-gvproxy-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm podman-plugins-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm podman-remote-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm podman-tests-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.aarch64.rpm python3-criu-3.18-5.module+el8.10.0+90541+332b2aa7.aarch64.rpm python3-podman-4.9.0-3.module+el8.10.0+90541+332b2aa7.noarch.rpm runc-1.1.12-6.module+el8.10.0+90541+332b2aa7.aarch64.rpm skopeo-1.14.5-3.module+el8.10.0+90541+332b2aa7.aarch64.rpm skopeo-tests-1.14.5-3.module+el8.10.0+90541+332b2aa7.aarch64.rpm slirp4netns-1.2.3-1.module+el8.10.0+90541+332b2aa7.aarch64.rpm udica-0.2.6-21.module+el8.10.0+90541+332b2aa7.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//aardvark-dns-1.10.1-2.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//buildah-1.33.12-1.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//cockpit-podman-84.1-1.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//conmon-2.1.10-1.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//containernetworking-plugins-1.4.0-5.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//containers-common-1-82.0.1.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//container-selinux-2.229.0-2.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//criu-3.18-5.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//crun-1.14.3-2.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//fuse-overlayfs-1.13-1.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//libslirp-4.4.0-2.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//netavark-1.10.3-1.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//podman-4.9.4-20.0.1.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-podman-4.9.0-3.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//runc-1.1.12-6.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//skopeo-1.14.5-3.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//slirp4netns-1.2.3-1.module+el8.10.0+90541+332b2aa7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//udica-0.2.6-21.module+el8.10.0+90541+332b2aa7.src.rpm Related CVEs: CVE-2025-22869 Description ofchanges: aardvark-dns buildah cockpit-podman conmon containernetworking-plugins containers-common [1-82.0.1] - Updated removed references [Orabug: 33473101] (Alex Burmashev) - Adjust registries.conf (Nikita Gerasimov) - remove references to RedHat registry (Nikita Gerasimov) [2:1-82] - update vendored components - Resolves: RHEL-40801 [2:1-81] - Update shortnames from Pyxis - Related: Jira:RHEL-2110 [2:1-80] - bump release to preserve upgrade path - Resolves: Jira:RHEL-12277 [2:1-59] - update vendored components - Related: Jira:RHEL-2110 [2:1-58] - update vendored components - Related: Jira:RHEL-2110 [2:1-57] - fix shortnames for rhel-minimal - Related: Jira:RHEL-2110 [2:1-56] - implement GPG auto updating mechanism from redhat-release - Resolves: #RHEL-2110 [2:1-55] - update GPG keys to the current content of redhat-release - Resolves: #RHEL-3164 [2:1-54] - update vendored components and shortnames - Related: #2176055 [2:1-53] - update vendored components - Related: #2176055 [2:1-52] - update vendored components - Related: #2176055 [2:1-51] - be sure default_capabilities contain SYS_CHROOT - Resolves: #2166195 [2:1-50] - improve shortnames generation - Related: #2176055 [2:1-49] - update vendored components and configuration files - Related: #2123641 [2:1-48] - update vendored components and configuration files - Related: #2123641 [2:1-47] - enable NET_RAW capability for RHEL8 only - Related: #2123641 [2:1-46] - update vendored components and configuration files - Related: #2123641 [2:1-45] - update vendored components and configuration files - Related: #2123641 [2:1-44] - update vendored components and configuration files - Related: #2123641 [2:1-43] - update vendored components and configuration files - Related: #2123641 [2:1-42] - update vendored components and configuration files - Related: #2123641 [2:1-41] - add beta GPG key - Related: #2123641 [2:1-40] - add beta keys to default-policy.json - Related: #2061390 [2:1-39] - update shortnames - Related: #2061390 [2:1-38] - archlimitation because of go-md2man (missing on i686) - Related: #2061390 [2:1-37] - add install section - update vendored components - Related: #2061390 [2:1-36] - remove aardvark-dns and netavark - packaged separately - update vendored components and configuration files - Related: #2061390 [2:1-35] - update vendored components and configuration files - Related: #2061390 [2:1-34] - remove rhel-els and update shortnames - Related: #2061390 [2:1-33] - update shortnames - Related: #2061390 [2:1-32] - additional fix for unqualified registries - Related: #2061390 [2:1-31] - fix unqualified registries - Related: #2061390 [2:1-30] - update vendored components and configuration files - Related: #2061390 [2:1-29] - update unqualified registries list - Related: #2061390 [2:1-28] - update aardvark-dns and netavark to 1.0.3 - update vendored components - Related: #2061390 [2:1-27] - add man page sources too - Related: #2061390 [2:1-26] - add missing man pages from Fedora - Related: #2061390 [2:1-25] - allow consuming aardvark-dns and netavark from upstream branch - Related: #2061390 [2:1-24] - update to netavark and aardvark-dns 1.0.2 - update vendored components - Related: #2061390 [2:1-23] - update to netavark and aardvark-dns 1.0.1 - Related: #2001445 [2:1-22] - build rust packages with RUSTFLAGS set to make ExecShield happy - Related: #2001445 [2:1-21] - do not specify infra_image in containers.conf - needed to resolve gating test failures - Related: #2001445 [2:1-20] - update to netavark-1.0.0 and aardvark-dns-1.0.0 - Related: #2001445 [2:1-19] - package aarvark-dns and netavark as part of the containers-common - Related: #2001445 [2:1-18] - update shortnames and vendored components - Related: #2001445 [2:1-17] - containers.conf should contain network_backend = "cni" in RHEL8.6 - Related: #2001445 [2:1-16] - update vendored components and configuration files - Related: #2001445 [2:1-15] - sync vendored components - Related: #2001445 [2:1-14] - sync vendored components - Related:#2001445 [2:1-13] - update shortnames from Pyxis - Related: #2001445 [2:1-12] - do not allow broken content from Pyxis to land in shortnames.conf - Related: #2001445 [2:1-11] - sync vendored components - update shortnames from Pyxis - Related: #2001445 [2:1-10] - use log_driver = "journald" and events_logger = "journald" for RHEL9 - Related: #2001445 [2:1-9] - consume seccomp.json from the oldest vendored version of c/common, not main branch - Related: #2001445 [2:1-8] - update vendored components - Related: #2001445 [2:1-7] - make log_driver = "k8s-file" default in containers.conf - Related: #2001445 [2:1-6] - sync vendored components - Related: #2001445 [2:1-5] - update to the new vendored components - Related: #2001445 [2:1-4] - update to the new vendored components - Related: #2001445 [2:1-3] - update to the new vendored components - Related: #2001445 [2:1-2] - synchronize config files for RHEL-8.5 - Related: #1934415 [2:1-1] - initial import - Related: #1934415 container-selinux criu crun fuse-overlayfs libslirp netavark oci-seccomp-bpf-hook podman [4.9.4-20.0.1] - Fixes issue of container created in cgroupv2 not start in cgroupv1 [Orabug: 36136813] - Fixes container memory limit not set after host is rebooted with cgroupv2 [Orabug: 36136802] - Fixes issue of podman execvp error while using podmansh [Orabug: 36756665] [4:4.9.4-20] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/0e11f82) - fixes "CVE-2025-22869 container-tools:rhel8/podman: Potential denial of service in golang.org/x/crypto [rhel-8.10.z]" - Resolves: RHEL-81299 python-podman runc skopeo slirp4netns udica _______________________________________________ El-errata mailing list
Apr 04, 2025
•Important
Oracle
172
security advisoryremote attackupgradeUbuntu 16.10: USN-3114-2 Moderate: Nginx Packaging Regression
USN-3114-1 introduced a regression in nginx packaging.. =========================================================================Ubuntu Security Notice USN-3114-2 October 27, 2016 nginx regression ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: USN-3114-1 introduced a regression in nginx packaging. Software Description: - nginx: small, powerful, scalable web/proxy server Details: USN-3114-1 fixed a vulnerability in nginx. A packaging issue prevented nginx from being reinstalled or upgraded to a subsequent release. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Dawid Golunski discovered that the nginx package incorrectly handled log file permissions. A remote attacker could possibly use this issue to obtain root privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: nginx-common 1.10.1-0ubuntu1.2 nginx-core 1.10.1-0ubuntu1.2 nginx-extras 1.10.1-0ubuntu1.2 nginx-full 1.10.1-0ubuntu1.2 nginx-light 1.10.1-0ubuntu1.2 Ubuntu 16.04 LTS: nginx-common 1.10.0-0ubuntu0.16.04.4 nginx-core 1.10.0-0ubuntu0.16.04.4 nginx-extras 1.10.0-0ubuntu0.16.04.4 nginx-full 1.10.0-0ubuntu0.16.04.4 nginx-light 1.10.0-0ubuntu0.16.04.4 Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.7 nginx-core 1.4.6-1ubuntu3.7 nginx-extras 1.4.6-1ubuntu3.7 nginx-full 1.4.6-1ubuntu3.7 nginx-light 1.4.6-1ubuntu3.7 In general, a standard system update will make all the necessarychanges. References: https://ubuntu.com/security/notices/USN-3114-2 https://ubuntu.com/security/notices/USN-3114-1 https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1637058 Package Information: https://launchpad.net/ubuntu/+source/nginx/1.10.1-0ubuntu1.2 https://launchpad.net/ubuntu/+source/nginx/1.10.0-0ubuntu0.16.04.4 https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.7 . Nginx updates were rolled out in Ubuntu on October 22, 2017, addressing bugs stemming from earlier security patches.. Nginx Regression, Security Notice, Package Update, Ubuntu Security. . LinuxSecurity.com Team
Oct 27, 2016
Ubuntu
89
security advisoryfedorasoftware updateFedora 11 Update: Evolution-RSS Security Advisory for Firefox 3.5.3
Update to new upstream Firefox version 3.5.3, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.5/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-9505 2009-09-11 22:40:07 -------------------------------------------------------------------------------- Name : evolution-rss Product : Fedora 11 Version : 0.1.4 Release : 3.fc11 URL : Summary : Evolution RSS Reader Description : This is an evolution plugin which enables evolution to read rss feeds. -------------------------------------------------------------------------------- Update Information: Update to new upstream Firefox version 3.5.3, fixing multiple security issues detailed in the upstream advisories: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.5/ Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 9 2009 Jan Horak - 0.1.4-3 - Rebuild against newer gecko * Wed Aug 26 2009 Lucian Langa - 0.1.4-2 - fix source * Tue Aug 25 2009 Lucian Langa - 0.1.4-1 - force main render gecko - drop patch0 fixed upstream - new upstream release * Mon Aug 3 2009 Christopher Aillon - 0.1.2-12 - Rebuild against newer gecko * Fri Jul 17 2009 Jan Horak - 0.1.2-11 - Rebuild against newer gecko * Tue Jun 30 2009 Christopher Aillon - 0.1.2-10 - Rebuild against newer gecko -------------------------------------------------------------------------------- References: [ 1 ] Bug #521684 - CVE-2009-3069 Firefox 3.5 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521684 [ 2 ] Bug #521686 - CVE-2009-3070 Firefox 3.5 3.0.14 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521686 [ 3 ] Bug #521687 - CVE-2009-3071 Firefox 3.5.2 3.0.14 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521687 [ 4 ] Bug #521688 - CVE-2009-3072 Firefox 3.5.3 3.0.14 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521688 [ 5 ] Bug #521689 - CVE-2009-3073 Firefox 3.5 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521689 [ 6 ] Bug #521690 - CVE-2009-3074 Firefox 3.5 3.0.14 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521690 [ 7 ] Bug #521691 - CVE-2009-3075 Firefox 3.5.2 3.0.14 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=521691 [ 8 ] Bug #521693 - CVE-2009-3077 Firefox 3.5.3 3.0.14 TreeColumns dangling pointer vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=521693 [ 9 ] Bug #521694 - CVE-2009-3078 Firefox 3.5.3 3.0.14 Location bar spoofing via tall line-height Unicode characters https://bugzilla.redhat.com/show_bug.cgi?id=521694 [ 10 ] Bug #521695 - CVE-2009-3079 Firefox 3.5.3 3.0.14 Chrome privilege escalation with FeedWriter https://bugzilla.redhat.com/show_bug.cgi?id=521695 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update evolution-rss' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Sep 11, 2009
•Critical
Fedora
98
security advisorysoftware updateimportantRed Hat: RHSA-2021:4801-01 Critical: Freetype Buffer Overflow
Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team.. ==================================================================== Red Hat Security Advisory Synopsis: Important: freetype security update Advisory ID: RHSA-2009:1061-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:1061.html Issue date: 2009-05-22 CVE Names: CVE-2009-0946 ==================================================================== 1. Summary: Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine. Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946) Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have beenapplied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 491384 - CVE-2009-0946 freetype: multiple integer overflows 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: freetype-2.2.1-21.el5_3.i386.rpm freetype-debuginfo-2.2.1-21.el5_3.i386.rpm x86_64: freetype-2.2.1-21.el5_3.i386.rpm freetype-2.2.1-21.el5_3.x86_64.rpm freetype-debuginfo-2.2.1-21.el5_3.i386.rpm freetype-debuginfo-2.2.1-21.el5_3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: freetype-debuginfo-2.2.1-21.el5_3.i386.rpm freetype-demos-2.2.1-21.el5_3.i386.rpm freetype-devel-2.2.1-21.el5_3.i386.rpm x86_64: freetype-debuginfo-2.2.1-21.el5_3.i386.rpm freetype-debuginfo-2.2.1-21.el5_3.x86_64.rpm freetype-demos-2.2.1-21.el5_3.x86_64.rpm freetype-devel-2.2.1-21.el5_3.i386.rpm freetype-devel-2.2.1-21.el5_3.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: freetype-2.2.1-21.el5_3.i386.rpm freetype-debuginfo-2.2.1-21.el5_3.i386.rpm freetype-demos-2.2.1-21.el5_3.i386.rpm freetype-devel-2.2.1-21.el5_3.i386.rpm ia64: freetype-2.2.1-21.el5_3.i386.rpm freetype-2.2.1-21.el5_3.ia64.rpm freetype-debuginfo-2.2.1-21.el5_3.i386.rpm freetype-debuginfo-2.2.1-21.el5_3.ia64.rpm freetype-demos-2.2.1-21.el5_3.ia64.rpm freetype-devel-2.2.1-21.el5_3.ia64.rpm ppc: freetype-2.2.1-21.el5_3.ppc.rpm freetype-2.2.1-21.el5_3.ppc64.rpm freetype-debuginfo-2.2.1-21.el5_3.ppc.rpm freetype-debuginfo-2.2.1-21.el5_3.ppc64.rpm freetype-demos-2.2.1-21.el5_3.ppc.rpm freetype-devel-2.2.1-21.el5_3.ppc.rpm freetype-devel-2.2.1-21.el5_3.ppc64.rpm s390x: freetype-2.2.1-21.el5_3.s390.rpm freetype-2.2.1-21.el5_3.s390x.rpm freetype-debuginfo-2.2.1-21.el5_3.s390.rpm freetype-debuginfo-2.2.1-21.el5_3.s390x.rpm freetype-demos-2.2.1-21.el5_3.s390x.rpm freetype-devel-2.2.1-21.el5_3.s390.rpm freetype-devel-2.2.1-21.el5_3.s390x.rpm x86_64: freetype-2.2.1-21.el5_3.i386.rpm freetype-2.2.1-21.el5_3.x86_64.rpm freetype-debuginfo-2.2.1-21.el5_3.i386.rpm freetype-debuginfo-2.2.1-21.el5_3.x86_64.rpm freetype-demos-2.2.1-21.el5_3.x86_64.rpm freetype-devel-2.2.1-21.el5_3.i386.rpm freetype-devel-2.2.1-21.el5_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2009-0946 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2009 Red Hat, Inc. . Crucial security patch for freetype on Red Hat Enterprise Linux focused on fixing integer overflow vulnerabilities and mitigating crash risks.. Freetype Security Update, Integer Overflow, Red Hat Enterprise. . Severity: Important. LinuxSecurity.com Team
May 22, 2009
•Important
Red Hat
89
security advisoryupdateFedoraFedora: Fedora-2006-166 Moderate: gnome-vfs2 Packaging Error Fix
A new version of the gnome-vfs2 package fixes a packaging error.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2006-166 2006-03-24 ---------------------------------------------------------------------Product : Fedora Core 5 Name : gnome-vfs2 Version : 2.14.0 Release : 2 Summary : The GNOME virtual file-system libraries. Description : GNOME VFS is the GNOME virtual file system. It is the foundation of the Nautilus file manager. It provides a modular architecture and ships with several modules that implement support for file systems, http, ftp, and others. It provides a URI-based API, backend supporting asynchronous file operations, a MIME type manipulation library, and other features. ---------------------------------------------------------------------Update Information: A new version of the gnome-vfs2 package fixes a packaging error. ---------------------------------------------------------------------* Wed Mar 15 2006 Ray Strode - 2.14.0-2 - don't try to install a schema we don't ship anymore (bug 185549) ---------------------------------------------------------------------This update can be downloaded from: 76dd75e442f513490eef46ac28cbfba4a483a8b7 SRPMS/gnome-vfs2-2.14.0-2.src.rpm 569d1ff64f2f78ce647a0e31513afee41ff60701 ppc/gnome-vfs2-2.14.0-2.ppc.rpm bb1362cf40da47014903b070f57c18c2736c3814 ppc/gnome-vfs2-devel-2.14.0-2.ppc.rpm 238996f0fddf511a9e157a96627233408bea322c ppc/gnome-vfs2-smb-2.14.0-2.ppc.rpm 3113815a8d823084e998a610731abf96c72e686b ppc/debug/gnome-vfs2-debuginfo-2.14.0-2.ppc.rpm 9ec15a90ace1f20be390d3287f6ca4eaae21b42e x86_64/gnome-vfs2-2.14.0-2.x86_64.rpm 4671667ee40a0dcce578ca95486e629e0c00ada0 x86_64/gnome-vfs2-devel-2.14.0-2.x86_64.rpm 0cc5ad8fec72572f941224f466714663539eccf2 x86_64/gnome-vfs2-smb-2.14.0-2.x86_64.rpm 057fa32f5d90696feee5eaaf7eaa6f7cd8569661 x86_64/debug/gnome-vfs2-debuginfo-2.14.0-2.x86_64.rpm 4c3fb2e639099aef70a30ff17d27c7a974d5cf21 i386/gnome-vfs2-2.14.0-2.i386.rpm 121c76195abc86e5ee1dbc6cef7903c69494f5f6 i386/gnome-vfs2-devel-2.14.0-2.i386.rpm 7cb07af54898ad12c8d111e1ca0cc847f7d33b92 i386/gnome-vfs2-smb-2.14.0-2.i386.rpm 3ad040c244ade95cde221de053d367aabceef441 i386/debug/gnome-vfs2-debuginfo-2.14.0-2.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . ----------------------------------------------------------------------- fedora-announce-list mailing list
Mar 24, 2006
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!