Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
219
security advisoryDoSimportantRocky Linux RLSA-2026-7684 perl-HTML-Tidy Important HTML Security Update
Important: perl-XML-Parser security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:7681", "synopsis": "Important: perl-XML-Parser security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for perl-XML-Parser.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options may be provided when the XML::Parser object is created. These options are then passed on to the Expat object on each parse call. They can also be given as extra arguments to the parse methods, in which case they override options given at XML::Parser creation time.\n\nSecurity Fix(es):\n\n* perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files (CVE-2006-10003)\n\n* perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input (CVE-2006-10002)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2448999", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448999", "description": ""}, {"ticket": "2449001", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2449001", "description": ""}], "cves": [{"name": "CVE-2006-10002", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-10002", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3BaseScore": "6.5", "cwe":"CWE-131"}, {"name": "CVE-2006-10003", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-10003", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-193"}], "references": [], "publishedAt": "2026-04-14T12:01:12.815874Z", "rpms": {"Rocky Linux 8": {"nvras": ["perl-XML-Parser-0:2.44-12.el8_10.aarch64.rpm", "perl-XML-Parser-0:2.44-12.el8_10.src.rpm", "perl-XML-Parser-0:2.44-12.el8_10.x86_64.rpm", "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.aarch64.rpm", "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.x86_64.rpm", "perl-XML-Parser-debugsource-0:2.44-12.el8_10.aarch64.rpm", "perl-XML-Parser-debugsource-0:2.44-12.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Critical updates for perl-XML-Parser in Rocky Linux addressing XML parsing issues, ensuring system security.. perlextensions,nestedXML,heapcorruption. . Severity: Important. LinuxSecurity.com Team
Apr 14, 2026
•Important
Rocky Linux
99
security advisoryslackwarememory leakDebian GNU/Linux Security Update - DSA-2026-080-07 Released Today
New libxml2 packages are available for Slackware 15.0 and -current to fix security issues.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libxml2 (SSA:2026-070-02) New libxml2 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/libxml2-2.11.9-i586-8_slack15.0.txz: Rebuilt. This update fixes security issues: CVE-2026-1757 fix: Memory leak in xmllint Shell - shell.c CVE-2026-0990 fix: Prevent infinite recursion in xmlCatalogListXMLResolve CVE-2026-0992 fix: Exponential behavior when handling parser: Fix infinite loop in xmlCtxtParseContent CVE-2025-10911 libxslt related: Ignore next/prev of documents when traversing XPath CVE-2026-0989 fix: Add RelaxNG include limit Thanks to r1w1s1 for locating the backported patches. For more information, see: https://www.cve.org/CVERecord?id=CVE-2026-1757 https://www.cve.org/CVERecord?id=CVE-2026-0990 https://www.cve.org/CVERecord?id=CVE-2026-0992 https://www.cve.org/CVERecord?id=CVE-2025-10911 https://www.cve.org/CVERecord?id=CVE-2026-0989 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libxml2-2.11.9-i586-8_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libxml2-2.11.9-x86_64-8_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libxml2-2.15.2-i686-1.txz Updated package for Slackware x86_64-current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libxml2-2.15.2-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 5868328f253dc7040729ef0b057a429c libxml2-2.11.9-i586-8_slack15.0.txz Slackware x86_64 15.0 package: 7969553fbdf9ffdce4bfec2619ff38a6 libxml2-2.11.9-x86_64-8_slack15.0.txz Slackware -current package: a474110a92bac5d51ac8fb62c270b10d l/libxml2-2.15.2-i686-1.txz Slackware x86_64 -current package: 484f22dfed7a7391119bd53bebf8480f l/libxml2-2.15.2-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg libxml2-2.11.9-i586-8_slack15.0.txz +-----+ . New libxml2 packages for Slackware address several security fixes including memory leaks and infinite loop issues.. libxml2 packages Slackware updates security fixes. . Severity: Important. LinuxSecurity.com Team
Mar 11, 2026
•Important
Slackware
89
security advisoryfedoracriticalFedora 42: rust-reqsign-aws-v4 Critical PAX Header Desync CVE-2025-62518
uv 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for CVE-2025-62518. ruff 0.14.2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-a77c1f005b 2025-11-03 01:05:58.219415+00:00 -------------------------------------------------------------------------------- Name : rust-reqsign-aws-v4 Product : Fedora 42 Version : 2.0.0 Release : 1.fc42 URL : https://crates.io/crates/reqsign-aws-v4 Summary : AWS SigV4 signing implementation for reqsign Description : AWS SigV4 signing implementation for reqsign. -------------------------------------------------------------------------------- Update Information: uv 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for CVE-2025-62518. ruff 0.14.2 https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md rust-astral-tokio-tar 0.5.6 Fixed a parser desynchronization vulnerability when reading tar archives that contain mismatched size information in PAX/ustar headers. This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx and CVE-2025-62518. Initial package for python-uv-build in Fedora 42 Initial packages for a number of new dependencies for ruff and uv Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1 Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2025 Benjamin A. Beasley - 2.0.0-1 - Update to version 2.0.0 * Sat Oct 11 2025 Benjamin A. Beasley - 1.0.0-1 - Initial package (close RHBZ#2400195) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2360699 - ruff-0.14.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2360699 [ 2 ] Bug #2402441 -rust-reqsign-core-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402441 [ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402442 [ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402443 [ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402881 [ 6 ] Bug #2402923 - uv-0.9.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402923 [ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2405474 [ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2405476 [ 9 ] Bug #2406135 - ruff-0.14.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2406135 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 03, 2025
•Critical
Fedora
89
security advisorysoftware updateFedoraFedora 40 Update: Moderate Libipuz Crosswords Parser Security Patch
crosswords 0.3.13. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-e4717532c4 2024-05-25 01:04:07.908862 -------------------------------------------------------------------------------- Name : libipuz Product : Fedora 40 Version : 0.4.6.2 Release : 1.fc40 URL : Summary : Library for parsing .ipuz puzzle files Description : This is a library for parsing .ipuz puzzle files, for crossword puzzles, sudokus, etc. The library only handles crosswords for now. -------------------------------------------------------------------------------- Update Information: crosswords 0.3.13 -------------------------------------------------------------------------------- ChangeLog: * Mon May 20 2024 Davide Cavalca - 0.4.6.2-1 - Update to 0.4.6.2; Fixes: RHBZ#2281417 * Wed Mar 20 2024 Davide Cavalca - 0.4.5-4 - Add rust support in preparation for 0.4.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2281417 - libipuz-0.4.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2281417 [ 2 ] Bug #2281577 - crosswords-0.3.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=2281577 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-e4717532c4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list
May 25, 2024
Fedora
89
security advisoryFedoracritical updateFedora 36: FEDORA-2022-37aef44d1e Critical: Golang Parser Update
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- enable s390x build (rhbz#1971028). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-37aef44d1e 2022-07-30 01:52:05.591856 --------------------------------------------------------------------------------Name : golang-github-quay-goval-parser Product : Fedora 36 Version : 0.8.6 Release : 5.fc36 URL : https://github.com/quay/goval-parser Summary : OVAL parser written in go Description : OVAL parser written in go. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- enable s390x build (rhbz#1971028) --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G 0.8.6-5 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-37aef44d1e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list
Jul 29, 2022
•Critical
Fedora
89
security advisoryfedoraupdateUbuntu 22.04: UBUNTU-2022-abc1234567 Urgent: Python Log Parser Update
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-ea8f4e232d 2022-07-30 01:52:05.591840 --------------------------------------------------------------------------------Name : golang-github-euank-kmsg-parser Product : Fedora 36 Version : 2.0.1 Release : 9.fc36 URL : https://github.com/euank/go-kmsg-parser Summary : Simpler parser for the /dev/kmsg format Description : This package contains a library to allow parsing the /dev/kmsg device in Linux. This device provides a read-write interface to the Linux Kernel's ring buffer. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G - 2.0.1-9 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-ea8f4e232d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 29, 2022
•Critical
Fedora
203
security advisoryupdatememory leakMageia 7 Update: MGASA-2020-0020 Critical Memory Leak in Libxml2
The updated packages fix a security vulnerability: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-> oldNs. (CVE-2019-19956) . MGASA-2020-0020 - Updated libxml2 packages fix security vulnerability Publication date: 05 Jan 2020 URL: https://advisories.mageia.org/MGASA-2020-0020.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-19956 The updated packages fix a security vulnerability: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-> oldNs. (CVE-2019-19956) References: - https://bugs.mageia.org/show_bug.cgi?id=25985 - https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html - https://www.cve.org/CVERecord?id=CVE-2019-19956 SRPMS: - 7/core/libxml2-2.9.9-2.1.mga7 . Revised libxml2 frameworks for Mageia address a memory leak flaw, reinforcing overall system reliability and security.. libxml2 security, Mageia update, memory leak fix, parser vulnerability. . Severity: Critical. LinuxSecurity.com Team
Jan 05, 2020
•Critical
Mageia
202
security advisorymoderateupdateopenSUSE Leap 15.0: 2019:2095-1 Moderate: libmirage NULL Pointer Issue
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for libmirage ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:2095-1 Rating: moderate References: #1148728 Cross-References: CVE-2019-15757 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libmirage fixes the following issues: Security issues fixed: - CVE-2019-15757: Fixed NULL pointer dereference in the NRG parser (boo#1148728). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-2095=1 Package List: - openSUSE Leap 15.0 (x86_64): libmirage-3_2-3.2.2-lp150.2.6.1 libmirage-3_2-debuginfo-3.2.2-lp150.2.6.1 libmirage-debuginfo-3.2.2-lp150.2.6.1 libmirage-debugsource-3.2.2-lp150.2.6.1 libmirage-devel-3.2.2-lp150.2.6.1 libmirage11-3.2.2-lp150.2.6.1 libmirage11-debuginfo-3.2.2-lp150.2.6.1 typelib-1_0-libmirage-3_2-3.2.2-lp150.2.6.1 - openSUSE Leap 15.0 (noarch): libmirage-data-3.2.2-lp150.2.6.1 libmirage-lang-3.2.2-lp150.2.6.1 References: https://www.suse.com/security/cve/CVE-2019-15757.html https://bugzilla.suse.com/1148728 -- . Important patch for libmirage in openSUSE addresses NULL pointer dereference vulnerabilities and improves security measures.. openSUSE Libmirage Patch, Security Update, NULL Pointer Fix. . LinuxSecurity.com Team
Sep 08, 2019
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!