Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
89
security advisorysecurity issuefedoraCritical PAX Header Fix for rust-reqsign-file-read-tokio in Fedora 42
uv 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for CVE-2025-62518. ruff 0.14.2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-a77c1f005b 2025-11-03 01:05:58.219415+00:00 -------------------------------------------------------------------------------- Name : rust-reqsign-file-read-tokio Product : Fedora 42 Version : 2.0.0 Release : 1.fc42 URL : https://crates.io/crates/reqsign-file-read-tokio Summary : Tokio-based file reader implementation for reqsign Description : Tokio-based file reader implementation for reqsign. -------------------------------------------------------------------------------- Update Information: uv 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for CVE-2025-62518. ruff 0.14.2 https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md rust-astral-tokio-tar 0.5.6 Fixed a parser desynchronization vulnerability when reading tar archives that contain mismatched size information in PAX/ustar headers. This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx and CVE-2025-62518. Initial package for python-uv-build in Fedora 42 Initial packages for a number of new dependencies for ruff and uv Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1 Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2025 Benjamin A. Beasley - 2.0.0-1 - Update to version 2.0.0 * Wed Oct 8 2025 Benjamin A. Beasley - 1.0.0-1 - Initial package (close RHBZ#2400101) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2360699 - ruff-0.14.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2360699 [ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402441 [ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402442 [ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402443 [ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402881 [ 6 ] Bug #2402923 - uv-0.9.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402923 [ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2405474 [ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2405476 [ 9 ] Bug #2406135 - ruff-0.14.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2406135 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 03, 2025
•Critical
Fedora
89
security advisorydenial of servicefedoraFedora 42: ruff 0.14.2 Important Parser Fix CVE-2025-62518 Advisory
uv 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for CVE-2025-62518. ruff 0.14.2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-a77c1f005b 2025-11-03 01:05:58.219415+00:00 -------------------------------------------------------------------------------- Name : ruff Product : Fedora 42 Version : 0.14.2 Release : 1.fc42 URL : https://github.com/astral-sh/ruff Summary : Extremely fast Python linter and code formatter Description : An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort, pydocstyle, pyupgrade, autoflake, and more, all while executing tens or hundreds of times faster than any individual tool. -------------------------------------------------------------------------------- Update Information: uv 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for CVE-2025-62518. ruff 0.14.2 https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md rust-astral-tokio-tar 0.5.6 Fixed a parser desynchronization vulnerability when reading tar archives that contain mismatched size information in PAX/ustar headers. This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx and CVE-2025-62518. Initial package for python-uv-build in Fedora 42 Initial packages for a number of new dependencies for ruff and uv Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1 Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2025 Benjamin A. Beasley - 0.14.2-1 - Update to version 0.14.2; FixesRHBZ#2406135 * Wed Oct 22 2025 Benjamin A. Beasley - 0.14.1-2 - Double _smp_tasksize_proc again - Builds for F41 were failing consistently on s390x * Mon Oct 20 2025 Benjamin A. Beasley - 0.14.1-1 - Update to 0.14.1 (close RHBZ#2360699) * Mon Oct 20 2025 Benjamin A. Beasley - 0.14.0-2 - Skip salsa\u2019s execute_cancellation tests on all architectures * Mon Oct 20 2025 Benjamin A. Beasley - 0.14.0-1 - Update to 0.14.0 * Mon Oct 20 2025 Benjamin A. Beasley - 0.13.3-1 - Update to 0.13.3 * Mon Oct 20 2025 Benjamin A. Beasley - 0.13.2-1 - Update to 0.13.2 * Thu Oct 16 2025 Gordon Messmer - 0.12.1-2 - Use rpm's native resource tunable to limit parallelism. * Wed Sep 24 2025 Benjamin A. Beasley - 0.12.1-1 - Update to 0.12.1 * Wed Sep 24 2025 Benjamin A. Beasley - 0.12.0-1 - Update to 0.12.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2360699 - ruff-0.14.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2360699 [ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402441 [ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402442 [ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402443 [ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402881 [ 6 ] Bug #2402923 - uv-0.9.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402923 [ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2405474 [ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2405476 [ 9 ] Bug #2406135 - ruff-0.14.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2406135 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . A security advisory for Fedora 42 regarding ruff 0.14.2 that addresses a critical parser issue. Immediate action is needed.. Fedora ruff update, security advisory Fedora 42, Python linter security fix, denial of service ruff. . Severity: Important. LinuxSecurity.com Team
Nov 03, 2025
•Important
Fedora
202
security advisorymoderateopenSUSEopenSUSE: 2019:2438-1 Moderate: Python3 Parser Fix and XSS
An update that solves two vulnerabilities and has three fixes is now available.. openSUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:2438-1 Rating: moderate References: #1149121 #1149792 #1149955 #1151490 #1153238 Cross-References: CVE-2019-16056 CVE-2019-16935 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for python3 to 3.6.9 fixes the following issues: Security issues fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Non-security issues fixed: - Fixed regression of OpenSSL 1.1.1b-1 in EVP_PBE_scrypt() with salt=NULL. (bsc#1151490) - Improved locale handling by implementing PEP 538. This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-2438=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): libpython3_6m1_0-3.6.9-lp151.6.4.1 libpython3_6m1_0-debuginfo-3.6.9-lp151.6.4.1 python3-3.6.9-lp151.6.4.1 python3-base-3.6.9-lp151.6.4.1 python3-base-debuginfo-3.6.9-lp151.6.4.1 python3-base-debugsource-3.6.9-lp151.6.4.1 python3-curses-3.6.9-lp151.6.4.1 python3-curses-debuginfo-3.6.9-lp151.6.4.1 python3-dbm-3.6.9-lp151.6.4.1 python3-dbm-debuginfo-3.6.9-lp151.6.4.1 python3-debuginfo-3.6.9-lp151.6.4.1 python3-debugsource-3.6.9-lp151.6.4.1 python3-devel-3.6.9-lp151.6.4.1 python3-devel-debuginfo-3.6.9-lp151.6.4.1 python3-idle-3.6.9-lp151.6.4.1 python3-testsuite-3.6.9-lp151.6.4.1 python3-testsuite-debuginfo-3.6.9-lp151.6.4.1 python3-tk-3.6.9-lp151.6.4.1 python3-tk-debuginfo-3.6.9-lp151.6.4.1 python3-tools-3.6.9-lp151.6.4.1 - openSUSE Leap 15.1 (x86_64): libpython3_6m1_0-32bit-3.6.9-lp151.6.4.1 libpython3_6m1_0-32bit-debuginfo-3.6.9-lp151.6.4.1 python3-32bit-3.6.9-lp151.6.4.1 python3-32bit-debuginfo-3.6.9-lp151.6.4.1 python3-base-32bit-3.6.9-lp151.6.4.1 python3-base-32bit-debuginfo-3.6.9-lp151.6.4.1 References: https://www.suse.com/security/cve/CVE-2019-16056.html https://www.suse.com/security/cve/CVE-2019-16935.html https://bugzilla.suse.com/1149121 https://bugzilla.suse.com/1149792 https://bugzilla.suse.com/1149955 https://bugzilla.suse.com/1151490 https://bugzilla.suse.com/1153238 -- . A recent openSUSE upgrade resolves moderate security flaws in python3, correcting parser bugs and mitigating XSS vulnerabilities.. openSUSE Updates, Python3 Security, Application Fixes, Security Patches. . LinuxSecurity.com Team
Nov 05, 2019
OpenSUSE
89
security advisorycritical issueFedoraFedora 24: 2016-ca6cc3ce3e Critical: GStreamer Parser Fix
Fix h264 and h265 parser size checks. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-ca6cc3ce3e 2016-12-09 19:11:31.105603 -------------------------------------------------------------------------------- Name : gstreamer1-plugins-bad-free Product : Fedora 24 Version : 1.8.3 Release : 3.fc24 URL : https://gstreamer.freedesktop.org/ Summary : GStreamer streaming media framework "bad" plugins Description : GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins that aren't tested well enough, or the code is not of good enough quality. -------------------------------------------------------------------------------- Update Information: Fix h264 and h265 parser size checks -------------------------------------------------------------------------------- References: [ 1 ] Bug #1401946 - CVE-2016-9809 CVE-2016-9812 CVE-2016-9813 gstreamer1-plugins-bad-free: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1401946 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade gstreamer1-plugins-bad-free' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Dec 10, 2016
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!