Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 99 articles for you...
89
security advisoryfedoraperformance enhancementFedora 43: Forgejo Bugfix Update Release 2025-210aed9692 Available
This is an upstream bugfix release. Please refer to the upstream release notes for details about changes in this version.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-210aed9692 2025-09-14 00:15:28.906619+00:00 -------------------------------------------------------------------------------- Name : forgejo Product : Fedora 43 Version : 12.0.2 Release : 1.fc43 URL : https://forgejo.org Summary : A lightweight software forge Description : Forgejo (pronounced /for\u02c8d\u0361\u0292e.jo/) is a lightweight software forge. Use it to host git repositories, track their issues and allow people to contribute to them! -------------------------------------------------------------------------------- Update Information: This is an upstream bugfix release. Please refer to the upstream release notes for details about changes in this version. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 4 2025 Nils Philippsen - 12.0.2-1 - Update to version 12.0.2 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-210aed9692' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 43 updates forgejo to version 12.0.2, incorporating various bug fixes designed to enhance performance and reliability. Check the release notes for further information.. Forgejo Update,Fedora Software,Software Forge. . Severity: Important. LinuxSecurity.com Team
Sep 14, 2025
•Important
Fedora
89
security advisoryupdateFedoraFedora 40: FEDORA-2024-075f626765 critical: uv command injection fix
An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: ⢠âï¸ Drop-in replacement for common pip, pip-tools, and virtualenv commands. 10-100x faster than pip and pip-tools (pip-compile and pip-sync). . -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-075f626765 2024-12-07 06:06:15.606807+00:00 -------------------------------------------------------------------------------- Name : uv Product : Fedora 40 Version : 0.5.5 Release : 2.fc40 URL : https://github.com/astral-sh/uv Summary : An extremely fast Python package installer and resolver, written in Rust Description : An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: Drop-in replacement for common pip, pip-tools, and virtualenv commands. 10-100x faster than pip and pip-tools (pip-compile and pip-sync). Disk-space efficient, with a global cache for dependency deduplication. Installable via curl, pip, pipx, etc. uv is a static binary that can be installed without Rust or Python. Tested at-scale against the top 10,000 PyPI packages. Support for macOS, Linux, and Windows. Advanced features such as dependency version overrides and alternative resolution strategies. Best-in-class error messages with a conflict-tracking resolver. Support for a wide range of advanced pip features, including editable installs, Git dependencies, direct URL dependencies, local dependencies, constraints, source distributions, HTML and JSON indexes, and more. -------------------------------------------------------------------------------- Update Information: Update uv from 0.4.30 to 0.5.5. This is a significant update. Please see the following notes. By updating to a current release ofuv, this update fixes CVE-2024-53899, which was originally reported against virtualenv but which was also reproducible on uv 0.5.2 and earlier. See upstream issue #9424 for more details. This update adds a default system-wide configuration file /etc/uv/uv.toml with settings specific to Fedora. The RPM-packaged uv now deviates from the default configuration in two ways. First, we set "python-downloads" to "manual" in order to avoid unintended Python downloads. We suggest using RPM-packaged (system) Pythons that benefit from distribution maintenance and integration. Use uv python install to manually install managed Pythons. Second, we set "python-preference" to "system" instead of "managed". Otherwise, any managed Python would be used for uv operations where no particular Python is specified, even if the only available managed Python were much older than the primary system Python. No choices can be appropriate for all users and applications. To restore the default behavior, comment out settings in this file or override them in a configuration file with higher precedence, such as a user-level configuration file. See https://docs.astral.sh/uv/configuration/files/ for details on the interaction of project-, user-, and system-level configuration files. With 0.5.0, uv introduced several potentially breaking changes. The developers write that these are âchanges that improve correctness and user experience, but could break some workflows. This release contains those changes; many have been marked as breaking out of an abundance of caution. We expect most users to be able to upgrade without making changes.â Use base executable to set virtualenv Python path Use XDG (i.e. ~/.local/bin) instead of the Cargo home directory in the installer Discover and respect .python-version files in parent directories Error when disallowed settings are defined in uv.toml Implement PEP 440-compliant local version semantics Treat the base Conda environment as a system environment Do not allowpre-releases when the != operator is used Prefer USERPROFILE over FOLDERID_Profile when selecting a home directory on Windows Improve interactions between color environment variables and CLI options Make allow-insecure-host a global option Only write .python-version files during uv init for workspace members if the version differs For detailed discussion of these changes, please see https://github.com/astral-sh/uv/releases/tag/0.5.0. For other fixes, enhancements, and changes in this update, please consult the following: https://github.com/astral-sh/uv/releases/tag/0.5.1 https://github.com/astral-sh/uv/releases/tag/0.5.2 https://github.com/astral-sh/uv/releases/tag/0.5.3 https://github.com/astral-sh/uv/releases/tag/0.5.4 https://github.com/astral-sh/uv/releases/tag/0.5.5 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 28 2024 Benjamin A. Beasley - 0.5.5-2 - Revert "Backport a path-escaping fix for the batch activation script" * Wed Nov 27 2024 Benjamin A. Beasley - 0.5.5-1 - Update to 0.5.5 (close RHBZ#2329188) * Wed Nov 27 2024 Benjamin A. Beasley - 0.5.4-2 - Backport a path-escaping fix for the batch activation script * Thu Nov 21 2024 Benjamin A. Beasley - 0.5.4-1 - Update to 0.5.4 (close RHBZ#2327512) * Thu Nov 21 2024 Benjamin A. Beasley - 0.5.3-1 - Update to 0.5.3 * Tue Nov 19 2024 Benjamin A. Beasley - 0.5.2-2 - Stop loosening the mailparse dependency version bound * Mon Nov 18 2024 Benjamin A. Beasley - 0.5.2-1 - Update to 0.5.2 (close RHBZ#2323792) * Sat Nov 16 2024 Benjamin A. Beasley - 0.5.1-1 - Update to 0.5.1 * Sat Nov 16 2024 Benjamin A. Beasley - 0.5.0-1 - Update to 0.5.0 * Thu Nov 14 2024 Benjamin A. Beasley - 0.4.30-4 - Also configure python-preference = "system" * Thu Nov 14 2024 Benjamin A. Beasley - 0.4.30-3 - Install a default system-wide uv.toml - Configure python-downloads ="manual" -------------------------------------------------------------------------------- References: [ 1 ] Bug #2327512 - uv-0.5.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2327512 [ 2 ] Bug #2328745 - CVE-2024-53899 uv: potential command injection via virtual environment activation scripts [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2328745 [ 3 ] Bug #2329188 - uv-0.5.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2329188 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-075f626765' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . Enhance uv in Fedora 40 to boost efficiency and address critical security vulnerabilities within this Python package manager.. Fedora 40 uv package, Python package installer, command injection fix, enhanced performance, update notification. . Severity: Critical. LinuxSecurity.com Team
Dec 07, 2024
•Critical
Fedora
89
security advisorydenial of serviceupdateFedora 39: 2024-40ee18b2e7 Moderate: Rust Bodhi CLI Denial-Of-Service
This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-40ee18b2e7 2024-06-02 03:36:56.060441 -------------------------------------------------------------------------------- Name : rust-bodhi-cli Product : Fedora 39 Version : 2.1.2 Release : 2.fc39 URL : Summary : Bodhi CLI client based on bodhi-rs Description : Bodhi CLI client based on bodhi-rs. -------------------------------------------------------------------------------- Update Information: This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority security and / or safety fixes in crate dependencies that had not yet been handled via a separate (targeted) rebuild: h2 v0.3.26+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0332.html glib v0.19.4+ and backports (UB): core/pull/1343 hashbrown v0.14.5+ (UB): https://github.com/rust-lang/hashbrown/pull/511 rustls v0.22.4+, v0.21.11+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0336.html -------------------------------------------------------------------------------- ChangeLog: * Thu May 23 2024 Fabio Valentini - 2.1.2-2 - Rebuild with Rust 1.78 to fix incomplete debuginfo and backtraces -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su-c 'dnf upgrade --advisory FEDORA-2024-40ee18b2e7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 02, 2024
Fedora
89
security advisoryFedoraapplication updateFedora 40: 2024-ce2936b568 Moderate: Rust-Rav1e Denial-of-Service Fix
This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-ce2936b568 2024-05-26 01:25:15.719720 -------------------------------------------------------------------------------- Name : rust-rav1e Product : Fedora 40 Version : 0.7.1 Release : 2.fc40 URL : Summary : Fastest and safest AV1 encoder Description : The fastest and safest AV1 encoder. -------------------------------------------------------------------------------- Update Information: This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority security and / or safety fixes in crate dependencies that had not yet been handled via a separate (targeted) rebuild: h2 v0.3.26+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0332.html glib v0.19.4+ and backports (UB): core/pull/1343 hashbrown v0.14.5+ (UB): https://github.com/rust-lang/hashbrown/pull/511 rustls v0.22.4+, v0.21.11+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0336.html -------------------------------------------------------------------------------- ChangeLog: * Thu May 23 2024 Fabio Valentini - 0.7.1-2 - Rebuild with Rust 1.78 to fix incomplete debuginfo and backtraces -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnfupgrade --advisory FEDORA-2024-ce2936b568' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 26, 2024
Fedora
89
security advisorysecurity updateFedoraFedora 40: FEDORA-2024-6574d3c361 Moderate: .NET 8.0 Security Update
This is the March 2024 monthly update for .NET 8 for Fedora. Release Notes: notes/8.0/8.0.3/8.0.3.md. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-6574d3c361 2024-04-19 21:20:20.797385 -------------------------------------------------------------------------------- Name : dotnet8.0 Product : Fedora 40 Version : 8.0.103 Release : 1.fc40 URL : https://github.com/dotnet/ Summary : .NET Runtime and SDK Description : .NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. -------------------------------------------------------------------------------- Update Information: This is the March 2024 monthly update for .NET 8 for Fedora. Release Notes: notes/8.0/8.0.3/8.0.3.md -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 26 2024 Omair Majid - 8.0.103-1 - Update to .NET SDK 8.0.103 and Runtime 8.0.3 - Add dotnet.macros with %dotnet_runtime_arch and %dotnet_runtime_id -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-6574d3c361' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 19, 2024
Fedora
89
security advisoryFedorakernel fixFedora 39: 2024-33a9ea72d1 Critical: Kernel Fixes and Updates
The 6.8.5 stable kernel update contains a number of important fixes across the tree. . -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-33a9ea72d1 2024-04-13 01:13:12.184317 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 39 Version : 6.8.5 Release : 201.fc39 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package -------------------------------------------------------------------------------- Update Information: The 6.8.5 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 11 2024 Justin M. Forbes [6.8.5-201] - Revert "cpupower: Bump soname version" (Justin M. Forbes) - Drop soname for libcpupower.so since we reverted the bump (Justin M. Forbes) - nouveau: fix devinit paths to only handle display on GSP. (Dave Airlie) - Add bluetooth bug to Bugsfixed for 6.8.6 (Justin M. Forbes) - Bluetooth: l2cap: Don't double set the HCI_CONN_MGMT_CONNECTED bit (Archie Pusaka) * Wed Apr 10 2024 Justin M. Forbes [6.8.5-0] - Set configs for SPECTRE_BHI (Justin M. Forbes) - Add AMD PMF bug (Justin M. Forbes) - redhat/configs: Enable CONFIG_AMDTEE for x86 (David Arcari) - Add CVE fix for 6.8.5 (Justin M. Forbes) - Linux v6.8.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2273968 - CVE-2024-26811 kernel: ksmbd: validate payload size in ipc response [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2273968 [ 2 ] Bug #2274047 - Bluetooth headset partially connects under some circumstances with blues 5.73-3.fc40.x86_64 https://bugzilla.redhat.com/show_bug.cgi?id=2274047 [ 3 ] Bug #2274069 - AMD-PMF driver fails to load on kernel- 6.8.4-300.fc40.x86_64. Resulting in GPUfailing to use full gpu available watts. https://bugzilla.redhat.com/show_bug.cgi?id=2274069 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-33a9ea72d1' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 13, 2024
•Critical
Fedora
217
security advisorykernel updatesecurity patchOracle Linux 7 ELSA-2024-1249 Critical Security: Kernel Update
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-1249 https://linux.oracle.com/errata/ELSA-2024-1249.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-3.10.0-1160.114.2.0.1.el7.x86_64.rpm kernel-3.10.0-1160.114.2.0.1.el7.x86_64.rpm kernel-abi-whitelists-3.10.0-1160.114.2.0.1.el7.noarch.rpm kernel-debug-3.10.0-1160.114.2.0.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.114.2.0.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.114.2.0.1.el7.x86_64.rpm kernel-doc-3.10.0-1160.114.2.0.1.el7.noarch.rpm kernel-headers-3.10.0-1160.114.2.0.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.114.2.0.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.114.2.0.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.114.2.0.1.el7.x86_64.rpm perf-3.10.0-1160.114.2.0.1.el7.x86_64.rpm python-perf-3.10.0-1160.114.2.0.1.el7.x86_64.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates//kernel-3.10.0-1160.114.2.0.1.el7.src.rpm Related CVEs: CVE-2022-42896 CVE-2023-4921 CVE-2023-38409 CVE-2023-45871 CVE-2024-1086 CVE-2024-26602 Description of changes: [3.10.0-1160.114.2.0.1.el7.OL7] - debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.114.2.el7.OL7] - Update Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(
Mar 21, 2024
•Critical
Oracle
89
security advisorysoftware updateFedoraFedora 39: FEDORA-2024-14dea9640b critical: firefox update 122.0
- Updated to new upstream (122.0). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-14dea9640b 2024-01-25 00:38:48.211361 -------------------------------------------------------------------------------- Name : firefox Product : Fedora 39 Version : 122.0 Release : 1.fc39 URL : https://www.firefox.com/en-US/?redirect_source=mozilla-org Summary : Mozilla Firefox Web browser Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. -------------------------------------------------------------------------------- Update Information: - Updated to new upstream (122.0) -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 19 2024 Martin Stransky - 122.0-1 - Update to 122.0 * Fri Jan 19 2024 Fedora Release Engineering - 121.0.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-14dea9640b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jan 25, 2024
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!