Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 37 articles for you...
89

Fedora 41: FEDORA-2025-051becf4f2 moderate: perl-Compress-Raw-Lzma heap bug

xz 5.8.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-051becf4f2 2025-05-10 01:58:21.497365+00:00 -------------------------------------------------------------------------------- Name : perl-Compress-Raw-Lzma Product : Fedora 41 Version : 2.212 Release : 6.fc41 URL : https://metacpan.org/dist/Compress-Raw-Lzma Summary : Low-level interface to lzma compression library Description : This module provides a Perl interface to the lzma compression library. It is used by IO::Compress::Lzma. -------------------------------------------------------------------------------- Update Information: xz 5.8.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2025 Richard W.M. Jones - 2.212-6 - Rebuild against xz 5.8.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2357253 - CVE-2025-31115 xz: XZ has a heap-use-after-free bug in threaded .xz decoder [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2357253 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-051becf4f2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . Upgrade Fedora 41 to include perl-Compress-Raw-Lzma to fix heap vulnerability in xz compression algorithm.. Fedora 41, perl-Compress-Raw-Lzma, compression issues, xz update. . LinuxSecurity.com Team

Calendar%202 May 10, 2025 Fedora
89

Fedora 40: 2025-4871b31998 moderate: perl-Compress-Raw-Lzma heap bug

xz 5.8.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-4871b31998 2025-05-10 01:38:46.492145+00:00 -------------------------------------------------------------------------------- Name : perl-Compress-Raw-Lzma Product : Fedora 40 Version : 2.209 Release : 9.fc40 URL : https://metacpan.org/dist/Compress-Raw-Lzma Summary : Low-level interface to lzma compression library Description : This module provides a Perl interface to the lzma compression library. It is used by IO::Compress::Lzma. -------------------------------------------------------------------------------- Update Information: xz 5.8.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2025 Richard W.M. Jones - 2.209-9 - Rebuild against xz 5.8.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2357251 - CVE-2025-31115 xz: XZ has a heap-use-after-free bug in threaded .xz decoder [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2357251 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4871b31998' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . The perl-Compress-Raw-Lzma package in Fedora 40 has been enhanced to resolve a heap overflow issue found in the xz library, thereby boosting both its stability and security.. perl module, xz library, Fedora 40, security advisory, compression update. . LinuxSecurity.com Team

Calendar%202 May 10, 2025 Fedora
89

Fedora 40: perl-Devel-Cover moderate: fix heap overflow issue

Fix CVE-2024-56406. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-8445f115f6 2025-04-30 01:59:13.913476+00:00 -------------------------------------------------------------------------------- Name : perl-Devel-Cover Product : Fedora 40 Version : 1.40 Release : 9.fc40 URL : https://metacpan.org/dist/Devel-Cover Summary : Code coverage metrics for Perl Description : This module provides code coverage metrics for Perl. Code coverage metrics describe how thoroughly tests exercise code. By using Devel::Cover you can discover areas of code not exercised by your tests and determine which tests to create to increase coverage. Code coverage can be considered as an indirect measure of quality. -------------------------------------------------------------------------------- Update Information: Fix CVE-2024-56406 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 15 2025 Jitka Plesnikova - 1.40-9 - Rebuild for Perl 5.38.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2359474 - CVE-2024-56406 perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2359474 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8445f115f6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . Patch for Perl memory overflow impacting Fedora 40 to enhance test coverage reports. Apply the update immediately!. Fedora 40, Perl module, heap overflow, code coverage. . LinuxSecurity.com Team

Calendar%202 Apr 30, 2025 Fedora
89

Fedora 41: 2025-11fcc87c66 critical: perl-Devel-Cover heap overflow

Fix CVE-2024-56406. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-11fcc87c66 2025-04-22 01:21:35.352714+00:00 -------------------------------------------------------------------------------- Name : perl-Devel-Cover Product : Fedora 41 Version : 1.44 Release : 4.fc41 URL : https://metacpan.org/dist/Devel-Cover Summary : Code coverage metrics for Perl Description : This module provides code coverage metrics for Perl. Code coverage metrics describe how thoroughly tests exercise code. By using Devel::Cover you can discover areas of code not exercised by your tests and determine which tests to create to increase coverage. Code coverage can be considered as an indirect measure of quality. -------------------------------------------------------------------------------- Update Information: Fix CVE-2024-56406 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 15 2025 Jitka Plesnikova - 1.44-4 - Rebuild for Perl 5.40.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2359475 - CVE-2024-56406 perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2359475 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-11fcc87c66' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . Addressed memory overflow issues in perl-Devel-Cover for Fedora 41 to enhance both security measures and metrics for code coverage.. Fedora security, perl security fix, heap overflow patch, code coverage metrics. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 22, 2025 Critical Fedora
89

Fedora 41: FEDORA-2025-11fcc87c66 critical: perl-PAR-Packer buffer overflow

Fix CVE-2024-56406. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-11fcc87c66 2025-04-22 01:21:35.352714+00:00 -------------------------------------------------------------------------------- Name : perl-PAR-Packer Product : Fedora 41 Version : 1.063 Release : 5.fc41 URL : https://metacpan.org/dist/PAR-Packer Summary : PAR Packager Description : This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files. -------------------------------------------------------------------------------- Update Information: Fix CVE-2024-56406 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 15 2025 Jitka Plesnikova - 1.063-5 - Rebuild for Perl 5.40.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2359475 - CVE-2024-56406 perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2359475 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-11fcc87c66' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . Fedora 41's perl-PAR-Packer update fixes a critical buffer overflow bug, CVE-2024-56406, with easy installation steps.. Fedora 41, perl-PAR-Packer, buffer overflow fix, software update. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 22, 2025 Critical Fedora
89

Fedora 42: 2025-26c0346398 critical: perl-Devel-Cover code coverage fix

Fix CVE-2024-56406. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-26c0346398 2025-04-17 18:59:47.310510+00:00 -------------------------------------------------------------------------------- Name : perl-Devel-Cover Product : Fedora 42 Version : 1.44 Release : 5.fc42 URL : https://metacpan.org/dist/Devel-Cover Summary : Code coverage metrics for Perl Description : This module provides code coverage metrics for Perl. Code coverage metrics describe how thoroughly tests exercise code. By using Devel::Cover you can discover areas of code not exercised by your tests and determine which tests to create to increase coverage. Code coverage can be considered as an indirect measure of quality. -------------------------------------------------------------------------------- Update Information: Fix CVE-2024-56406 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 15 2025 Jitka Plesnikova - 1.44-5 - Rebuild for Perl 5.40.2 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-26c0346398' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . Fedora 42's latest patch resolves CVE-2024-56406 found in perl-Devel-Cover, improving the accuracy of code coverage statistics.. Fedora 42, perl Devel-Cover, security update, code coverage, vulnerability fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 17, 2025 Critical Fedora
89

Fedora 42: perl-PAR-Packer 2025-26c0346398 critical: CVE-2024-56406 fix

Fix CVE-2024-56406. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-26c0346398 2025-04-17 18:59:47.310510+00:00 -------------------------------------------------------------------------------- Name : perl-PAR-Packer Product : Fedora 42 Version : 1.063 Release : 6.fc42 URL : https://metacpan.org/dist/PAR-Packer Summary : PAR Packager Description : This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files. -------------------------------------------------------------------------------- Update Information: Fix CVE-2024-56406 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 15 2025 Jitka Plesnikova - 1.063-6 - Rebuild for Perl 5.40.2 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-26c0346398' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . Ubuntu 22.10 patch resolvessignificant python-requests vulnerability CVE-2024-67321 for improved protection.. perl-PAR-Packer update, Fedora security advisory, CVE-2024-56406. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 17, 2025 Critical Fedora
202

openSUSE: 2025:0123-1 moderate: perl-Data-Entropy security issue

An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for perl-Data-Entropy ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0123-1 Rating: moderate References: #1240395 Cross-References: CVE-2025-1860 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl-Data-Entropy fixes the following issues: Updated to 0.8.0 (0.008): see /usr/share/doc/packages/perl-Data-Entropy/Changes Version 0.008; 2025-03-27: * Use Crypt::URandom to seed the default algorithm with cryptographically secure random bytes instead of the builtin rand() function (boo#1240395, CVE-2025-1860). * This module has been marked as deprecated. * A security policy was added. * Remove use of Module::Build. * Updated maintainer information. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2025-123=1 Package List: - openSUSE Backports SLE-15-SP6 (noarch): perl-Data-Entropy-0.8.0-bp156.4.3.1 References: https://www.suse.com/security/cve/CVE-2025-1860.html https://bugzilla.suse.com/show_bug.cgi?id=1240395 . Security update released for perl-Data-Entropy on openSUSE to resolve a moderate vulnerability. Follow the provided patch instructions for remediation.. openSUSE Security Update, perl-Data-Entropy, security fix. . LinuxSecurity.com Team

Calendar%202 Apr 16, 2025 OpenSUSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200