Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
100
security advisorySuSEimportantSUSE 16.0 openexr Important Integer Overflow Vulnerabilities 2026-21433-1
An update that solves two vulnerabilities can now be installed.. # Security update for openexr Announcement ID: SUSE-SU-2026:21433-1 Release Date: 2026-04-29T14:36:18Z Rating: important References: * bsc#1262425 * bsc#1262426 Cross-References: * CVE-2026-40244 * CVE-2026-40250 CVSS scores: * CVE-2026-40244 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-40244 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40244 ( NVD ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-40244 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-40250 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-40250 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40250 ( NVD ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-40250 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for openexr fixes the following issues: * CVE-2026-40244: integer overflow in DWA setupChannelData planarUncRle pointer arithmetic (bsc#1262426). * CVE-2026-40250: integer overflow in DWA decoder outBufferEnd pointer arithmetic (bsc#1262425). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patchSUSE-SLES-16.0-660=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-660=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libIex-3_2-31-debuginfo-3.2.2-160000.7.1 * libOpenEXR-3_2-31-debuginfo-3.2.2-160000.7.1 * openexr-3.2.2-160000.7.1 * libOpenEXRCore-3_2-31-debuginfo-3.2.2-160000.7.1 * openexr-debugsource-3.2.2-160000.7.1 * libIlmThread-3_2-31-debuginfo-3.2.2-160000.7.1 * libOpenEXRUtil-3_2-31-3.2.2-160000.7.1 * libOpenEXR-3_2-31-3.2.2-160000.7.1 * libIlmThread-3_2-31-3.2.2-160000.7.1 * libOpenEXRUtil-3_2-31-debuginfo-3.2.2-160000.7.1 * openexr-debuginfo-3.2.2-160000.7.1 * libIex-3_2-31-3.2.2-160000.7.1 * libOpenEXRCore-3_2-31-3.2.2-160000.7.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.7.1 * libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.7.1 * libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.7.1 * libIex-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.7.1 * libOpenEXRCore-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.7.1 * libIex-3_2-31-x86-64-v3-3.2.2-160000.7.1 * libOpenEXR-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.7.1 * libOpenEXRUtil-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.7.1 * libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.7.1 * libIlmThread-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.7.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * openexr-doc-3.2.2-160000.7.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libIex-3_2-31-debuginfo-3.2.2-160000.7.1 * libOpenEXR-3_2-31-debuginfo-3.2.2-160000.7.1 * openexr-3.2.2-160000.7.1 * libOpenEXRCore-3_2-31-debuginfo-3.2.2-160000.7.1 * openexr-debugsource-3.2.2-160000.7.1 * libIlmThread-3_2-31-debuginfo-3.2.2-160000.7.1 * libOpenEXRUtil-3_2-31-3.2.2-160000.7.1 * libOpenEXR-3_2-31-3.2.2-160000.7.1 * libIlmThread-3_2-31-3.2.2-160000.7.1 *libOpenEXRUtil-3_2-31-debuginfo-3.2.2-160000.7.1 * openexr-debuginfo-3.2.2-160000.7.1 * libIex-3_2-31-3.2.2-160000.7.1 * libOpenEXRCore-3_2-31-3.2.2-160000.7.1 * SUSE Linux Enterprise Server 16.0 (noarch) * openexr-doc-3.2.2-160000.7.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.7.1 * libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.7.1 * libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.7.1 * libIex-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.7.1 * libOpenEXRCore-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.7.1 * libIex-3_2-31-x86-64-v3-3.2.2-160000.7.1 * libOpenEXR-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.7.1 * libOpenEXRUtil-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.7.1 * libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.7.1 * libIlmThread-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.7.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40244.html * https://www.suse.com/security/cve/CVE-2026-40250.html * https://bugzilla.suse.com/show_bug.cgi?id=1262425 * https://bugzilla.suse.com/show_bug.cgi?id=1262426 . SUSE update addresses critical issues in openexr including integer overflow vulnerabilities and patch instructions.. important update, openexr security, suse advisory, pointer arithmetic, integer overflow. . Severity: Important. LinuxSecurity.com Team
May 04, 2026
•Important
SuSE
89
security advisoryfedorabuffer overflowFedora 42: tkimg 2.1.0 Critical Buffer Overflow FTBFS 2025-419c60783f
Update to 2.1.0. Update bundled libpng, libtiff, to latest versions. Built against TCL/TK 9. Fix FTBFS.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-419c60783f 2025-12-28 00:49:44.327938+00:00 -------------------------------------------------------------------------------- Name : tkimg Product : Fedora 42 Version : 2.1.0 Release : 1.fc42 URL : http://sourceforge.net/projects/tkimg Summary : Image support library for Tk Description : This package contains a collection of image format handlers for the Tk photo image type, and a new image type, pixmaps. -------------------------------------------------------------------------------- Update Information: Update to 2.1.0. Update bundled libpng, libtiff, to latest versions. Built against TCL/TK 9. Fix FTBFS. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2025 Tom Callaway - 2.1.0-1 - update to 2.1.0 - update the bundled copy of libpng to 1.6.53 - update the bundled copy of libtiff to 4.7.1 - build for tcl/tk 9 * Fri Jul 25 2025 Fedora Release Engineering - 1.4.16-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2337800 - Please update the package for the 'Tcl/Tk 9.0' Fedora change https://bugzilla.redhat.com/show_bug.cgi?id=2337800 [ 2 ] Bug #2366434 - CVE-2025-4638 tkimg: Improper Pointer Arithmetic in pcl [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366434 [ 3 ] Bug #2383825 - CVE-2025-8176 tkimg: LibTIFF Use-After-Free Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2383825 [ 4 ] Bug #2383831 - CVE-2025-8177 tkimg: LibTIFF Buffer Overflow [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2383831 [ 5 ] Bug #2385697 - tkimg: FTBFS in Fedorarawhide/f43 https://bugzilla.redhat.com/show_bug.cgi?id=2385697 [ 6 ] Bug #2386206 - CVE-2024-13978 tkimg: LibTIFF Null Pointer Dereference [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2386206 [ 7 ] Bug #2387669 - CVE-2025-8851 tkimg: LibTIFF Stack-based buffer overflow [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2387669 [ 8 ] Bug #2388598 - CVE-2025-8961 tkimg: LibTIFF memory corruption [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2388598 [ 9 ] Bug #2389610 - CVE-2025-9165 tkimg: LibTIFF memory leak [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2389610 [ 10 ] Bug #2417441 - CVE-2025-64720 tkimg: LIBPNG buffer overflow [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2417441 [ 11 ] Bug #2417460 - CVE-2025-65018 tkimg: LIBPNG heap buffer overflow [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2417460 [ 12 ] Bug #2417470 - CVE-2025-64506 tkimg: LIBPNG heap buffer over-read [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2417470 [ 13 ] Bug #2417476 - CVE-2025-64720 tkimg: LIBPNG buffer overflow [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2417476 [ 14 ] Bug #2417488 - CVE-2025-65018 tkimg: LIBPNG heap buffer overflow [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2417488 [ 15 ] Bug #2417492 - CVE-2025-64506 tkimg: LIBPNG heap buffer over-read [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2417492 [ 16 ] Bug #2418415 - CVE-2025-64505 tkimg: LIBPNG heap buffer overflow via malformed palette index [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2418415 [ 17 ] Bug #2418427 - CVE-2025-64505 tkimg: LIBPNG heap buffer overflow via malformed palette index [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2418427 [ 18 ] Bug #2418740 - CVE-2025-66293 tkimg: LIBPNG out-of-bounds read in png_image_read_composite [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2418740 [ 19 ] Bug #2418751 - CVE-2025-66293 tkimg: LIBPNG out-of-bounds read in png_image_read_composite [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2418751 [ 20 ] Bug #2423630 - CVE-2025-9900 tkimg: Libtiff Write-What-Where [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2423630 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-419c60783f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 28, 2025
•Critical
Fedora
202
security advisorymoderateimagemagickopenSUSE 15.4: ImageMagick Moderate Process Crash CVE-2025-62594 Advisory
An update that solves one vulnerability can now be installed.. # Security update for ImageMagick Announcement ID: SUSE-SU-2025:3985-1 Release Date: 2025-11-07T10:30:54Z Rating: moderate References: * bsc#1252749 Cross-References: * CVE-2025-62594 CVSS scores: * CVE-2025-62594 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-62594 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2025-62594 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-62594 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP6 * Desktop Applications Module 15-SP7 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2025-62594: Fixed unsigned underflow and division-by-zero that can lead to OOB pointer arithmetic and process crash. (bsc#1252749) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3985=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-3985=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-3985=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) *perl-PerlMagick-debuginfo-7.1.0.9-150400.6.51.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.51.1 * ImageMagick-7.1.0.9-150400.6.51.1 * ImageMagick-debugsource-7.1.0.9-150400.6.51.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.51.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.51.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.51.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.51.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.51.1 * libMagick++-devel-7.1.0.9-150400.6.51.1 * ImageMagick-extra-7.1.0.9-150400.6.51.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.51.1 * perl-PerlMagick-7.1.0.9-150400.6.51.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.51.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.51.1 * ImageMagick-devel-7.1.0.9-150400.6.51.1 * ImageMagick-extra-debuginfo-7.1.0.9-150400.6.51.1 * openSUSE Leap 15.4 (x86_64) * libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.51.1 * ImageMagick-devel-32bit-7.1.0.9-150400.6.51.1 * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.51.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.51.1 * libMagick++-devel-32bit-7.1.0.9-150400.6.51.1 * libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.51.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.51.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.51.1 * openSUSE Leap 15.4 (noarch) * ImageMagick-doc-7.1.0.9-150400.6.51.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.51.1 * libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.51.1 * libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.0.9-150400.6.51.1 * libMagickCore-7_Q16HDRI10-64bit-7.1.0.9-150400.6.51.1 * libMagickWand-7_Q16HDRI10-64bit-7.1.0.9-150400.6.51.1 * libMagick++-devel-64bit-7.1.0.9-150400.6.51.1 * libMagick++-7_Q16HDRI5-64bit-7.1.0.9-150400.6.51.1 * ImageMagick-devel-64bit-7.1.0.9-150400.6.51.1 * Desktop Applications Module15-SP6 (aarch64 ppc64le s390x x86_64) * ImageMagick-config-7-upstream-7.1.0.9-150400.6.51.1 * ImageMagick-debugsource-7.1.0.9-150400.6.51.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.51.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ImageMagick-config-7-upstream-7.1.0.9-150400.6.51.1 * ImageMagick-debugsource-7.1.0.9-150400.6.51.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.51.1 ## References: * https://www.suse.com/security/cve/CVE-2025-62594.html * https://bugzilla.suse.com/show_bug.cgi?id=1252749 . An update addressing a vulnerability in ImageMagick on openSUSE is now available, improving system-resilience and security.. security update, ImageMagick patch, SUSE Linux advisory. . LinuxSecurity.com Team
Nov 07, 2025
OpenSUSE
203
security advisorysoftware updatevulnerabilityMageia 9 MGASA-2025-0162 critical: zsync pointer arithmetic flaw
Improper Pointer Arithmetic in pcl. (CVE-2025-4638) References: - https://bugs.mageia.org/show_bug.cgi?id=34301 - https://lists.fedoraproject.org/archives/list/
May 24, 2025
•Critical
Mageia
89
security advisoryFedorapatchFedora 41: zsync 2025-8365ba2261 critical: pointer arithmetic risk
fix zlib source path in patch file. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-8365ba2261 2025-05-23 03:55:25.327005+00:00 -------------------------------------------------------------------------------- Name : zsync Product : Fedora 41 Version : 0.6.2 Release : 3.fc41 URL : http://zsync.moria.org.uk/ Summary : a file transfer program using the same algorithm as rsync over HTTP Description : zsync is a file transfer program. It allows you to download a file from a remote server, where you have a copy of an older version of the file on your computer already. zsync downloads only the new parts of the file. It uses the same algorithm as rsync. However, where rsync is designed for synchronising data from one computer to another within an organisation, zsync is designed for file distribution, with one file on a server to be distributed to thousands of downloaders. zsync requires no special server software - just a web server to host the files - and imposes no extra load on the server, making it ideal for large scale file distribution. -------------------------------------------------------------------------------- Update Information: fix zlib source path in patch file -------------------------------------------------------------------------------- ChangeLog: * Thu May 15 2025 Tobias Girstmair - 0.6.2-3 - fix zlib source path in patch file * Thu May 15 2025 Tobias Girstmair - 0.6.2-2 - include a patch for CVE-2016-9840 (RHBZ#2366435) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2366424 - CVE-2025-4638 zsync: Improper Pointer Arithmetic in pcl [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2366424 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2025-8365ba2261' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 23, 2025
•Critical
Fedora
89
security advisoryupdateFedoraFedora 42: 2025-6f6043cb99 Critical: zsync Pointer Arithmetic Fix
fix zlib source path in patch file. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-6f6043cb99 2025-05-23 03:24:17.285913+00:00 -------------------------------------------------------------------------------- Name : zsync Product : Fedora 42 Version : 0.6.2 Release : 3.fc42 URL : http://zsync.moria.org.uk/ Summary : a file transfer program using the same algorithm as rsync over HTTP Description : zsync is a file transfer program. It allows you to download a file from a remote server, where you have a copy of an older version of the file on your computer already. zsync downloads only the new parts of the file. It uses the same algorithm as rsync. However, where rsync is designed for synchronising data from one computer to another within an organisation, zsync is designed for file distribution, with one file on a server to be distributed to thousands of downloaders. zsync requires no special server software - just a web server to host the files - and imposes no extra load on the server, making it ideal for large scale file distribution. -------------------------------------------------------------------------------- Update Information: fix zlib source path in patch file -------------------------------------------------------------------------------- ChangeLog: * Thu May 15 2025 Tobias Girstmair - 0.6.2-3 - fix zlib source path in patch file * Thu May 15 2025 Tobias Girstmair - 0.6.2-2 - include a patch for CVE-2016-9840 (RHBZ#2366435) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2366435 - CVE-2025-4638 zsync: Improper Pointer Arithmetic in pcl [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366435 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2025-6f6043cb99' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 23, 2025
•Critical
Fedora
203
security advisorylocal privilege escalationkernel patchMageia Linux 7 and 8: MGASA-2021-0225 Moderate Security Advisory
This kernel-linus update is based on upstream 5.10.41 and fixes atleast the following security issue: kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations. This can be abused to perform . MGASA-2021-0225 - Updated kernel-linus packages fix security vulnerability Publication date: 31 May 2021 URL: https://advisories.mageia.org/MGASA-2021-0225.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-33200 This kernel-linus update is based on upstream 5.10.41 and fixes atleast the following security issue: kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux-> alu_limit (CVE-2021-33200). For other upstream fixes, see the referenced changelogs. References: - https://bugs.mageia.org/show_bug.cgi?id=28981 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.38 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.39 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.40 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.41 - https://www.cve.org/CVERecord?id=CVE-2021-33200 SRPMS: - 8/core/kernel-linus-5.10.41-1.mga8 - 7/core/kernel-linus-5.10.41-1.mga7 . Mageia's latest kernel-linus patch addresses critical vulnerabilities associated with pointer arithmetic. Explore the implications and corrective actions taken.. Kernel Linus, Memory Vulnerability, Privilege Escalation. . Severity: Important. LinuxSecurity.com Team
May 31, 2021
•Important
Mageia
203
security advisorydenial of servicearbitrary code executionMageia: 2020-0108 Moderate: Rsync Security Update for Denial Of Service
Updated rsync packages fix security vulnerabilities: It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2016-9840, . MGASA-2020-0108 - Updated rsync packages fix security vulnerabilities Publication date: 29 Feb 2020 URL: https://advisories.mageia.org/MGASA-2020-0108.html Type: security Affected Mageia releases: 7 CVE: CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 Updated rsync packages fix security vulnerabilities: It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2016-9840, CVE-2016-9841) It was discovered that rsync incorrectly handled vectors involving left shifts of negative integers in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2016-9842). It was discovered that rsync incorrectly handled vectors involving big- endian CRC calculation in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2016-9843). Please note, we now compile against system zlib. If rsync fails to sync with older remote systems using compression (-z), you have either update the remote host to a newer version or disable compression. References: - https://bugs.mageia.org/show_bug.cgi?id=26254 - https://www.cve.org/CVERecord?id=CVE-2016-9840 - https://www.cve.org/CVERecord?id=CVE-2016-9841 - https://www.cve.org/CVERecord?id=CVE-2016-9842 - https://www.cve.org/CVERecord?id=CVE-2016-9843 SRPMS: - 7/core/rsync-3.1.3-4.mga7 . Recent rsync updates tackle various vulnerabilities preventing potential crashes or unauthorized code execution. Keep your systems safe!. Rsync Update, Mageia Security, Denial of Service, ZlibFlaws. . Severity: Important. LinuxSecurity.com Team
Feb 29, 2020
•Important
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!