Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 28 articles for you...
91

Gentoo: GLSA-202506-06 High Risk of Qt Code Execution Vulnerabilities

Multiple vulnerabilities have been discovered in Qt, the worst of which can lead to arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202506-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Qt: Multiple Vulnerabilities Date: June 12, 2025 Bugs: #924647, #931096, #935869, #954261 ID: 202506-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Qt, the worst of which can lead to arbitrary code execution. Background ========== Qt is a cross-platform application development framework. Affected packages ================= Package Vulnerable Unaffected ---------------- ------------ ------------- dev-qt/qtbase < 6.8.3-r1 > = 6.8.3-r1 dev-qt/qtgui < 5.15.12-r2 > = 5.15.12-r2 dev-qt/qtnetwork < 5.15.14-r1 > = 5.15.14-r1 Description =========== Multiple vulnerabilities have been discovered in Qt. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Qt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-qt/qtbase-6.8.3-r1" # emerge --ask --oneshot --verbose "> =dev-qt/qtnetwork-5.15.14-r1" # emerge --ask --oneshot --verbose "> =dev-qt/qtgui-5.15.12-r2" References ========== [ 1 ] CVE-2024-25580 https://nvd.nist.gov/vuln/detail/CVE-2024-25580 [ 2 ] CVE-2024-33861 https://nvd.nist.gov/vuln/detail/CVE-2024-33861 [ 3 ] CVE-2024-39936 https://nvd.nist.gov/vuln/detail/CVE-2024-39936 [ 4 ] CVE-2025-3512 https://nvd.nist.gov/vuln/detail/CVE-2025-3512 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202506-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2025 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Several critical security flaws in Qt may permit unauthorized code execution, urging prompt update measures.. Qt security advisories, Gentoo updates, code execution risks. . LinuxSecurity.com Team

Calendar%202 Jun 12, 2025 Gentoo
89

Fedora 43: FEDORA-2026-b789ef1f23 urgent: gtk3 buffer overflow

Qt 6.9.1 bugfix release.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c546fd3f09 2025-06-11 02:45:06.590648+00:00 -------------------------------------------------------------------------------- Name : qt6-qtshadertools Product : Fedora 42 Version : 6.9.1 Release : 1.fc42 URL : http://www.qt.io Summary : Qt6 - Qt Shader Tools module builds on the SPIR-V Open Source Ecosystem Description : Qt6 - Qt Shader Tools module builds on the SPIR-V Open Source Ecosystem. -------------------------------------------------------------------------------- Update Information: Qt 6.9.1 bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 2 2025 Jan Grulich - 6.9.1-1 - 6.9.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2369872 - CVE-2025-5455 qt6: QtCore Assertion Failure Denial of Service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2369872 [ 2 ] Bug #2371133 - CVE-2025-5683 qt5: Qt ICNS Image Crash Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2371133 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c546fd3f09' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an emailto This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Fedora 42's Qt 6.9.1 upgrade resolves denial of service vulnerabilities linked to assertion failures.. Fedora Update, Qt Shader Tools, Denial of Service, Software Bugfix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 11, 2025 Important Fedora
89

Fedora 42 Update FEDORA-2025-c546fd3f09: DoS Issue in plasma-integration

Qt 6.9.1 bugfix release.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c546fd3f09 2025-06-11 02:45:06.590648+00:00 -------------------------------------------------------------------------------- Name : plasma-integration Product : Fedora 42 Version : 6.3.5 Release : 3.fc42 URL : Summary : Qt Platform Theme integration plugin for Plasma Description : Qt Platform Theme integration plugin for Plasma. -------------------------------------------------------------------------------- Update Information: Qt 6.9.1 bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 6 2025 Jan Grulich - 6.3.5-3 - Rebuild (qt6) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2369872 - CVE-2025-5455 qt6: QtCore Assertion Failure Denial of Service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2369872 [ 2 ] Bug #2371133 - CVE-2025-5683 qt5: Qt ICNS Image Crash Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2371133 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c546fd3f09' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Enhancements for Fedora 42 concerning plasma-integration: rectify bugs in QT 6.9.1 and resolve a DoS vulnerability. Explore the newest security updates.. plasma-integration Fedora update bug fix DoS vulnerability. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 11, 2025 Important Fedora
89

Fedora 42: dtk6log update critical: DoS issues from Qt 6.9.1

Qt 6.9.1 bugfix release.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c546fd3f09 2025-06-11 02:45:06.590648+00:00 -------------------------------------------------------------------------------- Name : dtk6log Product : Fedora 42 Version : 0.0.2 Release : 7.fc42 URL : https://github.com/linuxdeepin/dtk6log Summary : Simple, convenient and thread safe logger for Qt-based C++ apps Description : Simple, convenient and thread safe logger for Qt-based C++ apps. -------------------------------------------------------------------------------- Update Information: Qt 6.9.1 bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 6 2025 Jan Grulich - 0.0.2-7 - Rebuild (qt6) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2369872 - CVE-2025-5455 qt6: QtCore Assertion Failure Denial of Service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2369872 [ 2 ] Bug #2371133 - CVE-2025-5683 qt5: Qt ICNS Image Crash Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2371133 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c546fd3f09' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send anemail to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Arch Linux snapshots: dtk7secure fixes Critical Permissions Flaw in Qt 6.9.2 providing improved protection.. Fedora 42 Update, DoS Attack Mitigation, Qt Software Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 11, 2025 Critical Fedora
91

Gentoo: GLSA-202501-08 Moderate: Qt Buffer Overflow Denial of Service

A vulnerability has been discovered in Qt, where a buffer overflow can lead to denial of service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202501-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Qt: Buffer Overflow Date: January 23, 2025 Bugs: #911790 ID: 202501-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in Qt, where a buffer overflow can lead to denial of service. Background ========== Qt is a cross-platform application development framework. Affected packages ================= Package Vulnerable Unaffected ------------- ------------ ------------- dev-qt/qtbase < 6.5.2 > = 6.5.2 dev-qt/qtcore < 5.15.10-r1 > = 5.15.10-r1 Description =========== When given specifically crafted data then QXmlStreamReader can end up causing a buffer overflow and subsequently a crash or freeze or get out of memory on recursive entity expansion, with DTD tokens in XML body. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Qt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-qt/qtcore-5.15.10-r1" # emerge --ask --oneshot --verbose "> =dev-qt/qtbase-6.5.2" References ========== [ 1 ] CVE-2023-37369 https://nvd.nist.gov/vuln/detail/CVE-2023-37369 [ 2 ] CVE-2023-38197 https://nvd.nist.gov/vuln/detail/CVE-2023-38197 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202501-08 Concerns? ========= Security is a primary focus ofGentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2025 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Delve into Gentoo's GLSA 202501-08: Tackling a medium severity buffer overflow within the Qt framework, which affects the reliability of services.. Gentoo security advisory, buffer overflow Qt, denial of service threat, software upgrade guidance. . LinuxSecurity.com Team

Calendar%202 Jan 23, 2025 Gentoo
89

Fedora 40: FEDORA-2024-2e27372d4c Moderate: QGnomePlatform Security Fix

Qt 5.15.14 bugfix update. Fix CVE-2024-36048. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-2e27372d4c 2024-06-05 01:40:23.602023 -------------------------------------------------------------------------------- Name : qgnomeplatform Product : Fedora 40 Version : 0.9.2 Release : 15.fc40 URL : https://github.com/FedoraQt/QGnomePlatform Summary : Qt Platform Theme aimed to accommodate Gnome settings Description : QGnomePlatform is a Qt Platform Theme aimed to accommodate as much of GNOME settings as possible and utilize them in Qt applications without modifying them - making them fit into the environment as well as possible. -------------------------------------------------------------------------------- Update Information: Qt 5.15.14 bugfix update. Fix CVE-2024-36048 -------------------------------------------------------------------------------- ChangeLog: * Thu May 30 2024 Jan Grulich - 0.9.2-15 - Rebuild (qt5) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2282866 - CVE-2024-36048 qt5-qtnetworkauth: qtnetworkauth: badly seeded PRNG may result in guessable values [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2282866 [ 2 ] Bug #2282867 - CVE-2024-36048 qt5-qtnetworkauth: qtnetworkauth: badly seeded PRNG may result in guessable values [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2282867 [ 3 ] Bug #2282869 - CVE-2024-36048 qt5-qtnetworkauth: qtnetworkauth: badly seeded PRNG may result in guessable values [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2282869 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-2e27372d4c' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Resolves a significant vulnerability in qgnomeplatform for Fedora 40 through an update of Qt 5.15.14 which mitigates CVE-2024-36048.. Fedora Updates,qgnomeplatform Security,Qt Bugfix,Gnome Settings,Security Advisories. . LinuxSecurity.com Team

Calendar%202 Jun 05, 2024 Fedora
89

Fedora 39: FEDORA-2024-a8cdce27ac moderate: qt5 buffer overflow

Update to qt-5.15.12.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-a8cdce27ac 2024-02-24 01:27:34.256305 -------------------------------------------------------------------------------- Name : mingw-qt5-qtimageformats Product : Fedora 39 Version : 5.15.12 Release : 1.fc39 URL : https://www.qt.io/ Summary : Qt5 for Windows - QtImageFormats component Description : This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler. -------------------------------------------------------------------------------- Update Information: Update to qt-5.15.12. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 15 2024 Sandro Mani - 5.15.12-1 - Update to 5.15.12 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2264425 - TRIAGE CVE-2024-25580 mingw-qt5-qtbase: qtbase: potential buffer overflow when reading KTX images [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2264425 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-a8cdce27ac' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Debian 12 enhances mingw-qt5-qtwebengine to mitigate possible security vulnerabilities promptly and efficiently.. Fedora 39, mingw-qt5-qtimageformats, qt update, buffer overflow issue, security patch. . LinuxSecurity.com Team

Calendar%202 Feb 24, 2024 Fedora
172

Ubuntu 18.04 LTS USN-5081-1: Critical Qt Denial Of Service Issues

Several security issues were fixed in Qt.. =========================================================================Ubuntu Security Notice USN-5081-1 September 16, 2021 qtbase-opensource-src vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Qt. Software Description: - qtbase-opensource-src: Qt 5 libraries Details: It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. (CVE-2020-17507) It was discovered that Qt incorrectly handled certain graphics operations. If a user or automated system were tricked into performing certain graphics operations, a remote attacker could cause Qt to crash, resulting in a denial of service. (CVE-2021-38593) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libqt5core5a 5.9.5+dfsg-0ubuntu2.6 libqt5gui5 5.9.5+dfsg-0ubuntu2.6 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5081-1 CVE-2020-17507, CVE-2021-38593 Package Information: https://launchpad.net/ubuntu/+source/qtbase-opensource-src/5.9.5+dfsg-0ubuntu2.6 . Qt libraries for Ubuntu 18.04 LTS have resolved security vulnerabilities. Updates addressing potential denial of service risks have been released.. Ubuntu Updates, Qt Security Issues, Denial Of Service, Software Fixes, Security Patch. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Sep 16, 2021 Critical Ubuntu
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200