Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 44 Transmission 4.1.2 Important Clickjacking Fix CVE-2026-38978

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 libre 4.8.1 Critical Update Details for Real-Time Communication

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 NextCloud Update Denial of Service JSON Tampering 2026-30881a5be7

Calendar White Jun 05, 2026
Important
Fedora Large Esm H800
Fedora

Fedora 44 python-starlette Security Fix for CVE-2026-48710

Calendar White Jun 05, 2026
Critical
Fedora Large Esm H900
Fedora

Fedora 44 perl-Cpanel-JSON-XS Moderate Denial of Service CVE-2026-9516

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 rubygem-yard High Path Traversal Fix Vuln 2026-acefc1fe48

Calendar White Jun 05, 2026
high
Fedora Large Esm H800
Fedora

Fedora 44 Rust Sequoia Sop Low-Severity Fix Advisory 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Fedora Large Esm H900
Fedora

Fedora 44 rust-sequoia-sq Low Threat Security Advisory 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Fedora Large Esm H900
Fedora

Fedora 44 rust-sequoia-wot Low Severity Security Fix 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -7 articles for you...
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorycode executionrisk assessment

Mageia 6: MGASA-2018-0362 Moderate: Quazip Arbitrary Write Threat

Updated quazip packages fix security vulnerability: A vulnerability has been found in the way developers have implemented the archive extraction of files. An arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other . MGASA-2018-0362 - Updated quazip packages fix security vulnerability Publication date: 31 Aug 2018 URL: https://advisories.mageia.org/MGASA-2018-0362.html Type: security Affected Mageia releases: 6 CVE: CVE-2018-1002209 Updated quazip packages fix security vulnerability: A vulnerability has been found in the way developers have implemented the archive extraction of files. An arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar,xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. Of course if an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily. This affects multiple libraries that lacks of a high level APIs that provide the archive extraction functionality (CVE-2018-1002209). References: - https://bugs.mageia.org/show_bug.cgi?id=23446 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/TMQZPZKZJRQ6ESHXO5LCLIBYWOJX4HAX/ - https://www.cve.org/CVERecord?id=CVE-2018-1002209 SRPMS: - 6/core/quazip-0.7.6-1.mga6 . MGASA-2018-0362 - Updated quazip packages fix security vulnerability Publication date: 31 Aug 2018 U. vulnerability, updated, quazip, packages, security, found, develo. . LinuxSecurity.com Team

Calendar 2 Aug 31, 2018 Mageia
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryupdatecritical

Fedora 28: FEDORA-2018-0c586e5178 Critical: Quazip Zip Slip

* 2018-06-13 0.7.6 * Fixed the Zip Slip vulnerability in JlCompress * Renamed crypt.h to minizip_crypt.h to avoid conflicts * 2018-05-20 0.7.5 * Fixed target_link_libraries call in CMakeLists * Worked around a Qt 4.6 bug (QTBUG-15421) screwing up hidden files handling in JlCompress::compressDir() * Removed Q_FOREACH uses to avoid conflicts. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-0c586e5178 2018-08-14 21:06:35.949062 --------------------------------------------------------------------------------Name : quazip Product : Fedora 28 Version : 0.7.6 Release : 1.fc28 URL : https://github.com/stachenov/quazip Summary : Qt/C++ wrapper for the minizip library Description : QuaZIP is a simple C++ wrapper over Gilles Vollant's ZIP/UNZIP package that can be used to access ZIP archives. It uses Trolltech's Qt toolkit. QuaZIP allows you to access files inside ZIP archives using QIODevice API, and - yes! - that means that you can also use QTextStream, QDataStream or whatever you would like to use on your zipped files. QuaZIP provides complete abstraction of the ZIP/UNZIP API, for both reading from and writing to ZIP archives. --------------------------------------------------------------------------------Update Information: * 2018-06-13 0.7.6 * Fixed the Zip Slip vulnerability in JlCompress * Renamed crypt.h to minizip_crypt.h to avoid conflicts * 2018-05-20 0.7.5 * Fixed target_link_libraries call in CMakeLists * Worked around a Qt 4.6 bug (QTBUG-15421) screwing up hidden files handling in JlCompress::compressDir() * Removed Q_FOREACH uses to avoid conflicts (SF patch #32) * 2017-02-05 0.7.4 * Static analysis patch from Intel Deutschland GmbH * Replaced UNUSED with QUAZIP_UNUSED to avoid name clashes * Minor bugfixes --------------------------------------------------------------------------------ChangeLog: * Tue Jul 17 2018 Nicolas Chauvet - 0.7.6-1 - Update to 0.7.6 * Sat Jul 14 2018 Fedora Release Engineering - 0.7.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1593012 - CVE-2018-1002209 quazip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1593012 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-0c586e5178' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/TMQZPZKZJRQ6ESHXO5LCLIBYWOJX4HAX/ . Implementing essential quazip patch for Fedora to counter the Zip Slip threat. Update immediately to safeguard your system.. Quazip Update,Fedora Security,Zip Slip Fix,Arbitrary Code Exploit. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 14, 2018 Critical Fedora
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here