Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
100
security advisoryupdatebuffer overflowSUSE: 2025:0734-1 important: xorg-x11-server buffer overflow
* bsc#1237427 * bsc#1237429 * bsc#1237430 * bsc#1237431 * bsc#1237432 . # Security update for xorg-x11-server Announcement ID: SUSE-SU-2025:0734-1 Release Date: 2025-02-26T14:32:45Z Rating: important References: * bsc#1237427 * bsc#1237429 * bsc#1237430 * bsc#1237431 * bsc#1237432 * bsc#1237433 * bsc#1237434 * bsc#1237435 Cross-References: * CVE-2025-26594 * CVE-2025-26595 * CVE-2025-26596 * CVE-2025-26597 * CVE-2025-26598 * CVE-2025-26599 * CVE-2025-26600 * CVE-2025-26601 CVSS scores: * CVE-2025-26594 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L * CVE-2025-26594 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-26594 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-26595 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-26595 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2025-26595 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-26596 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-26596 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-26596 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-26597 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-26597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2025-26597 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-26598 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-26598 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2025-26598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-26599 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-26599 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2025-26599 ( NVD): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-26600 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-26600 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-26600 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-26601 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-26601 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-26601 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves eight vulnerabilities can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2025-26594: Use-after-free of the root cursor (bsc#1237427). * CVE-2025-26595: Buffer overflow in XkbVModMaskText() (bsc#1237429). * CVE-2025-26596: Heap overflow in XkbWriteKeySyms() (bsc#1237430). * CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() (bsc#1237431). * CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() (bsc#1237432). * CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() (bsc#1237433). * CVE-2025-26600: Use-after-free in PlayReleasedEvents() (bsc#1237434). * CVE-2025-26601: Use-after-free in SyncInitTrigger() (bsc#1237435). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-734=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patchSUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-734=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debugsource-1.19.6-10.80.1 * xorg-x11-server-extra-debuginfo-1.19.6-10.80.1 * xorg-x11-server-1.19.6-10.80.1 * xorg-x11-server-debuginfo-1.19.6-10.80.1 * xorg-x11-server-extra-1.19.6-10.80.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * xorg-x11-server-debugsource-1.19.6-10.80.1 * xorg-x11-server-extra-debuginfo-1.19.6-10.80.1 * xorg-x11-server-1.19.6-10.80.1 * xorg-x11-server-debuginfo-1.19.6-10.80.1 * xorg-x11-server-extra-1.19.6-10.80.1 ## References: * https://www.suse.com/security/cve/CVE-2025-26594.html * https://www.suse.com/security/cve/CVE-2025-26595.html * https://www.suse.com/security/cve/CVE-2025-26596.html * https://www.suse.com/security/cve/CVE-2025-26597.html * https://www.suse.com/security/cve/CVE-2025-26598.html * https://www.suse.com/security/cve/CVE-2025-26599.html * https://www.suse.com/security/cve/CVE-2025-26600.html * https://www.suse.com/security/cve/CVE-2025-26601.html * https://bugzilla.suse.com/show_bug.cgi?id=1237427 * https://bugzilla.suse.com/show_bug.cgi?id=1237429 * https://bugzilla.suse.com/show_bug.cgi?id=1237430 * https://bugzilla.suse.com/show_bug.cgi?id=1237431 * https://bugzilla.suse.com/show_bug.cgi?id=1237432 * https://bugzilla.suse.com/show_bug.cgi?id=1237433 * https://bugzilla.suse.com/show_bug.cgi?id=1237434 * https://bugzilla.suse.com/show_bug.cgi?id=1237435 . Essential security patch for SUSE xorg-x11-server rectifies various vulnerabilities and enhances overall system reliability.. SUSE xorg-x11 update, security fix, important advisory. . Severity: Important. LinuxSecurity.com Team
Feb 26, 2025
•Important
SuSE
98
security advisoryred hatsoftware updateRed Hat Fuse 7.10.1 RHSA-2022:0661-01 Critical Log4j Remote Code Execution
A minor version update (from 7.10 to 7.10.1) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Fuse 7.10.1 release and security update Advisory ID: RHSA-2022:0661-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2022:0661 Issue date: 2022-02-23 CVE Names: CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 ==================================================================== 1. Summary: A minor version update (from 7.10 to 7.10.1) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat Fuse 7.10.1 serves as a replacement for Red Hat Fuse 7.10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104) * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302) * log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305) * log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307) For more details about the security issue(s), including the impact, a CVSS score,acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ 4. Bugs fixed (https://bugzilla.redhat.com/): 2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer 5. References: https://access.redhat.com/security/cve/CVE-2021-4104 https://access.redhat.com/security/cve/CVE-2022-23302 https://access.redhat.com/security/cve/CVE-2022-23305 https://access.redhat.com/security/cve/CVE-2022-23307 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYhZdMtzjgjWX9erEAQgIEA//XnVYMHLAFtCBjFPQ/cDqZJQATTYwVuRh vz2rZ1k7kgO3ensjARLJuHWRyfxFxiXVwsr8Fzr6V6hqgsDbMMmkQwMlqw8kWvy5 cfXPKPx24fkXmErptLBWbwjLDKAAyw0rSca+ssR2u1jynk/9uELVOizbwGHkaPhL QrvF3f4AchzYDLg9lA3AhbqcmBdxpxbABhUIIs/5cI9r7igkrhZVUxglsQuR3wlP 8joIMDl+J9YuQ6uWG7cHrY5ZRaerJD/M09vUHA2IbJy6KvaWNeid5v9exOrZnP1j XDFsBlEKTs+TssdrgrQNBxmUWhxL0rP45hdOITyWWSV1eiwvxugOupPCWqiUT8bX qfeuw6zsiEDZHf8g0i72InTzdsp10FQlc8sSGWkx9LGMBW6v89El31kPHxrCpuye piG0wX1dF9fgPHTLxtOIxmWizb8i2JILQYlq4DlO51D5Ya6V/7H8V6/K/jk3hP64 GKi4YWo/1gzEEi+RuykYEUE5Ab2Pzztkvt+s47siLERA1IhqEGrBPT8o5mGDWrkC jaCe4nw1TvxAJ88CDE1048kNOGxdy/NBNQcakRNaqqGsRCd5rmRzD9+/nv7r2nvF O9Sd9JsLCpmmoF6Sko2mSne0qJdX8ISOe+xWWK9Kfa6DFaffU73PlBgPD6RuxZ3f 7sr++5C0fuM=Z5di -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 23, 2022
•Critical
Red Hat
89
security advisoryFedorasoftware patchFedora 33: 2021-11-25 Security Advisory For Getdata Memory Error
0.11.0, fix use after free, CVE-2021-20204. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-3b8bb26909 2021-11-25 01:04:40.275950 --------------------------------------------------------------------------------Name : getdata Product : Fedora 33 Version : 0.11.0 Release : 1.fc33 URL : Summary : Library for reading and writing dirfile data Description : The GetData Project is the reference implementation of the Dirfile Standards, a filesystem-based database format for time-ordered binary data. The Dirfile database format is designed to provide a fast, simple format for storing and reading data. --------------------------------------------------------------------------------Update Information: 0.11.0, fix use after free, CVE-2021-20204 --------------------------------------------------------------------------------ChangeLog: * Tue Nov 16 2021 Gwyn Ciesla - 0.11.0-1 - 0.11.0 - Spec cleanup. * Thu Jul 22 2021 Fedora Release Engineering - 0.10.0-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Tue Jan 26 2021 Fedora Release Engineering - 0.10.0-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1917635 - Memory corruption (use after free) in getdata v0.10.0 https://bugzilla.redhat.com/show_bug.cgi?id=1917635 [ 2 ] Bug #1956350 - CVE-2021-20204 getdata: Use after free in _GD_Supports() in encoding.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1956350 [ 3 ] Bug #2023520 - getdata-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2023520 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-3b8bb26909' at the command line. For moreinformation, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 24, 2021
•Important
Fedora
89
security advisorykernel updateFedoraFedora 35: FEDORA-2021-ed8c2e1098 Critical: Kernel Update 5.14.15
The 5.14.15 stable kernel update contains a number of important fixes across the tree.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-ed8c2e1098 2021-11-04 01:45:53.779732 --------------------------------------------------------------------------------Name : kernel Product : Fedora 35 Version : 5.14.15 Release : 300.fc35 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package --------------------------------------------------------------------------------Update Information: The 5.14.15 stable kernel update contains a number of important fixes across the tree. --------------------------------------------------------------------------------ChangeLog: * Wed Oct 27 2021 Justin M. Forbes [5.14.15-300] - Linux v5.14.15 --------------------------------------------------------------------------------References: [ 1 ] Bug #2000585 - CVE-2021-3760 kernel: nfc: Use-After-Free vulnerability of ndev-> rf_conn_info object https://bugzilla.redhat.com/show_bug.cgi?id=2000585 [ 2 ] Bug #2017073 - CVE-2021-43056 kernel: ppc: kvm: allows a malicious KVM guest to crash the host https://bugzilla.redhat.com/show_bug.cgi?id=2017073 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-ed8c2e1098' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 03, 2021
•Critical
Fedora
89
security advisoryfedorasoftware updateFedora 32: FEDORA-2020-fc9085727a Critical: Firefox Update
- New upstream release (82.0.3) ---- - Built with mozilla-openh264 weak dependency ---- - Require mozilla-openh264 package - Add firefox testing scripts. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-fc9085727a 2020-11-12 03:15:20.248493 --------------------------------------------------------------------------------Name : firefox Product : Fedora 32 Version : 82.0.3 Release : 1.fc32 URL : https://www.firefox.com/en-US/?redirect_source=mozilla-org Summary : Mozilla Firefox Web browser Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. --------------------------------------------------------------------------------Update Information: - New upstream release (82.0.3) ---- - Built with mozilla-openh264 weak dependency ---- - Require mozilla-openh264 package - Add firefox testing scripts --------------------------------------------------------------------------------ChangeLog: * Mon Nov 9 2020 Martin Stransky - 82.0.3-1 - Updated to 82.0.3 * Mon Nov 9 2020 Kalev Lember - 82.0.2-7 - Include date in appdata release tags * Fri Nov 6 2020 Tomas Popela - 82.0.2-6 - Re-enable s390x buils by backporting a change from Thunderbird https://src.fedoraproject.org/rpms/thunderbird/c/5f0bec1b5b79e117cc469710afbfa4d008af9c29?branch=master --------------------------------------------------------------------------------References: [ 1 ] Bug #1894217 - Cannot play H.264 video with OpenH264 https://bugzilla.redhat.com/show_bug.cgi?id=1894217 [ 2 ] Bug #1895873 - Firefox 82.0.3 available https://bugzilla.redhat.com/show_bug.cgi?id=1895873 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-fc9085727a' at the command line. For more information, refer to thednf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 11, 2020
•Critical
Fedora
89
security advisoryFedorasoftware upgradeFedora 32: FEDORA-2020-0fbf0db920 Moderate: Singularity Upgrade
Upgrade to upstream 3.6.4.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-0fbf0db920 2020-10-23 22:39:08.921306 --------------------------------------------------------------------------------Name : singularity Product : Fedora 32 Version : 3.6.4 Release : 1.fc32 URL : / Summary : Application and environment virtualization Description : Singularity provides functionality to make portable containers that can be used across host environments. --------------------------------------------------------------------------------Update Information: Upgrade to upstream 3.6.4. --------------------------------------------------------------------------------ChangeLog: * Tue Oct 13 2020 Dave Dykstra - 3.6.4-1 - Upgrade to upstream 3.6.4. --------------------------------------------------------------------------------References: [ 1 ] Bug #1887917 - singularity-3.6.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1887917 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-0fbf0db920' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 23, 2020
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!