Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
89
security advisoryfedoraDoSFedora 42 Incus 6.23 Security Update Advisory 2026-4481307278
Remove incus dependency from incus-agent. Update to 6.23. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-4481307278 2026-04-20 01:04:24.758007+00:00 -------------------------------------------------------------------------------- Name : incus Product : Fedora 42 Version : 6.23 Release : 3.fc42 URL : https://linuxcontainers.org/incus Summary : Powerful system container and virtual machine manager Description : Container hypervisor based on LXC Incus offers a REST API to remotely manage containers over the network, using an image based work-flow and with support for live migration. This package contains the Incus daemon. -------------------------------------------------------------------------------- Update Information: Remove incus dependency from incus-agent. Update to 6.23 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 9 2026 Carl George - 6.23-3 - Remove incus dependency from incus-agent rhbz#2456888 * Mon Apr 6 2026 Reto Gantenbein - 6.23-2 - Fix static builds of vendored dependencies (RHBZ 2419661) * Mon Apr 6 2026 Reto Gantenbein - 6.23-1 - Update to 6.23 * Mon Mar 30 2026 Neal Gompa - 6.19.1-4 - Drop selinux subpackage in favor of container-selinux * Tue Feb 3 2026 Maxwell G - 6.19.1-3 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 * Fri Jan 16 2026 Fedora Release Engineering - 6.19.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2390870 - incus: go-viper's mapstructure May Leak Sensitive Information in Logs [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2390870 [ 2 ] Bug #2398840 - CVE-2025-47910 incus: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398840 [3 ] Bug #2412795 - CVE-2025-58183 incus: Unbounded allocation when parsing GNU sparse map [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2412795 [ 4 ] Bug #2432454 - CVE-2026-23954 incus: container image templating arbitrary host file read and write [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2432454 [ 5 ] Bug #2432456 - CVE-2026-23953 incus: container environment configuration newline injection [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2432456 [ 6 ] Bug #2441165 - CVE-2025-69725 incus: Go-chi/chi: Open Redirect vulnerability allows redirection to malicious websites [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2441165 [ 7 ] Bug #2452041 - CVE-2026-33542 incus: Incus: Image cache poisoning due to insufficient image fingerprint validation [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2452041 [ 8 ] Bug #2452043 - CVE-2026-33897 incus: Incus: Arbitrary file read/write as root via pongo2 template chroot bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2452043 [ 9 ] Bug #2452045 - CVE-2026-33711 incus: Incus: Local privilege escalation or denial of service via predictable temporary file paths [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2452045 [ 10 ] Bug #2452047 - CVE-2026-33743 incus: Incus: Denial of Service via specially crafted storage bucket backup [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2452047 [ 11 ] Bug #2452105 - CVE-2026-33898 incus: Incus: Privilege escalation and unauthorized access due to improper authentication token validation in web UI [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452105 [ 12 ] Bug #2456888 - Installing incus-agent installs the entire incus stack https://bugzilla.redhat.com/show_bug.cgi?id=2456888 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnfupgrade --advisory FEDORA-2026-4481307278' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 20, 2026
•Informational
Fedora
200
security advisorycriticalcode executionScientific Linux: 2010-12-14 Critical HelixPlayer Code Execution Risk
Critical: HelixPlayer removal. Date: Fri, 17 Dec 2010 11:29:17 -0600 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Critical: HelixPlayer on SL4.x i386/x86_64 Comments: To: "
Dec 17, 2010
•Critical
Scientific Linux
98
security advisorycriticalRed Hat Enterprise LinuxRed Hat Enterprise Linux 4: RHSA-2010:0981-01 Critical Helix Player Removal
Helix Player contains multiple security flaws and should no longer be used. This update removes the HelixPlayer package from Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: HelixPlayer removal Advisory ID: RHSA-2010:0981-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0981.html Issue date: 2010-12-14 CVE Names: CVE-2010-2997 CVE-2010-4375 CVE-2010-4378 CVE-2010-4379 CVE-2010-4382 CVE-2010-4383 CVE-2010-4384 CVE-2010-4385 CVE-2010-4386 CVE-2010-4392 ==================================================================== 1. Summary: Helix Player contains multiple security flaws and should no longer be used. This update removes the HelixPlayer package from Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ppc, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, x86_64 Red Hat Enterprise Linux WS version 4 - i386, x86_64 3. Description: Helix Player is a media player. Multiple security flaws were discovered in RealPlayer. Helix Player and RealPlayer share a common source code base; therefore, some of the flaws discovered in RealPlayer may also affect Helix Player. Some of these flaws could, when opening, viewing, or playing a malicious media file or stream, lead to arbitrary code execution with the privileges of the user running Helix Player.(CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4384, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392) The Red Hat Security Response Team is unable to properly determine the impact or fix all of these issues in Helix Player, due to the source code for RealPlayer being unavailable. Due to the security concerns this update removes the HelixPlayer package from Red Hat Enterprise Linux 4. Users wishing to continue to use Helix Player should download it directly from 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 662772 - CVE-2010-4384 HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: i386: HelixPlayer-uninstall-1.0.6-3.el4_8.1.i386.rpm ppc: HelixPlayer-uninstall-1.0.6-3.el4_8.1.ppc.rpm x86_64: HelixPlayer-uninstall-1.0.6-3.el4_8.1.i386.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: HelixPlayer-uninstall-1.0.6-3.el4_8.1.i386.rpm x86_64: HelixPlayer-uninstall-1.0.6-3.el4_8.1.i386.rpm Red Hat Enterprise Linux ES version 4: Source: i386: HelixPlayer-uninstall-1.0.6-3.el4_8.1.i386.rpm x86_64: HelixPlayer-uninstall-1.0.6-3.el4_8.1.i386.rpm Red Hat Enterprise Linux WS version 4: Source: i386: HelixPlayer-uninstall-1.0.6-3.el4_8.1.i386.rpm x86_64: HelixPlayer-uninstall-1.0.6-3.el4_8.1.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7.References: https://access.redhat.com/security/cve/CVE-2010-2997 https://access.redhat.com/security/cve/CVE-2010-4375 https://access.redhat.com/security/cve/CVE-2010-4378 https://access.redhat.com/security/cve/CVE-2010-4379 https://access.redhat.com/security/cve/CVE-2010-4382 https://access.redhat.com/security/cve/CVE-2010-4383 https://access.redhat.com/security/cve/CVE-2010-4384 https://access.redhat.com/security/cve/CVE-2010-4385 https://access.redhat.com/security/cve/CVE-2010-4386 https://access.redhat.com/security/cve/CVE-2010-4392 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNB84bXlSAg2UNWIIRAurzAKC/eYDbV4KNsohBAZozNnjRVx/5OgCbBrwD k/QRneR3w4rm8HTzggXxlWQ=BC1/ -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Dec 14, 2010
•Critical
Red Hat
89
security advisorymoderatesoftware updateFedora 11: 2009-7794 Moderate: MoinMoin Fix for FCKeditor Issues
This update removes the filemanager directory from the embedded FCKeditor, it contains code with know security vulnerabilities, even though that code couldn't be invoked when Moin was used with the default settings. Moin was probably not affected, but installing this update is still recommended as a security measure. CVE-2009-2265 is the related CVE identifier.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-7794 2009-07-19 03:27:00 -------------------------------------------------------------------------------- Name : moin Product : Fedora 11 Version : 1.8.4 Release : 2.fc11 URL : http://moinmo.in/ Summary : MoinMoin is a WikiEngine to collaborate on easily editable web pages Description : MoinMoin is an advanced, easy to use and extensible WikiEngine with a large community of users. Said in a few words, it is about collaboration on easily editable web pages. -------------------------------------------------------------------------------- Update Information: This update removes the filemanager directory from the embedded FCKeditor, it contains code with know security vulnerabilities, even though that code couldn't be invoked when Moin was used with the default settings. Moin was probably not affected, but installing this update is still recommended as a security measure. CVE-2009-2265 is the related CVE identifier. -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 12 2009 Ville-Pekka Vainio 1.8.4-2 - Remove the filemanager directory from the embedded FCKeditor, it contains code with know security vulnerabilities, even though that code couldn't be invoked when moin was used with the default settings. - Fixes rhbz #509924, related to CVE-2009-2265 * Sat Jun 13 2009 Ville-Pekka Vainio 1.8.4-1 - Update to 1.8.4, http://moinmo.in/MoinMoinRelease1.8 has a list of changes. - Includes a security fix for hierarchical ACL (not the default mode), http://moinmo.in/SecurityFixes has the details. - Drop previous security patches, those are not needed anymore. -------------------------------------------------------------------------------- References: [ 1 ] Bug #509924 - CVE-2009-2265 moin: embedded fckeditor multiple directory traversal vulns https://bugzilla.redhat.com/show_bug.cgi?id=509924 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update moin' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Jul 19, 2009
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!