Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 13 articles for you...
89
security advisoryupdatebuffer overflowFedora 40: 2025-6f77f6c77a critical: Rizin command injection fix
CVE-2023-40022 rizin: Integer Overflow in C++ demangler logic CVE-2024-31669 rizin: Uncontrolled Resource Consumption via bin_pe_parse_imports CVE-2024-31670 rizin: buffer overflow via create_cache_bins CVE-2024-31668 rizin: improper neutralization of special elements via meta_set function. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-6f77f6c77a 2025-03-01 01:38:57.010399+00:00 -------------------------------------------------------------------------------- Name : cutter-re Product : Fedora 40 Version : 2.3.4 Release : 6.fc40 URL : https://cutter.re/ Summary : GUI for Rizin reverse engineering framework Description : Cutter is a Qt and C++ GUI for Rizin. Its goal is making an advanced, customizable and FOSS reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers. -------------------------------------------------------------------------------- Update Information: CVE-2023-40022 rizin: Integer Overflow in C++ demangler logic CVE-2024-31669 rizin: Uncontrolled Resource Consumption via bin_pe_parse_imports CVE-2024-31670 rizin: buffer overflow via create_cache_bins CVE-2024-31668 rizin: improper neutralization of special elements via meta_set function CVE-2024-53256 rizin: Rizin has a command injection via RzBinInfo bclass due legacy code rizin 0.7.2 / cutter-re 2.3.4 (fix changelog) rizin 0.7.2 / cutter-re 2.3.4 -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 16 2025 Fedora Release Engineering - 2.3.4-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Wed Jan 1 2025 Michal Ambroz - 2.3.4-5 - Rebuild with new version of rizin 0.7.4 * Wed Jul 17 2024 Fedora Release Engineering - 2.3.4-4 - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2333933 - CVE-2024-53256 rizin: Rizin has a command injection via RzBinInfo bclass due legacy code [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2333933 [ 2 ] Bug #2333934 - CVE-2024-53256 rizin: Rizin has a command injection via RzBinInfo bclass due legacy code [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2333934 [ 3 ] Bug #2340020 - cutter-re: FTBFS in Fedora rawhide/f42 https://bugzilla.redhat.com/show_bug.cgi?id=2340020 [ 4 ] Bug #2346253 - Non-responsive maintainer check for ret2libc https://bugzilla.redhat.com/show_bug.cgi?id=2346253 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6f77f6c77a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 01, 2025
•Critical
Fedora
172
security advisorydenial of serviceubuntuUbuntu 22.04 LTS: USN-6854-1 Critical: OpenSSL Denial Of Service
OpenSSL could be made to consume resources and cause long delays if it processed certain input.. ========================================================================== Ubuntu Security Notice USN-6854-1 June 27, 2024 openssl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: OpenSSL could be made to consume resources and cause long delays if it processed certain input. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: It was discovered that OpenSSL failed to choose an appropriately short private key size when computing shared-secrets in the Diffie-Hellman Key Agreement Protocol. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS libssl3 3.0.2-0ubuntu1.16 openssl 3.0.2-0ubuntu1.16 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6854-1 CVE-2022-40735 Package Information: https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.16 -- Alex Murray Staff Engineer | Security Engineering Adelaide, Australia (GMT+0930) . The Ubuntu Security Announcement USN-6855-1 warns about a vulnerability in OpenSSL that could cause possible service disruption through excessive resource use.. OpenSSL Vulnerability, Ubuntu Update, DoS Threat. . Severity: Critical. LinuxSecurity.com Team
Jun 27, 2024
•Critical
Ubuntu
172
security advisorysecurity updateUbuntuUbuntu: 6665-1 Unbound Critical Update For Denial Of Service Risk
Several security issues were fixed in Unbound.. ========================================================================== Ubuntu Security Notice USN-6665-1 February 28, 2024 unbound vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Unbound. Software Description: - unbound: validating, recursive, caching DNS resolver Details: Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Unbound incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Unbound to consume resources, leading to a denial of service. (CVE-2023-50387) It was discovered that Unbound incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Unbound to consume resources, leading to a denial of service. (CVE-2023-50868) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: libunbound8 1.17.1-2ubuntu0.1 unbound 1.17.1-2ubuntu0.1 Ubuntu 22.04 LTS: libunbound8 1.13.1-1ubuntu5.4 unbound 1.13.1-1ubuntu5.4 Ubuntu 20.04 LTS: libunbound8 1.9.4-2ubuntu1.5 unbound 1.9.4-2ubuntu1.5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6665-1 CVE-2023-50387, CVE-2023-50868 Package Information: https://launchpad.net/ubuntu/+source/unbound/1.17.1-2ubuntu0.1 https://launchpad.net/ubuntu/+source/unbound/1.13.1-1ubuntu5.4 https://launchpad.net/ubuntu/+source/unbound/1.9.4-2ubuntu1.5 . Major security flaws have been resolved for Ubuntuversions 23.10, 22.04, and 20.04 LTS, along with instructions for implementing necessary updates.. Ubuntu Security Notice, Unbound Issues, DNS Security Fixes. . Severity: Critical. LinuxSecurity.com Team
Feb 28, 2024
•Critical
Ubuntu
100
security advisoryimportantSUSESUSE: 2023:4631-1 Critical: python-Pillow resource issue
* bsc#1216894 Cross-References: * CVE-2023-44271 . # Security update for python-Pillow Announcement ID: SUSE-SU-2023:4631-1 Rating: important References: * bsc#1216894 Cross-References: * CVE-2023-44271 CVSS scores: * CVE-2023-44271 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44271 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud Crowbar 8 An update that solves one vulnerability can now be installed. ## Description: This update for python-Pillow fixes the following issues: * CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (bsc#1216894). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-4631=1 * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-4631=1 * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-4631=1 ## Package List: * SUSE OpenStack Cloud Crowbar 8 (x86_64) * python-Pillow-debuginfo-4.2.1-3.23.2 * python-Pillow-4.2.1-3.23.2 * python-Pillow-debugsource-4.2.1-3.23.2 * HPE Helion OpenStack 8 (x86_64) * python-Pillow-debuginfo-4.2.1-3.23.2 * python-Pillow-4.2.1-3.23.2 * python-Pillow-debugsource-4.2.1-3.23.2 * SUSE OpenStack Cloud 8 (x86_64) * python-Pillow-debuginfo-4.2.1-3.23.2 * python-Pillow-4.2.1-3.23.2 * python-Pillow-debugsource-4.2.1-3.23.2 ## References: * https://www.suse.com/security/cve/CVE-2023-44271.html * https://bugzilla.suse.com/show_bug.cgi?id=1216894 . Critical fix forpython-Pillow addresses a significant resource dispute affecting various OpenSUSE iterations.. Python-Pillow, resource management, SUSE update methods, security advice. . Severity: Important. LinuxSecurity.com Team
Dec 01, 2023
•Important
SuSE
100
security advisorycritical updateopenSUSEopenSUSE 15.4, 15.5: 2023:4528-1 Critical: Python-Pillow Resource Issue
* bsc#1216894 Cross-References: * CVE-2023-44271 . # Security update for python-Pillow Announcement ID: SUSE-SU-2023:4528-1 Rating: important References: * bsc#1216894 Cross-References: * CVE-2023-44271 CVSS scores: * CVE-2023-44271 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44271 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Python 3 Module 15-SP4 * Python 3 Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-Pillow fixes the following issues: * CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (bsc#1216894). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4528=1 openSUSE-SLE-15.4-2023-4528=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4528=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-4528=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2023-4528=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python311-Pillow-tk-9.5.0-150400.5.6.1 *python-Pillow-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-tk-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-9.5.0-150400.5.6.1 * python311-Pillow-debuginfo-9.5.0-150400.5.6.1 * python-Pillow-debugsource-9.5.0-150400.5.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python311-Pillow-tk-9.5.0-150400.5.6.1 * python-Pillow-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-tk-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-9.5.0-150400.5.6.1 * python311-Pillow-debuginfo-9.5.0-150400.5.6.1 * python-Pillow-debugsource-9.5.0-150400.5.6.1 * Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python311-Pillow-tk-9.5.0-150400.5.6.1 * python-Pillow-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-tk-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-9.5.0-150400.5.6.1 * python311-Pillow-debuginfo-9.5.0-150400.5.6.1 * python-Pillow-debugsource-9.5.0-150400.5.6.1 * Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python311-Pillow-tk-9.5.0-150400.5.6.1 * python-Pillow-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-tk-debuginfo-9.5.0-150400.5.6.1 * python311-Pillow-9.5.0-150400.5.6.1 * python311-Pillow-debuginfo-9.5.0-150400.5.6.1 * python-Pillow-debugsource-9.5.0-150400.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-44271.html * https://bugzilla.suse.com/show_bug.cgi?id=1216894 . Essential patch for Python-Pillow resolving resource management concerns with key corrections and setup instructions.. python-Pillow Security Update, openSUSE Advisory, Resource Consumption Fix. . Severity: Critical. LinuxSecurity.com Team
Nov 22, 2023
•Critical
SuSE
100
security advisorysoftware updateimportantopenSUSE: 2023:4465-1 Important: Python-Pillow Resource Issue
* bsc#1216894 Cross-References: * CVE-2023-44271 . # Security update for python-Pillow Announcement ID: SUSE-SU-2023:4465-1 Rating: important References: * bsc#1216894 Cross-References: * CVE-2023-44271 CVSS scores: * CVE-2023-44271 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44271 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that solves one vulnerability can now be installed. ## Description: This update for python-Pillow fixes the following issues: * CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (bsc#1216894). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4465=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4465=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4465=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python-Pillow-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-7.2.0-150300.3.3.1 * python3-Pillow-7.2.0-150300.3.3.1 * python-Pillow-debugsource-7.2.0-150300.3.3.1 * python3-Pillow-debuginfo-7.2.0-150300.3.3.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * python-Pillow-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-7.2.0-150300.3.3.1 * python3-Pillow-7.2.0-150300.3.3.1 * python-Pillow-debugsource-7.2.0-150300.3.3.1 * python3-Pillow-debuginfo-7.2.0-150300.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python-Pillow-debuginfo-7.2.0-150300.3.3.1 *python3-Pillow-tk-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-7.2.0-150300.3.3.1 * python3-Pillow-7.2.0-150300.3.3.1 * python-Pillow-debugsource-7.2.0-150300.3.3.1 * python3-Pillow-debuginfo-7.2.0-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-44271.html * https://bugzilla.suse.com/show_bug.cgi?id=1216894 . Important patch for python-Pillow resolving high resource usage in openSUSE Leap 15.x versions, along with detailed installation guidelines.. Python Pillow Update, SUSE Security Advisory, Resource Consumption Fix. . Severity: Important. LinuxSecurity.com Team
Nov 16, 2023
•Important
SuSE
202
security advisorysecurity updateimportantopenSUSE Leap 15.x: SUSE-SU-2023:4465-1 critical python-Pillow resource bug
This update for python-Pillow fixes the following issues: CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (bsc#1216894).. # Security update for python-Pillow Announcement ID: SUSE-SU-2023:4465-1 Rating: important References: * bsc#1216894 Cross-References: * CVE-2023-44271 CVSS scores: * CVE-2023-44271 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44271 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that solves one vulnerability can now be installed. ## Description: This update for python-Pillow fixes the following issues: * CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (bsc#1216894). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4465=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4465=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4465=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python-Pillow-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-7.2.0-150300.3.3.1 * python3-Pillow-7.2.0-150300.3.3.1 * python-Pillow-debugsource-7.2.0-150300.3.3.1 * python3-Pillow-debuginfo-7.2.0-150300.3.3.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * python-Pillow-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-7.2.0-150300.3.3.1 * python3-Pillow-7.2.0-150300.3.3.1 * python-Pillow-debugsource-7.2.0-150300.3.3.1 *python3-Pillow-debuginfo-7.2.0-150300.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python-Pillow-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-debuginfo-7.2.0-150300.3.3.1 * python3-Pillow-tk-7.2.0-150300.3.3.1 * python3-Pillow-7.2.0-150300.3.3.1 * python-Pillow-debugsource-7.2.0-150300.3.3.1 * python3-Pillow-debuginfo-7.2.0-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-44271.html * https://bugzilla.suse.com/show_bug.cgi?id=1216894 . This vital briefing addresses resource allocation in Python-Pillow, highlighting essential security measures for openSUSE Leap users.. openSUSE update, python-Pillow security, important fixes. . Severity: Important. LinuxSecurity.com Team
Nov 16, 2023
•Important
OpenSUSE
89
security advisoryfedoracriticalFedora 38: 2023-1a120657f9 Critical Resource Issue in Python Pillow
Update to 9.5.0, backport fix for CVE-2023-44271.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-1a120657f9 2023-11-12 01:42:07.505752 -------------------------------------------------------------------------------- Name : python-pillow Product : Fedora 38 Version : 9.5.0 Release : 1.fc38 URL : Summary : Python image processing library Description : Python image processing library, fork of the Python Imaging Library (PIL) This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt), devel (development) and doc (documentation). -------------------------------------------------------------------------------- Update Information: Update to 9.5.0, backport fix for CVE-2023-44271. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 3 2023 Sandro Mani - 9.5.0-1 - Update to 9.5.0 - Backport fix for CVE-2023-44271 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2247821 - CVE-2023-44271 python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247821 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-1a120657f9' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 12, 2023
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!