Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
89
security advisorysecurity issuefedoraFedora 43 rust-scx_rustland Critical Update CVE-2026-33056
Rebuilt with rust-tar 0.4.45 for CVE-2026-33056. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-51d92325e2 2026-04-02 01:05:52.796830+00:00 -------------------------------------------------------------------------------- Name : rust-scx_rustland Product : Fedora 43 Version : 0.0.3 Release : 8.fc43 URL : https://crates.io/crates/scx_rustland Summary : A simple user-space scheduler written in Rust Description : A BPF component (dispatcher) that implements the low level sched-ext functionalities and a user-space counterpart (scheduler), written in Rust, that implements the actual scheduling policy. This is used within sched_ext, which is a Linux kernel feature which enables implementing kernel thread schedulers in BPF and dynamically loading them. https://github.com/sched-ext/scx/tree/main -------------------------------------------------------------------------------- Update Information: Rebuilt with rust-tar 0.4.45 for CVE-2026-33056 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 23 2026 Benjamin A. Beasley - 0.0.3-8 - Rebuilt with rust-tar 0.4.45 for CVE-2026-33056 - Update License based on a current Rawhide build -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-51d92325e2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list
Apr 02, 2026
•Critical
Fedora
89
security advisoryupdateFedoraFedora 39: 2024-40ee18b2e7 Moderate: Rust Scx_rustland DoS Fix
This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-40ee18b2e7 2024-06-02 03:36:56.060441 -------------------------------------------------------------------------------- Name : rust-scx_rustland Product : Fedora 39 Version : 0.0.3 Release : 2.fc39 URL : Summary : A simple user-space scheduler written in Rust Description : A BPF component (dispatcher) that implements the low level sched-ext functionalities and a user-space counterpart (scheduler), written in Rust, that implements the actual scheduling policy. This is used within sched_ext, which is a Linux kernel feature which enables implementing kernel thread schedulers in BPF and dynamically loading them. https://github.com/sched-ext/scx/tree/main -------------------------------------------------------------------------------- Update Information: This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority security and / or safety fixes in crate dependencies that had not yet been handled via a separate (targeted) rebuild: h2 v0.3.26+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0332.html glib v0.19.4+ and backports (UB): core/pull/1343 hashbrown v0.14.5+ (UB): https://github.com/rust-lang/hashbrown/pull/511 rustls v0.22.4+, v0.21.11+(denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0336.html -------------------------------------------------------------------------------- ChangeLog: * Thu May 23 2024 Fabio Valentini - 0.0.3-2 - Rebuild with Rust 1.78 to fix incomplete debuginfo and backtraces -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-40ee18b2e7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 02, 2024
Fedora
98
security advisorymoderatesecurity updateRed Hat OpenShift 1.1.1 RHSA-2023:0584-01 Moderate: Scheduler Update
Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update Advisory ID: RHSA-2023:0584-01 Product: OSSO Advisory URL: Issue date: 2023-05-18 CVE Names: CVE-2021-46848 CVE-2022-1304 CVE-2022-1586 CVE-2022-2880 CVE-2022-4304 CVE-2022-4415 CVE-2022-4450 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-27664 CVE-2022-30293 CVE-2022-32189 CVE-2022-32190 CVE-2022-34903 CVE-2022-35737 CVE-2022-40303 CVE-2022-40304 CVE-2022-41715 CVE-2022-41717 CVE-2022-41724 CVE-2022-41725 CVE-2022-42898 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 CVE-2023-0361 CVE-2023-23916 ==================================================================== 1. Summary: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Security Fix(es): * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880) * golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) * golang:net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190) * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) * golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724) * golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725) * golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 2124668 - CVE-2022-32190 golang: net/url: JoinPath does not strip relative path components in all circumstances 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption 2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): WRKLDS-653 - New SSO 1.1.1 release to address existing CVEs 6.References: https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-2880 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4415 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27664 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-32189 https://access.redhat.com/security/cve/CVE-2022-32190 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-41715 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-41724 https://access.redhat.com/security/cve/CVE-2022-41725 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-23916 https://access.redhat.com/security/updates/classification#moderate 7. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZGa599zjgjWX9erEAQhr4A/+Ki9SxUDxWnm1pb4AEOxtHInGixGrqqsu xXRmwFcqSYJfXKYmr4Cwkcf5oVlDObHfKhcLqpFm4r1jOF37vMNfI3nrGSVaQ1dc bcqExxXWUPZQHBj25a6oKZx5To87fYrV7axeaeuYh+E2ktT1yEr619zCVlqisw1T nB/RdchGNEjZk9galUH63fzdZVQ3pbvaVBkOgTez5D9CK7Dw/PADAcTgKvFMa9Qk NBqihu0JemHi0wzCfIC/ozskEqdyE15Ut8pCywlD860VGSURR2T3zTzYATSmzzBK +EeI0P6/g7qWMBO7ldXlE22JriK5t97rY2EIR8bX9uiKrIVtppkpclxx76/QceMR zFFuh89SZLNhXLBZbtukLVhSudIecKHB+ytbYsY5YWaxcOuyj4/27odSCT8ftwkY QhzERjurqMJKS6k4JqfcAvJgsmIM1+f6Ct6XCgFcl4oj6pYYGaSk7IUOYtLdmj6u kNyW0C8HCmBST4lNrSmaj61+lgt4w6vA/398iS3R2QqHRdyffsA9w/zXHN9sEXOn OrD0RAA6+9wNq818HmKeZB5GDc0d9UOPCxfMepfUXahqKeTTDlKikzpUlrQ4l5c2 MlI6MgX8rTc+DwZnNCZ3r3MWWtSutmVuZ4fFrDv60GrDpMnMqt1XUawSIAvDcYuv 5jEpoBq/I5k=Ryg7 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 18, 2023
Red Hat
203
security advisorymoderatexml attackMageia 7: 2021-0133 Moderate: Quartz Scheduler XXE Issue
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description (CVE-2019-13990). References: . MGASA-2021-0133 - Updated quartz packages fix a security vulnerability Publication date: 14 Mar 2021 URL: https://advisories.mageia.org/MGASA-2021-0133.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-13990 initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description (CVE-2019-13990). References: - https://bugs.mageia.org/show_bug.cgi?id=26481 - https://lists.suse.com/pipermail/sle-security-updates/2020-April/006708.html - https://www.cve.org/CVERecord?id=CVE-2019-13990 SRPMS: - 7/core/quartz-2.2.1-9.1.mga7 . Fedora 2021-0325 addresses critical vulnerabilities with the release of new patches. Release date: 22 Apr 2021.. Quartz Security Fix, Mageia Update, XML Scheduling Vulnerability. . LinuxSecurity.com Team
Mar 14, 2021
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!