Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
172
security advisorydenial of serviceUbuntuUbuntu 25.10 alsa-lib Important DoS Vulnerability USN-8044-1 CVE-2026-25068
alsa-lib could be made to crash or run programs if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-8044-1 February 16, 2026 alsa-lib vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: alsa-lib could be made to crash or run programs if it opened a specially crafted file. Software Description: - alsa-lib: shared library for ALSA applications Details: It was discovered that alsa-lib incorrectly handled the topology mixer control decoder. A local attacker could use a specially crafted topology file to cause alsa-lib to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 libasound2t64 1.2.14-1ubuntu1.1 Ubuntu 24.04 LTS libasound2t64 1.2.11-1ubuntu0.2 Ubuntu 22.04 LTS libasound2 1.2.6.1-1ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8044-1 CVE-2026-25068 Package Information: https://launchpad.net/ubuntu/+source/alsa-lib/1.2.14-1ubuntu1.1 https://launchpad.net/ubuntu/+source/alsa-lib/1.2.11-1ubuntu0.2 https://launchpad.net/ubuntu/+source/alsa-lib/1.2.6.1-1ubuntu1.1 . Address alsa-lib issue in Ubuntu 25.10, 24.04 LTS, and 22.04 LTS causing potential crash and DoS.. alsa-lib,Ubuntu,security advisory,software update. . Severity: Important. LinuxSecurity.com Team
Feb 16, 2026
•Important
Ubuntu
89
security advisoryupdateFedoraFedora 39 WEBKITGTK-2023-8F84DC8E09 Moderate: fix crashes
* Bump Safari version in user agent header. * Fix blob URL regression that broke many websites. * Fix several crashes and rendering issues. * Fix CVE-2023-41983 and CVE-2023-42852. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-8f84dc8e09 2023-11-30 03:29:42.580492 -------------------------------------------------------------------------------- Name : webkitgtk Product : Fedora 39 Version : 2.42.2 Release : 1.fc39 URL : https://www.webkitgtk.org/ Summary : GTK web content engine library Description : WebKitGTK is the port of the WebKit web rendering engine to the GTK platform. -------------------------------------------------------------------------------- Update Information: * Bump Safari version in user agent header. * Fix blob URL regression that broke many websites. * Fix several crashes and rendering issues. * Fix CVE-2023-41983 and CVE-2023-42852 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 10 2023 Michael Catanzaro - 2.42.2-1 - Update to 2.42.2 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-8f84dc8e09' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 30, 2023
Fedora
172
security advisorycritical severityUbuntu distributionUbuntu: 23.10, 23.04, 22.04 LTS Critical: Iniparser Crash
Iniparser could be made to crash if it received a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-6486-1 November 20, 2023 iniparser vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 23.04 - Ubuntu 22.04 LTS Summary: Iniparser could be made to crash if it received a specially crafted file. Software Description: - iniparser: development files for the iniParser INI file reader/writer Details: It was discovered that iniParser incorrectly handled certain files. An attacker could possibly use this issue to cause a crash. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: libiniparser1 4.1-6ubuntu0.23.10.1 Ubuntu 23.04: libiniparser1 4.1-6ubuntu0.23.04.1 Ubuntu 22.04 LTS: libiniparser1 4.1-4ubuntu4.1 In general, a standard system update will make all the necessary changes. References: CVE-2023-33461 Package Information: https://launchpad.net/ubuntu/+source/iniparser/4.1-6ubuntu0.23.10.1 https://launchpad.net/ubuntu/+source/iniparser/4.1-6ubuntu0.23.04.1 https://launchpad.net/ubuntu/+source/iniparser/4.1-4ubuntu4.1 . A vulnerability has been discovered in various Ubuntu releases stemming from a flaw in iniparser, which could lead to crashes when processing specially crafted input files.. iniparser security, Ubuntu software issue, software crash, Ubuntu iniparser vulnerability. . Severity: Critical. LinuxSecurity.com Team
Nov 20, 2023
•Critical
Ubuntu
89
security advisoryFedorasoftware crashFedora 37: FEDORA-2023-1d0d71b6aa Moderate: Sequoia-OpenPGP Update
- Update the sequoia-openpgp crate to version 1.16.0. - Update the nettle crate to version 7.3.0. - Update the nettle-sys crate to version 2.2.0. - Update the buffered-reader crate to version 1.2.0. Version 1.16.0 of the sequoia-openpgp crate fixes some issues in parsing code, which could lead to attempted out-of- bounds accesses that result in crashes due to bounds checks which are included. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-1d0d71b6aa 2023-05-27 01:25:15.781100 --------------------------------------------------------------------------------Name : rust-rpm-sequoia Product : Fedora 37 Version : 1.4.0 Release : 3.fc37 URL : Summary : Implementation of the RPM PGP interface using Sequoia Description : An implementation of the RPM PGP interface using Sequoia. --------------------------------------------------------------------------------Update Information: - Update the sequoia-openpgp crate to version 1.16.0. - Update the nettle crate to version 7.3.0. - Update the nettle-sys crate to version 2.2.0. - Update the buffered-reader crate to version 1.2.0. Version 1.16.0 of the sequoia-openpgp crate fixes some issues in parsing code, which could lead to attempted out-of-bounds accesses that result in crashes due to bounds checks which are included by default in Rust code. This update contains rebuilds of all applications that are based on sequoia-openpgp to address this issue. ---- Update to version 1.5.0. This release improves compatibility with the version of librnp that's bundled in recent versions of thunderbird. --------------------------------------------------------------------------------ChangeLog: * Thu May 18 2023 Fabio Valentini - 1.4.0-3 - Rebuild for sequoia-openpgp v1.16 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2023-1d0d71b6aa' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 27, 2023
Fedora
89
security advisoryupdateFedoraFedora 36: Critical golang-github-containerd-continuity Crash Issues
Rebuild for CVE-2022-27191 ---- Fix FTBFS Close: rhbz#2045471. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-08ae2dd481 2022-05-07 04:08:14.315797 --------------------------------------------------------------------------------Name : golang-github-containerd-continuity Product : Fedora 36 Version : 0.2.2 Release : 2.fc36 URL : https://github.com/containerd/continuity Summary : A transport-agnostic, filesystem metadata manifest system Description : A transport-agnostic, filesystem metadata manifest system. --------------------------------------------------------------------------------Update Information: Rebuild for CVE-2022-27191 ---- Fix FTBFS Close: rhbz#2045471 --------------------------------------------------------------------------------ChangeLog: * Sat Apr 16 2022 Fabio Alessandro Locati 0.2.2-2 - Rebuilt for CVE-2022-27191 --------------------------------------------------------------------------------References: [ 1 ] Bug #2045471 - golang-github-appc-goaci: FTBFS in Fedora rawhide/f36 https://bugzilla.redhat.com/show_bug.cgi?id=2045471 [ 2 ] Bug #2074262 - CVE-2022-27191 golang-x-crypto: golang: crash in a golang.org/x/crypto/ssh server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2074262 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-08ae2dd481' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 07, 2022
•Critical
Fedora
203
security advisorysecurity issuecriticalMageia: 2022-0150 Critical: Libinput Crash And Information Exposure
libinput could be made to crash or expose sensitive information. (CVE-2022-1215) References: - https://bugs.mageia.org/show_bug.cgi?id=30308 . MGASA-2022-0150 - Updated libinput packages fix security vulnerability Publication date: 23 Apr 2022 URL: https://advisories.mageia.org/MGASA-2022-0150.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-1215 libinput could be made to crash or expose sensitive information. (CVE-2022-1215) References: - https://bugs.mageia.org/show_bug.cgi?id=30308 - https://lists.x.org/archives/xorg-announce/2022-April/003159.html - https://ubuntu.com/security/notices/USN-5382-1 - https://www.cve.org/CVERecord?id=CVE-2022-1215 SRPMS: - 8/core/libinput-1.16.4-1.1.mga8 . Revised libinput updates address significant vulnerability concerning data leakage. Released on 23 Apr 2022, find further details.. libinput Security Update, Mageia Vulnerability, Software Crash Issue. . Severity: Critical. LinuxSecurity.com Team
Apr 23, 2022
•Critical
Mageia
100
security advisorypatchimportantSUSE: 2020:3940-1 Important: GIMP Out-Of-Bounds Read Issue
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3940-1 Rating: important References: #1073628 #1178726 Cross-References: CVE-2017-17787 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gimp fixes the following issues: Security issue fixed: - CVE-2017-17787: Fixed an out-of-bounds read in the PSP importer (bsc#1073628). Non-security issue fixed: - Fixed a software crash while importing a _PostScript_ file (bsc#1178726). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-3940=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): gimp-lang-2.8.22-5.8.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): gimp-2.8.22-5.8.1 gimp-debuginfo-2.8.22-5.8.1 gimp-debugsource-2.8.22-5.8.1 gimp-devel-2.8.22-5.8.1 gimp-devel-debuginfo-2.8.22-5.8.1 gimp-plugins-python-2.8.22-5.8.1 gimp-plugins-python-debuginfo-2.8.22-5.8.1 libgimp-2_0-0-2.8.22-5.8.1 libgimp-2_0-0-debuginfo-2.8.22-5.8.1 libgimpui-2_0-0-2.8.22-5.8.1 libgimpui-2_0-0-debuginfo-2.8.22-5.8.1 References: https://www.suse.com/security/cve/CVE-2017-17787.html https://bugzilla.suse.com/1073628 https://bugzilla.suse.com/1178726 . SUSE has released a Security Update for GIMP to tackle anout-of-bounds access problem along with a non-security fix in the application.. SUSE Security Update,GIMP Patch,Software Update,Linux Security. . Severity: Important. LinuxSecurity.com Team
Dec 28, 2020
•Important
SuSE
89
security advisorydata protectionFedoraFedora 24: Globus XIO GSI Driver Update Addresses Safety Issues
globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-5f8ebbd2b1 2017-07-03 18:56:27.414469 --------------------------------------------------------------------------------Name : globus-xio-gsi-driver Product : Fedora 24 Version : 3.11 Release : 1.fc24 URL : http://toolkit.globus.org/ Summary : Globus Toolkit - Globus XIO GSI Driver Description : The Globus Toolkit is an open source software toolkit used for building Grid systems and applications. It is being developed by the Globus Alliance and many others all over the world. A growing number of projects and companies are using the Globus Toolkit to unlock the potential of grids for their cause. The globus-xio-gsi-driver package contains: Globus XIO GSI Driver --------------------------------------------------------------------------------Update Information: globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public handle (9.26) * Prevent some race conditions (9.27) globus-gram-job-manager * Default to running personal gatekeeper on an ephemeral port globus-gridftp-server * New error message format (12.0) * Configuration database (12.0) * Better delay for end of session ref check (12.1) * Fix tests when getgroups() doesnot return effective gid (12.2) globus-gssapi-gsi * Don't unlock unlocked mutex (12.14) * Remove legacy SSLv3 support (12.15) * Test fixes (12.16) * Drop patch globus-gssapi-gsi-mutex-unlock.patch (fixed upstream 12.14) globus-io * Remove legacy SSLv3 support globus-net-manager * Fix .pc typo * Drop patch globus-net-manager-pkgconfig.patch (fixed upstream) globus-xio * Don't rely on globus_error_put(NULL) to be GLOBUS_SUCCESS (5.15) * Fix crash in error handling in http driver (5.16) globus-xio-gsi-driver * Fix crash when checking for anonymous GSS name when name comparison fails globus-xio-pipe-driver * Fix .pc typo globus-xio-udt-driver * Don't force --static flag to pkg-config * Drop some BuildRequires no longer needed with above change * Fix undefined symbols during linking myproxy * Fix error check (6.1.26) * Remove legacy SSLv3 support (6.1.27) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade globus-xio-gsi-driver' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jul 04, 2017
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!