Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
202
security advisorymoderateDoSopenSUSE: libxmp Moderate Stack Underflow Vulnerability 2025:0186-1
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for libxmp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0186-1 Rating: moderate References: Cross-References: CVE-2025-47256 CVSS scores: CVE-2025-47256 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libxmp fixes the following issues: - Update to release 4.6.3 * Fix crashes when xmp_set_position/xmp_set_row is used to set a negative position/row. * Fix hangs when xmp_prev_position is used on the first position of a sequence which is preceded by an S3M/IT skip marker. * Fix out-of-bounds reads when xmp_next_position is used at the end of a 256 position module. * Fix hangs when seeking to an end-of-module marker caused by these positions getting assigned a non-existent sequence. * Fix stack underflow in Pha Packer loader (CVE-2025-47256). * Fix broken conversion of ProRunner 2.0 pattern data. * xmp_set_tempo_factor no longer alters frame time calculation for xmp_get_frame_info. Frame time is now updated to account for the new time factor after calling xmp_scan_module. * Fix loading XMs with some types of harmless pattern truncation. * Fix Digital Tracker 2.03 position jump effect for 4 channel DTMs. * Fix pattern loop jump interactions with same row pattern jump/break: Scream Tracker 3.03b+; Impulse Tracker 1.00 to 1.06 IT; Impulse Tracker 2.00+ IT/S3M; Modplug Tracker 1.16 IT/XM/S3M; Imago Orpheus IMF/S3M; Liquid Tracker LIQ/S3M; Poly Tracker; Digital Tracker > =2.02 DTM/MOD; Digital Tracker 2.03 (partial); Digital Tracker1.9 (partial); Octalyser. * Fix the pattern loop effect in Astroidea XMF loader. - Update to release 4.6.2 * Fix MED effect 1Fxy (delay and retrigger). The new implementation supports both delay and retrigger at the same time and repeats. * Fix MED effect FF3 (revert change from 4.6.1). The buggy version of this effect prior to OctaMED v5 is not currently supported. * Fix MED3 and MED4 time factor and tempos 1-10. * Fix MED4 effect 9xx (set speed). * Add support for MED3 and MED4 song files. * Handle IT modules with edit history but no MIDI configuration. - Update to release 4.6.1 * Add stereo sample loading support for IT, S3M, XM, MED, LIQ, and Digital Tracker (partial). * Add sample preamplification to filter mixers for high sample rates. * Add support for Ultra Tracker tempo commands. * Load Ultra Tracker comments instead of skipping them. * Implement support for Protracker instrument swapping. * Implement retrigger effects for MED, OctaMED, and Liquid Tracker where only one retrigger occurs. Liquid Tracker (new format) and Digital Symphony now allow retrigger values larger than 15. * Fix loop detection edge cases broken by S3M/IT marker scan bugs. * Add fix for IT break to module scan. * Fix restart position for > 64k sample and Digital Tracker MODs. * Reset Invert Loop position when a new instrument is encountered. * MOD: make presence of invert loop override tracker ID guesses. * M.K. modules within Amiga limits which use EFx invert loop are now IDed as Protracker. * Support for loading Digital Tracker 2.03 DTMs (MOD patterns). * Support for loading Digital Tracker 1.9 DTMs (VERS/SV19). * Allow patterns up to 396 rows in Digital Home Studio DTMs. * Support for Digital Tracker 1.9 "MIDI note" transpose. * Simulate Digital Tracker effects bugs where possible. * A bunch of Liquid Tracker (.liq files) bug fixes * Fixout-of-bounds reads in His Master's Noise Mupp instruments. * Add compatibility for non-standard Pattern Loop implementations: Scream Tracker 3.01b; Scream Tracker 3.03b+; Impulse Tracker 1.00; Impulse Tracker 1.04 to 2.09; Modplug Tracker 1.16; Digital Tracker > =2.04; Digital Tracker 1.9; Octalyser; Imago Orpheus; Liquid Tracker; Poly Tracker. (MOD, FT2, and IT 2.10+ were already supported.) * S3M: Detect PlayerPRO, Velvet Studio and old MPT versions. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2025-186=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): libxmp-devel-4.6.3-bp156.2.3.1 libxmp4-4.6.3-bp156.2.3.1 References: https://www.suse.com/security/cve/CVE-2025-47256.html . A new version is released for openSUSE, targeting a moderate security flaw in libxmp that could lead to stack underflow and potential application crashes.. openSUSE Update, libxmp Fix, Security Advisory, moderate stack underflow, Linux application security. . LinuxSecurity.com Team
Jul 26, 2025
OpenSUSE
89
security advisoryFedorasecurity fixFedora 29: 2018-7652b51cc6 Critical Iniparser Stack Underflow
Security fix for BZ#1545825. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-7652b51cc6 2018-09-21 05:19:39.105242 --------------------------------------------------------------------------------Name : iniparser Product : Fedora 29 Version : 4.0 Release : 7.20160821git.fc29 URL : https://github.com/ndevilla/iniparser Summary : C library for parsing "INI-style" files Description : iniParser is an ANSI C library to parse "INI-style" files, often used to hold application configuration information. --------------------------------------------------------------------------------Update Information: Security fix for BZ#1545825 --------------------------------------------------------------------------------References: [ 1 ] Bug #1545824 - iniparser: stack-buffer-underflow in iniparser_load in iniparser.c https://bugzilla.redhat.com/show_bug.cgi?id=1545824 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-7652b51cc6' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Sep 21, 2018
•Critical
Fedora
89
security advisorycritical updateiniparserUbuntu 22.04: 2022-abc123def Critical: buffer Overflow Detected
Security fix for BZ#1545825. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-9e60953b74 2018-09-11 16:50:57.488242 --------------------------------------------------------------------------------Name : iniparser Product : Fedora 28 Version : 4.0 Release : 7.20160821git.fc28 URL : https://github.com/ndevilla/iniparser Summary : C library for parsing "INI-style" files Description : iniParser is an ANSI C library to parse "INI-style" files, often used to hold application configuration information. --------------------------------------------------------------------------------Update Information: Security fix for BZ#1545825 --------------------------------------------------------------------------------ChangeLog: * Fri Aug 31 2018 Robin Lee - 4.0-7.20160821git - Backport fix for BZ#1545825 * Fri Jul 13 2018 Fedora Release Engineering - 4.0-6.20160821git - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1545824 - iniparser: stack-buffer-underflow in iniparser_load in iniparser.c https://bugzilla.redhat.com/show_bug.cgi?id=1545824 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-9e60953b74' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Sep 11, 2018
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!