Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
89
security advisoryfedoracode executionFedora 42: conda-build 25.4.0 Critical Code Execution 2025-eb0eab6793
Update to 25.4.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-eb0eab6793 2025-12-17 01:31:51.636606+00:00 -------------------------------------------------------------------------------- Name : conda-build Product : Fedora 42 Version : 25.4.0 Release : 1.fc42 URL : https://github.com/conda/conda-build Summary : Commands and tools for building conda packages Description : You can easily build your own packages for conda, and upload them to anaconda.org, a free service for hosting packages for conda, as well as other package managers. To build a package, create a recipe. See https://github.com/conda-archive/conda-recipes for many example recipes, and https://docs.conda.io/projects/conda-build/en/latest/index.html for documentation on how to build recipes. To upload to anaconda.org, create an account. Then, install the anaconda-client and login $ conda install anaconda-client $ anaconda login Then, after you build your recipe $ conda build you will be prompted to upload to anaconda.org. To add your anaconda.org channel, or the channel of others to conda so that conda install will find and install their packages, run $ conda config --add channels https://conda.anaconda.org/username (replacing username with the user name of the person whose channel you want to add). -------------------------------------------------------------------------------- Update Information: Update to 25.4.0 -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 8 2025 Orion Poplawski - 25.4.0-1 - Update to 25.4.0 (CVE-2025-32797, CVE-2025-32798, CVE-2025-32799, CVE-2025-32800) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2373074 - CVE-2025-32797 conda-build: Conda-build Code Execution [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2373074 [ 2 ] Bug #2373086 - CVE-2025-32800 conda-build: Conda-build supply chain confusion [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2373086 [ 3 ] Bug #2373088 - CVE-2025-32798 conda-build: Conda-build Code Execution [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2373088 [ 4 ] Bug #2373089 - CVE-2025-32799 conda-build: Conda-build Path Traversal [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2373089 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-eb0eab6793' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 17, 2025
•Critical
Fedora
100
security advisoryimportantopenSUSESUSE: 2025:02037-1 important: ghc-pandoc Polyfill Attack Fix
* bsc#1227690 Cross-References: * CVE-2024-38526 . # Security update for ghc-pandoc Announcement ID: SUSE-SU-2025:02037-1 Release Date: 2025-06-20T09:40:29Z Rating: important References: * bsc#1227690 Cross-References: * CVE-2024-38526 CVSS scores: * CVE-2024-38526 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for ghc-pandoc fixes the following issues: * CVE-2024-38526: Fixed Polyfill Supply Chain Attack (bsc#1227690). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-2037=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-2037=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2037=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2037=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ghc-pandoc-3.1.11.1-150500.11.6.1 * ghc-pandoc-devel-3.1.11.1-150500.11.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * ghc-pandoc-3.1.11.1-150500.11.6.1 * ghc-pandoc-devel-3.1.11.1-150500.11.6.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) *ghc-pandoc-3.1.11.1-150500.11.6.1 * ghc-pandoc-devel-3.1.11.1-150500.11.6.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * ghc-pandoc-3.1.11.1-150500.11.6.1 * ghc-pandoc-devel-3.1.11.1-150500.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-38526.html * https://bugzilla.suse.com/show_bug.cgi?id=1227690 . A crucial security update for ghc-pandoc has been released to address vulnerabilities related to CVE-2024-38526, urging users to take immediate action. SUSE, ghc-pandoc, patch instructions, Polyfill Attack, CVE-2024-38526. . Severity: Important. LinuxSecurity.com Team
Jun 20, 2025
•Important
SuSE
89
security advisorysecurity updateFedoraFedora 37: FEDORA-2023-c9b2182a4e moderate: golang-oras DoS
Update helm to 3.11.1, resolving multiple security issues. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-c9b2182a4e 2023-02-23 02:18:27.224403 --------------------------------------------------------------------------------Name : golang-oras Product : Fedora 37 Version : 0.15.1 Release : 1.20221105git690716b.fc37 URL : https://github.com/oras-project/oras Summary : Work with OCI registries, but for secure supply chain Description : Work with OCI registries, but for secure supply chain - managing content like artifacts, images, SBOM. --------------------------------------------------------------------------------Update Information: Update helm to 3.11.1, resolving multiple security issues --------------------------------------------------------------------------------ChangeLog: * Tue Feb 21 2023 Davide Cavalca - 0.15.1-1 - Initial import; Fixes: RHBZ#2172238 --------------------------------------------------------------------------------References: [ 1 ] Bug #1971029 - Cannot build for s390x due to missing dependency https://bugzilla.redhat.com/show_bug.cgi?id=1971029 [ 2 ] Bug #1971091 - Test failures on 32bit arches https://bugzilla.redhat.com/show_bug.cgi?id=1971091 [ 3 ] Bug #1977738 - golang-helm-3-3.11.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1977738 [ 4 ] Bug #2045644 - golang-helm-3: FTBFS in Fedora rawhide/f36 https://bugzilla.redhat.com/show_bug.cgi?id=2045644 [ 5 ] Bug #2097975 - CVE-2022-1996 golang-helm-3: go-restful: Authorization Bypass Through User-Controlled Key [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2097975 [ 6 ] Bug #2138841 - F38FailsToInstall: golang-helm-3-devel https://bugzilla.redhat.com/show_bug.cgi?id=2138841 [ 7 ] Bug #2142198 - F37FailsToInstall: golang-helm-3-devel https://bugzilla.redhat.com/show_bug.cgi?id=2142198 [ 8 ] Bug#2142210 - F36FailsToInstall: golang-helm-3-devel https://bugzilla.redhat.com/show_bug.cgi?id=2142210 [ 9 ] Bug #2155938 - CVE-2022-23526 golang-helm-3: helm: Denial of service through schema file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2155938 [ 10 ] Bug #2155939 - CVE-2022-23524 golang-helm-3: helm: Denial of service through string value parsing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2155939 [ 11 ] Bug #2163231 - CVE-2022-41717 golang-helm-3: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2163231 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-c9b2182a4e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Feb 23, 2023
Fedora
89
security advisoryFedorasecurity fixFedora 34: FEDORA-2021-1805eacb48 Important Rust-Cranelift-Native Update
- Update cranelift crates to version 0.77.0. - Update the wast crate to version 38.0.0. - Update the wat crate to version 1.0.40. - Update the wasmparser crate to version 0.80.1. - Update wasmtime crates to version 0.30.0. - Update the backtrace crate to version 0.3.61. - Update the addr2line crate to version 0.16.0. - Update the object crate to version 0.26.2. - Update the gimli crate to. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-1805eacb48 2021-10-04 01:03:57.321113 --------------------------------------------------------------------------------Name : rust-cranelift-native Product : Fedora 34 Version : 0.77.0 Release : 1.fc34 URL : Summary : Support for targeting the host with Cranelift Description : Support for targeting the host with Cranelift. --------------------------------------------------------------------------------Update Information: - Update cranelift crates to version 0.77.0. - Update the wast crate to version 38.0.0. - Update the wat crate to version 1.0.40. - Update the wasmparser crate to version 0.80.1. - Update wasmtime crates to version 0.30.0. - Update the backtrace crate to version 0.3.61. - Update the addr2line crate to version 0.16.0. - Update the object crate to version 0.26.2. - Update the gimli crate to version 0.25.0. The cranelift and wasmtime package updates also include security fixes for CVE-2021-39216, CVE-2021-39218, and CVE-2021-39219. --------------------------------------------------------------------------------ChangeLog: * Wed Sep 22 2021 Olivier Lemasle - 0.77.0-1 - Update to upstream 0.77.0 * Fri Jul 23 2021 Fedora Release Engineering - 0.75.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-1805eacb48' at the command line.For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 03, 2021
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!