Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 27 articles for you...
89
security advisoryfedorabuffer overflowFedora 42: util-linux Critical Buffer Overflow CVE-2025-14104 Advisory
fix setpwnam() buffer use [CVE-2025-14104] libblkid: use snprintf() instead of sprintf(). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-fc18ab1e37 2025-12-21 00:50:40.670499+00:00 -------------------------------------------------------------------------------- Name : util-linux Product : Fedora 42 Version : 2.40.4 Release : 8.fc42 URL : https://en.wikipedia.org/wiki/Util-linux Summary : Collection of basic system utilities Description : The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program. -------------------------------------------------------------------------------- Update Information: fix setpwnam() buffer use [CVE-2025-14104] libblkid: use snprintf() instead of sprintf() -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 15 2025 Karel Zak - 2.40.4-8 - fix setpwnam() buffer use [CVE-2025-14104] - libblkid: use snprintf() instead of sprintf() -------------------------------------------------------------------------------- References: [ 1 ] Bug #2419370 - CVE-2025-14104 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2419370 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-fc18ab1e37' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 21, 2025
•Critical
Fedora
89
security advisoryfedoracriticalFedora 43: util-linux Update 2.41.4 Urgent CVE-2025-14105
upstream stable upgrade from 2.41.1 to 2.41.3 (CVE-2025-14104 and other issues). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-40fe2fec53 2025-12-17 01:12:56.966742+00:00 -------------------------------------------------------------------------------- Name : util-linux Product : Fedora 43 Version : 2.41.3 Release : 7.fc43 URL : https://en.wikipedia.org/wiki/Util-linux Summary : Collection of basic system utilities Description : The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program. -------------------------------------------------------------------------------- Update Information: upstream stable upgrade from 2.41.1 to 2.41.3 (CVE-2025-14104 and other issues) -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 15 2025 Karel Zak - 2.41.3-7 - upgrade to upstream release v2.41.3 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-40fe2fec53' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 17, 2025
•Critical
Fedora
91
security advisoryhigh severitygentooGentoo: GLSA-202402-15 High: e2fsprogs Arbitrary Code Execution
A vulnerability has been discovered in e2fsprogs which can lead to arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202402-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: e2fsprogs: Arbitrary Code Execution Date: February 18, 2024 Bugs: #838388 ID: 202402-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in e2fsprogs which can lead to arbitrary code execution. Background ========== e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 file systems. Affected packages ================= Package Vulnerable Unaffected ---------------- ------------ ------------ sys-fs/e2fsprogs < 1.46.6 > = 1.46.6 Description =========== Multiple vulnerabilities have been discovered in e2fsprogs. Please review the CVE identifiers referenced below for details. Impact ====== An out-of-bounds read/write vulnerability was found in e2fsprogs. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. Workaround ========== There is no known workaround at this time. Resolution ========== All e2fsprogs users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-fs/e2fsprogs-1.46.6" References ========== [ 1 ] CVE-2022-1304 https://nvd.nist.gov/vuln/detail/CVE-2022-1304 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202402-15 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is ofutmost importance to us. Any security concerns should be addressed to
Feb 18, 2024
Gentoo
89
security advisorybuffer overflowFedoraFedora 38: FEDORA-2023-7e4b4f49c1 Important: Procps-ng Vulnerability Patch
Possible buffer overflow in 'ps' (CVE-2023-4016). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-30c3ca07eb 2023-08-21 00:57:49.823939 -------------------------------------------------------------------------------- Name : procps-ng Product : Fedora 38 Version : 3.3.17 Release : 11.fc38 URL : https://sourceforge.net/projects/procps-ng/ Summary : System and process monitoring utilities Description : The procps package contains a set of system utilities that provide system information. Procps includes ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, pidof, pmap, slabtop, w, watch, pwdx and pidwait. The ps command displays a snapshot of running processes. The top command provides a repetitive update of the statuses of running processes. The free command displays the amounts of free and used memory on your system. The skill command sends a terminate command (or another specified signal) to a specified set of processes. The snice command is used to change the scheduling priority of specified processes. The tload command prints a graph of the current system load average to a specified tty. The uptime command displays the current time, how long the system has been running, how many users are logged on, and system load averages for the past one, five, and fifteen minutes. The w command displays a list of the users who are currently logged on and what they are running. The watch program watches a running program. The vmstat command displays virtual memory statistics about processes, memory, paging, block I/O, traps, and CPU activity. The pwdx command reports the current working directory of a process or processes. The pidwait command waits for processes of specified names. -------------------------------------------------------------------------------- Update Information: Possible buffer overflow in 'ps'(CVE-2023-4016) -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 15 2023 Jan Rybar - 3.3.17-11 - CVE-2023-4016: ps: possible buffer overflow - Resolves: bz#2230186 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2230186 - CVE-2023-4016 procps-ng: procps: ps buffer overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2230186 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-30c3ca07eb' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Aug 21, 2023
•Important
Fedora
219
security advisoryupdatebug fixRocky Linux 8: RLBA-2021:2568 Unknown: Kexec-Tools Bug Fix
kexec-tools bug fix and enhancement update. \{'type': 'BugFix', 'shortCode': 'RL', 'name': 'RLBA-2021:2568', 'synopsis': 'kexec-tools bug fix and enhancement update', 'severity': 'UnknownSeverity', 'topic': 'An update for kexec-tools is now available for Rocky Linux 8.', 'description': 'The kexec-tools packages contain the /sbin/kexec binary and utilities that\ntogether form the user-space component of the kernel's kexec feature. The\n/sbin/kexec binary facilitates a new kernel to boot using the kernel's\nkexec feature either on a normal or a panic reboot. The kexec fastboot\nmechanism allows booting a Linux kernel from the context of an already\nrunning kernel.\n/usr/lib/dracut/modules.d/99kdumpbase/module-setup.sh: line 145: ipcalc:\ncommand not found (BZ#1959655)', 'solution': None, 'affectedProducts': ['Rocky Linux 8'], 'fixes': [], 'cves': ['Red Hat:::https://access.redhat.com/errata/RHBA-2021:2568:::RHBA-2021:2568'], 'references': [], 'publishedAt': '2021-07-22T18:25:11.687895Z', 'rpms': ['kexec-tools-2.0.20-46.el8_4.1.aarch64.rpm', 'kexec-tools-2.0.20-46.el8_4.1.src.rpm', 'kexec-tools-2.0.20-46.el8_4.1.x86_64.rpm', 'kexec-tools-debuginfo-2.0.20-46.el8_4.1.aarch64.rpm', 'kexec-tools-debuginfo-2.0.20-46.el8_4.1.x86_64.rpm', 'kexec-tools-debugsource-2.0.20-46.el8_4.1.aarch64.rpm', 'kexec-tools-debugsource-2.0.20-46.el8_4.1.x86_64.rpm']}\. Debian Linux issues an update notification for dpkg highlighting critical patches and improvements to guarantee reliable performance.. Rocky Linux,kexec-tools update,security advisory,system utilities. . LinuxSecurity.com Team
Sep 02, 2022
Rocky Linux
89
security advisoryfedoracriticalFedora 35: FEDORA-2022-b7de97d0a9 Critical: Util-linux chfn and chsh Fix
Upstream upgrade to fix chfn and chsh issue (CVE-2022-0563).. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-b7de97d0a9 2022-02-16 01:25:55.828567 --------------------------------------------------------------------------------Name : util-linux Product : Fedora 35 Version : 2.37.4 Release : 1.fc35 URL : https://en.wikipedia.org/wiki/Util-linux Summary : Collection of basic system utilities Description : The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program. --------------------------------------------------------------------------------Update Information: Upstream upgrade to fix chfn and chsh issue (CVE-2022-0563). --------------------------------------------------------------------------------ChangeLog: * Mon Feb 14 2022 Karel Zak - 2.37.4-1 * upgrade to v2.37.4 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-b7de97d0a9' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Feb 15, 2022
•Critical
Fedora
89
security advisoryunauthorized accessFedoraFedora 35: 2022-9d02441b24 Critical: Util-linux Libmount Issues
Security bugs in libmount, CVE-2021-3996 and CVE-2021-3995.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-9d02441b24 2022-02-05 01:21:20.735990 --------------------------------------------------------------------------------Name : util-linux Product : Fedora 35 Version : 2.37.3 Release : 1.fc35 URL : https://en.wikipedia.org/wiki/Util-linux Summary : Collection of basic system utilities Description : The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program. --------------------------------------------------------------------------------Update Information: Security bugs in libmount, CVE-2021-3996 and CVE-2021-3995. --------------------------------------------------------------------------------ChangeLog: * Mon Jan 24 2022 Karel Zak - 2.37.3-1 * upgrade to v2.37.3 --------------------------------------------------------------------------------References: [ 1 ] Bug #2024628 - CVE-2021-3996 util-linux: Unauthorized unmount of filesystems in libmount https://bugzilla.redhat.com/show_bug.cgi?id=2024628 [ 2 ] Bug #2024631 - CVE-2021-3995 util-linux: Unauthorized unmount of FUSE filesystems belonging to users with similar uid https://bugzilla.redhat.com/show_bug.cgi?id=2024631 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-9d02441b24' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Feb 04, 2022
•Critical
Fedora
98
security advisoryRed HatupdateRed Hat: RHSA-2019-2401-01 Important: Procps-ng Heap Overflow
An update for procps-ng is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: procps-ng security update Advisory ID: RHSA-2019:2401-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2401 Issue date: 2019-08-07 CVE Names: CVE-2018-1124 ==================================================================== 1. Summary: An update for procps-ng is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.3) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.3) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.3) - x86_64 3. Description: The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix(es): * procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124) For more details about the security issue(s), including the impact, aCVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1575465 - CVE-2018-1124 procps-ng, procps: Integer overflows leading to heap overflow in file2strvec 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.3): Source: procps-ng-3.3.10-10.el7_3.1.src.rpm x86_64: procps-ng-3.3.10-10.el7_3.1.i686.rpm procps-ng-3.3.10-10.el7_3.1.x86_64.rpm procps-ng-debuginfo-3.3.10-10.el7_3.1.i686.rpm procps-ng-debuginfo-3.3.10-10.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.3): Source: procps-ng-3.3.10-10.el7_3.1.src.rpm ppc64le: procps-ng-3.3.10-10.el7_3.1.ppc64le.rpm procps-ng-debuginfo-3.3.10-10.el7_3.1.ppc64le.rpm x86_64: procps-ng-3.3.10-10.el7_3.1.i686.rpm procps-ng-3.3.10-10.el7_3.1.x86_64.rpm procps-ng-debuginfo-3.3.10-10.el7_3.1.i686.rpm procps-ng-debuginfo-3.3.10-10.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.3): Source: procps-ng-3.3.10-10.el7_3.1.src.rpm x86_64: procps-ng-3.3.10-10.el7_3.1.i686.rpm procps-ng-3.3.10-10.el7_3.1.x86_64.rpm procps-ng-debuginfo-3.3.10-10.el7_3.1.i686.rpm procps-ng-debuginfo-3.3.10-10.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.3): x86_64: procps-ng-debuginfo-3.3.10-10.el7_3.1.i686.rpm procps-ng-debuginfo-3.3.10-10.el7_3.1.x86_64.rpm procps-ng-devel-3.3.10-10.el7_3.1.i686.rpm procps-ng-devel-3.3.10-10.el7_3.1.x86_64.rpm procps-ng-i18n-3.3.10-10.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v.7.3): ppc64le: procps-ng-debuginfo-3.3.10-10.el7_3.1.ppc64le.rpm procps-ng-devel-3.3.10-10.el7_3.1.ppc64le.rpm procps-ng-i18n-3.3.10-10.el7_3.1.ppc64le.rpm x86_64: procps-ng-debuginfo-3.3.10-10.el7_3.1.i686.rpm procps-ng-debuginfo-3.3.10-10.el7_3.1.x86_64.rpm procps-ng-devel-3.3.10-10.el7_3.1.i686.rpm procps-ng-devel-3.3.10-10.el7_3.1.x86_64.rpm procps-ng-i18n-3.3.10-10.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.3): x86_64: procps-ng-debuginfo-3.3.10-10.el7_3.1.i686.rpm procps-ng-debuginfo-3.3.10-10.el7_3.1.x86_64.rpm procps-ng-devel-3.3.10-10.el7_3.1.i686.rpm procps-ng-devel-3.3.10-10.el7_3.1.x86_64.rpm procps-ng-i18n-3.3.10-10.el7_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2018-1124 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXUq349zjgjWX9erEAQjtHg/7BHHiUq+3tvjE+GezfxDHtwy8htzT/xC6 yjwc0LkvIOxvjwyqSipoA2YzcY7b0pMzW3z5rT1TL4JiAiAy4/lEu9eprVGYIhR9 oXwg97CFxzdewjrB0YA7zc/JFcjIph95orZAV9xC1hMxHtETqVk/Xa6smJzfbOv3 DfJNVUhzWR8h3cfF6CROqjy/xbT50PMbKf3TFhKSvvjdPpLxIKW6d8cDBNHHHLH6 UP0JcsvdaUgYx4QkF956hv+vf7Wv5OY11d7IPVywRa+ulIzbKg/K82Mugke8bdsY F/nde9d7LpG+tTxcnpvEQykawYC23yYes4DXM2sAxF54xF7sE/VKaTal2BPwVilu 1CTHr7RW9U3InDWv5z+yrxTxVEBuiX+4O9EhOALr4a8MzUFOKIaCcZexwVu9fRLl WG5V3+IDkjyEDL1vV+FsHzNWer+f3MHemto4bIcq8Mw3VSSO4pLd4HQHVWxHSz// OJR4lldadOARGGceXFeCl6fw6hIRlCU9Dharp/GG6YEXP+YuGUA6nCxlSX6/hX2P xDgJSUFykFRSIPhvBmrJNBgjJ+IKuielSuYBdmgBR+w8WP/SDpsDxsFlvdPHL+aX k5sngBIzi8/OGrb46GOiajWjz9p2FmGsuh8S9f2U9myWHZMgCxLucobhqYj8nvgs aIjZeV+3Hj4=2Qc+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 07, 2019
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!