Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
100
security advisorySuSEimportantSUSE Linux Micro 6.1 libsoup Important Security Update 2026-20360-1
An update that solves four vulnerabilities can now be installed.. # Security update for libsoup Announcement ID: SUSE-SU-2026:20360-1 Release Date: 2026-01-19T11:44:51Z Rating: important References: * bsc#1252555 * bsc#1254876 * bsc#1256399 * bsc#1256418 Cross-References: * CVE-2025-12105 * CVE-2025-14523 * CVE-2026-0716 * CVE-2026-0719 CVSS scores: * CVE-2025-12105 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-12105 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-12105 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-14523 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-14523 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2025-14523 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-0716 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-0716 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L * CVE-2026-0716 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-0719 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-0719 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-0719 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves four vulnerabilities can now be installed. ## Description: This update for libsoup fixes the following issues: * CVE-2025-14523: flaw in HTTP header handling can lead to host header parsing discrepancy between servers and proxies and allow for request smuggling, cache poisoning and bypass of access controls (bsc#1254876). * CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion can lead to undefined behavior or crash (bsc#1252555). * CVE-2026-0716: Fixed out-of-bounds read for websocket(bsc#1256418). * CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-379=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libsoup-3_0-0-debuginfo-3.4.4-slfo.1.1_6.1 * libsoup-debugsource-3.4.4-slfo.1.1_6.1 * libsoup-3_0-0-3.4.4-slfo.1.1_6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12105.html * https://www.suse.com/security/cve/CVE-2025-14523.html * https://www.suse.com/security/cve/CVE-2026-0716.html * https://www.suse.com/security/cve/CVE-2026-0719.html * https://bugzilla.suse.com/show_bug.cgi?id=1252555 * https://bugzilla.suse.com/show_bug.cgi?id=1254876 * https://bugzilla.suse.com/show_bug.cgi?id=1256399 * https://bugzilla.suse.com/show_bug.cgi?id=1256418 . Fixes four important security issues in libsoup for SUSE Linux. Update now for enhanced protection and performance.. libsoup update, SUSE security, request smuggling, security patch. . Severity: Important. LinuxSecurity.com Team
Feb 17, 2026
•Important
SuSE
100
security advisorymoderateSuSESUSE: iputils Moderate Integer Overflow Fix CVE-2025-47268 2025:1771-1
* bsc#1242300 * bsc#1243284 Cross-References: * CVE-2025-47268 . # Security update for iputils Announcement ID: SUSE-SU-2025:1771-1 Release Date: 2025-10-31T09:58:22Z Rating: moderate References: * bsc#1242300 * bsc#1243284 Cross-References: * CVE-2025-47268 CVSS scores: * CVE-2025-47268 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-47268 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2025-47268 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for iputils fixes the following issues: Security fixes: * CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300). Other bug fixes: * Fixed incorrect IPV4 TTL value when using SOCK_DGRAM on big endian systems (bsc#1243284). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1771=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1771=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-1771=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1771=1 ## Package List: * SUSE Linux Enterprise Server 15 SP3 LTSS(aarch64 ppc64le s390x x86_64) * rarpd-s20161105-150000.8.11.1 * iputils-debuginfo-s20161105-150000.8.11.1 * rarpd-debuginfo-s20161105-150000.8.11.1 * iputils-s20161105-150000.8.11.1 * iputils-debugsource-s20161105-150000.8.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * rarpd-s20161105-150000.8.11.1 * iputils-debuginfo-s20161105-150000.8.11.1 * rarpd-debuginfo-s20161105-150000.8.11.1 * iputils-s20161105-150000.8.11.1 * iputils-debugsource-s20161105-150000.8.11.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * rarpd-s20161105-150000.8.11.1 * iputils-debuginfo-s20161105-150000.8.11.1 * rarpd-debuginfo-s20161105-150000.8.11.1 * iputils-s20161105-150000.8.11.1 * iputils-debugsource-s20161105-150000.8.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * rarpd-s20161105-150000.8.11.1 * iputils-debuginfo-s20161105-150000.8.11.1 * rarpd-debuginfo-s20161105-150000.8.11.1 * iputils-s20161105-150000.8.11.1 * iputils-debugsource-s20161105-150000.8.11.1 ## References: * https://www.suse.com/security/cve/CVE-2025-47268.html * https://bugzilla.suse.com/show_bug.cgi?id=1242300 * https://bugzilla.suse.com/show_bug.cgi?id=1243284 . Update for iputils on SUSE fixes a critical integer overflow vulnerability with moderate severity and installation instructions.. iputils security fix, SUSE patch updates, integer overflow vulnerability, Linux package manager. . LinuxSecurity.com Team
Oct 31, 2025
SuSE
100
security advisorymoderateSuSESUSE Linux Micro 6.0: Advisory 2025:20717-1 for rust-keylime CVE-2025-55159
* bsc#1242623 * bsc#1247193 * bsc#1248006 Cross-References: . # Security update for rust-keylime Announcement ID: SUSE-SU-2025:20717-1 Release Date: 2025-09-16T07:49:07Z Rating: moderate References: * bsc#1242623 * bsc#1247193 * bsc#1248006 Cross-References: * CVE-2024-58266 * CVE-2025-3416 * CVE-2025-55159 CVSS scores: * CVE-2024-58266 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-58266 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-58266 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2024-58266 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-3416 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-3416 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-3416 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-55159 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-55159 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-55159 ( NVD ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Micro 6.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for rust-keylime fixes the following issues: * Update vendored crate slab to version 0.4.11 * CVE-2025-55159: Fixed incorrect bounds check in get_disjoint_mut function leading to undefined behavior or potential crash due to out-of-bounds access (bsc#1248006) * Update to version 0.2.8+12: * build(deps): bump actions/checkout from 4 to 5 * build(deps): bump cfg-if from 1.0.0 to 1.0.1 * build(deps): bump openssl from 0.10.72 to 0.10.73 * build(deps): bump clap from 4.5.39 to 4.5.45 * build(deps): bump pest from 2.8.0 to2.8.1 * Fix clippy warnings * Use verifier-provided interval for continuous attestation timing * Add meta object with seconds_to_next_attestation to evidence response * Fix boot time retrieval * Fix IMA log format (it must be ['text/plain']) (#1073) * Remove unnecessary configuration fields * cargo: Bump retry-policies to version 0.4.0 * Update vendored crate shlex to version 1.3.0 * CVE-2024-58266: Fixed command injection (bsc#1247193) * Update to version 0.2.7+141: * service: Use WantedBy=multi-user.target * rpm: Add subpackage for push-attestation agent * push-model: implement continuous attestation with configurable intervals * Retry registration forever in the state machine * Add Verifier URL to configuration * Align exp.backoff to current configuration format * Increase coverage of state machine (using Context) * Increase coverage of struct_filler.rs * Groom code (remove dead code) * Fix exponential backoff (10secs, 4xx accepted) * test: Add documentation test to tests/run.sh * tpm: Avoid running code example during documentation tests * state_machine: Always start the agent from the Unregistered state * Add fixes for the URL construction * Refactor evidences collection in push attestation agent * push-model: refactor attestation logic into a state machine * Fix body sending by allowing serializing strings (#1057) * Log ResilientClient errors/response status codes (#1055) * Add AK signing scheme and hash algorithm to negotiation * tpm: Add method to extract signing scheme and hash algorithm from AK * Allow custom content-type/accept headers * Integrate exponential backoff to registration (#1052) * keylime/structures: Rename ShaValues to PcrBanks * Add resilient_client for exponential backoff (#1048) * Update vendored crate openssl 0.10.73: * CVE-2025-3416: Fixed Use-After-Free in Md::fetch and Cipher::fetch (bsc#1242623) * Update to version 0.2.7+117: * Increase coverage in evidence handling structure * AddCapabilities Negotiations resp. missing fields * Fix UEFI test to check file access in all cases * context_info_handler: Do not assume /var/lib/keylime exists * Fix clippy warnings about uninlined format arguments * attestation: Allow unwrap() in tests * Increase coverage (groom code, extend unit tests) * Include IMA/UEFI logs in Evidence Handling request * Include method to get all IMA entries as string * Send correct list of pcr banks and sign algorithms * Try to fix TPM tests related issues * Define attestation perform asynchronous * Perform attestation in push model agent binary * Refactor code to use new attestation.rs * Create attestation.rs for Attestation stuff * Move ContextInfo management to its own handler * Adjust context_info.rs after rebase * Add attestation function to ContextInfo structure * Add prohibited signing algorithms, avoid ecschnorr * keylime/config: Use macro to implement PushModelConfigTrait * Introduce keylime-macros and define_view_trait * config: Remove KeylimeConfig structure * config: Remove unnecessary options and lazy initialization * Fix pcr_bank function to send all possible slots * Send Content-Type:application/json on request (#1039) * Send correct 'key_algorithm' in certification_keys (#1035) * Push Model: Persist Attestation Key to file * Add Keylime push model binary to root GNUmakefile * Use singleton to avoid multiple Context allocation * tests: Do not assume `/var/lib/keylime` exists (#1030) * lib/cert: Fix race condition due to use of same file path * payloads: Fix race condition in tests * Add uefi_log_handler.rs to parse UEFI binary * Use IMA log parser to send correct entry count * Add IMA log parser * build(deps): bump once_cell from 1.19.0 to 1.21.3 * lib/config/base.rs: Add more unit tests * lib/permissions: Add unit tests * keylime-agent: move JsonWrapper from common.rs to the library * lib/agent_data: Move agent_data related tests from common * common: Replace APIVersion with thelibrary Version structure * keylime_agent: Move secure_mount.rs to the library * lib: Rename keylime_error.rs as error.rs * config: Move config to keylime library * config: Rename push_model_config to push_model * lib: Move permissions.rs from keylime-agent to the lib * Extract Capabilities Negotiation info from TPM (#1014) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-461=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * rust-keylime-debuginfo-0.2.8+12-1.1 * rust-keylime-0.2.8+12-1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-58266.html * https://www.suse.com/security/cve/CVE-2025-3416.html * https://www.suse.com/security/cve/CVE-2025-55159.html * https://bugzilla.suse.com/show_bug.cgi?id=1242623 * https://bugzilla.suse.com/show_bug.cgi?id=1247193 * https://bugzilla.suse.com/show_bug.cgi?id=1248006 . Update for rust-keylime resolves three issues including command injection and undefined behavior in SUSE Linux Micro 6.0.. rust-keylime update, SUSE Linux Micro 6.0, moderate security patch. . LinuxSecurity.com Team
Sep 26, 2025
SuSE
100
security advisorymoderateupdateSUSE: 2024:4157-1 moderate: bpftool fix for undefined behavior
* bsc#1232258 Cross-References: * CVE-2024-49987 . # Security update for bpftool Announcement ID: SUSE-SU-2024:4157-1 Release Date: 2024-12-03T14:26:58Z Rating: moderate References: * bsc#1232258 Cross-References: * CVE-2024-49987 CVSS scores: * CVE-2024-49987 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2024-49987 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-49987 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for bpftool fixes the following issues: * CVE-2024-49987: Fixed undefined behavior in qsort(NULL, 0, ...) (bsc#1232258) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-4157=1 openSUSE-SLE-15.6-2024-4157=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-4157=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * bpftool-debugsource-6.4.0-150600.19.6.1 * bpftool-debuginfo-6.4.0-150600.19.6.1 * bpftool-6.4.0-150600.19.6.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * bpftool-debugsource-6.4.0-150600.19.6.1 * bpftool-debuginfo-6.4.0-150600.19.6.1 * bpftool-6.4.0-150600.19.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-49987.html * https://bugzilla.suse.com/show_bug.cgi?id=1232258 . Critical patch for bpftool is now available, mitigating CVE-2024-49987, which deals with concerns related tounpredictable behavior.. bpftool security update, SUSE patch management, CVE-2024-49987 fix. . LinuxSecurity.com Team
Dec 03, 2024
SuSE
172
security advisoryDoSUbuntuUbuntu 24.04 LTS: USN-7114-1 critical: glib2.0 DoS Risk
GLib could be made to crash or other undefined behavior if it received a specially crafted input.. ========================================================================== Ubuntu Security Notice USN-7114-1 November 18, 2024 glib2.0 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: GLib could be made to crash or other undefined behavior if it received a specially crafted input. Software Description: - glib2.0: GLib library of C routines Details: It was discovered that Glib incorrectly handled certain trailing characters. An attacker could possibly use this issue to cause a crash or other undefined behavior. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libglib2.0-0t64 2.80.0-6ubuntu3.2 libglib2.0-bin 2.80.0-6ubuntu3.2 Ubuntu 22.04 LTS libglib2.0-0 2.72.4-0ubuntu2.4 libglib2.0-bin 2.72.4-0ubuntu2.4 Ubuntu 20.04 LTS libglib2.0-0 2.64.6-1~ubuntu20.04.8 libglib2.0-bin 2.64.6-1~ubuntu20.04.8 Ubuntu 18.04 LTS libglib2.0-0 2.56.4-0ubuntu0.18.04.9+esm4 Available with Ubuntu Pro libglib2.0-bin 2.56.4-0ubuntu0.18.04.9+esm4 Available with Ubuntu Pro Ubuntu 16.04 LTS libglib2.0-0 2.48.2-0ubuntu4.8+esm4 Available with Ubuntu Pro libglib2.0-bin 2.48.2-0ubuntu4.8+esm4 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7114-1 CVE-2024-52533 Package Information: https://launchpad.net/ubuntu/+source/glib2.0/2.80.0-6ubuntu3.2 . Ubuntu Security Alert USN-7115-2 emphasizes a critical GLib vulnerability leading to system instability and unpredictable behavior. Ensure to update promptly!. Ubuntu Updates, glib2.0 Advisory, Security Issue, Update Instructions. . Severity: Critical. LinuxSecurity.com Team
Nov 18, 2024
•Critical
Ubuntu
197
security advisorysecurity issuecriticalDebian 9: DLA-2672-1 Critical Imagemagick Undefined Behavior Advisory
Multiple security issues have been discovered in imagemagick. CVE-2020-27751 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2672-1
Jun 03, 2021
•Critical
Debian LTS
89
security advisorycriticalsoftware updateFedora 34: 2021-3f001ba18b Critical: Pngcheck Undefined Behavior
New upstream release 3.0.3. Fixes #1949800, in which certain invalid PNG data could cause an integer division-by-zero, invoking undefined behavior.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-3f001ba18b 2021-05-05 01:20:25.877430 --------------------------------------------------------------------------------Name : pngcheck Product : Fedora 34 Version : 3.0.3 Release : 1.fc34 URL : http://www.libpng.org/pub/png/apps/pngcheck.html Summary : Verifies the integrity of PNG, JNG and MNG files Description : pngcheck verifies the integrity of PNG, JNG and MNG files (by checking the internal 32-bit CRCs [checksums] and decompressing the image data); it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statistics about an image (dimensions, bit depth, etc.); to list the color and transparency info in its palette (assuming it has one); or to extract the embedded text annotations. This is a command-line program with batch capabilities. The current release supports all PNG, MNG and JNG chunks, including the newly approved sTER stereo-layout chunk. It correctly reports errors in all but two of the images in Chris Nokleberg's brokensuite-20061204. --------------------------------------------------------------------------------Update Information: New upstream release 3.0.3. Fixes #1949800, in which certain invalid PNG data could cause an integer division-by-zero, invoking undefined behavior. --------------------------------------------------------------------------------ChangeLog: * Mon Apr 26 2021 Benjamin A. Beasley - 3.0.3-1 - New upstream release 3.0.3 (fixes #1949800) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-3f001ba18b' at the command line.For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 04, 2021
•Critical
Fedora
89
security advisorysoftware updateFedoraFedora 32: FEDORA-2021-eb5d6cf9f6 Moderate: pngcheck Integer Issue
Backported fix for #1949800, in which certain invalid PNG data could cause an integer division-by-zero, invoking undefined behavior, from upstream release 3.0.3.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-eb5d6cf9f6 2021-05-05 01:04:23.530340 --------------------------------------------------------------------------------Name : pngcheck Product : Fedora 32 Version : 2.4.0 Release : 8.fc32 URL : http://www.libpng.org/pub/png/apps/pngcheck.html Summary : Verifies the integrity of PNG, JNG and MNG files Description : pngcheck verifies the integrity of PNG, JNG and MNG files (by checking the internal 32-bit CRCs [checksums] and decompressing the image data); it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statistics about an image (dimensions, bit depth, etc.); to list the color and transparency info in its palette (assuming it has one); or to extract the embedded text annotations. This is a command-line program with batch capabilities. The current release supports all PNG, MNG and JNG chunks, including the newly approved sTER stereo-layout chunk. It correctly reports errors in all but two of the images in Chris Nokleberg's brokensuite-20061204. --------------------------------------------------------------------------------Update Information: Backported fix for #1949800, in which certain invalid PNG data could cause an integer division-by-zero, invoking undefined behavior, from upstream release 3.0.3. --------------------------------------------------------------------------------ChangeLog: * Mon Apr 26 2021 Benjamin A. Beasley - 2.4.0-8 - Backport fix for RHBZ#1949800 from upstream release 3.0.3 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2021-eb5d6cf9f6' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 04, 2021
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!