Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
100
security advisorymoderateSuSESUSE: 2025:02231-1 moderate: valkey stack overflow and underflow
* bsc#1243061 * bsc#1243804 * bsc#1243913 Cross-References: . # Security update for valkey Announcement ID: SUSE-SU-2025:02231-1 Release Date: 2025-07-07T07:50:17Z Rating: moderate References: * bsc#1243061 * bsc#1243804 * bsc#1243913 Cross-References: * CVE-2025-27151 * CVE-2025-49112 CVSS scores: * CVE-2025-27151 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-27151 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-49112 ( SUSE ): 2.3 CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-49112 ( SUSE ): 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-49112 ( NVD ): 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for valkey fixes the following issues: * CVE-2025-27151: Absence of filename size check may cause a stack overflow (bsc#1243804). * CVE-2025-49112: setDeferredReply integer underflow (bsc#1243913). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-2231=1 openSUSE-SLE-15.6-2025-2231=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-2231=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * valkey-devel-8.0.2-150600.13.11.1 * valkey-8.0.2-150600.13.11.1 * valkey-debuginfo-8.0.2-150600.13.11.1 * valkey-debugsource-8.0.2-150600.13.11.1 * openSUSE Leap 15.6 (noarch) *valkey-compat-redis-8.0.2-150600.13.11.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * valkey-devel-8.0.2-150600.13.11.1 * valkey-8.0.2-150600.13.11.1 * valkey-debuginfo-8.0.2-150600.13.11.1 * valkey-debugsource-8.0.2-150600.13.11.1 * Server Applications Module 15-SP6 (noarch) * valkey-compat-redis-8.0.2-150600.13.11.1 ## References: * https://www.suse.com/security/cve/CVE-2025-27151.html * https://www.suse.com/security/cve/CVE-2025-49112.html * https://bugzilla.suse.com/show_bug.cgi?id=1243061 * https://bugzilla.suse.com/show_bug.cgi?id=1243804 * https://bugzilla.suse.com/show_bug.cgi?id=1243913 . SUSE issues alert for two moderate flaws in valkey software, prompting urgent action for system security maintenance.. SUSE updates,valkey security,moderate vulnerability,software patching. . LinuxSecurity.com Team
Jul 07, 2025
SuSE
203
security advisoryinteger issuemageiaMageia 9 MGASA-2025-0018 moderate: raptor2 integer underflow
In the Raptor RDF Syntax Library there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path(). References: - https://bugs.mageia.org/show_bug.cgi?id=33929 . MGASA-2025-0018 - Updated raptor2 packages fix security vulnerability Publication date: 20 Jan 2025 URL: https://advisories.mageia.org/MGASA-2025-0018.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-57823 In the Raptor RDF Syntax Library there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path(). References: - https://bugs.mageia.org/show_bug.cgi?id=33929 - - https://www.cve.org/CVERecord?id=CVE-2024-57823 SRPMS: - 9/core/raptor2-2.0.15-23.1.mga9 . The latest raptor2 package revisions tackle the integer underflow vulnerability highlighted in Mageia advisory MGASA-2025-0018.. raptor RDF, integer underflow, security updates, Mageia advisory, software fixes. . LinuxSecurity.com Team
Jan 20, 2025
Mageia
100
security advisoryimportantfixSUSE: 2022:2037-1 Important Grub2 Buffer Underflow Fix Advisory
An update that solves 6 vulnerabilities and has three fixes is now available. . SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2037-1 Rating: important References: #1191184 #1191185 #1191186 #1193282 #1197948 #1198460 #1198493 #1198496 #1198581 Cross-References: CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28736 CVSS scores: CVE-2021-3695 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-3696 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3697 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-28733 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-28736 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has three fixes is now available. Description: This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap(bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2037=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2037=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2037=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2037=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2037=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2037=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): grub2-snapper-plugin-2.02-137.2 grub2-systemd-sleep-plugin-2.02-137.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): grub2-2.02-137.2 grub2-debuginfo-2.02-137.2 grub2-debugsource-2.02-137.2 grub2-i386-pc-2.02-137.2 grub2-x86_64-efi-2.02-137.2 grub2-x86_64-xen-2.02-137.2 - SUSE OpenStack Cloud 8 (x86_64): grub2-2.02-137.2 grub2-debuginfo-2.02-137.2 grub2-debugsource-2.02-137.2 grub2-i386-pc-2.02-137.2 grub2-x86_64-efi-2.02-137.2 grub2-x86_64-xen-2.02-137.2 - SUSE OpenStack Cloud 8 (noarch): grub2-snapper-plugin-2.02-137.2 grub2-systemd-sleep-plugin-2.02-137.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): grub2-2.02-137.2 grub2-debuginfo-2.02-137.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le): grub2-powerpc-ieee1275-2.02-137.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): grub2-debugsource-2.02-137.2 grub2-i386-pc-2.02-137.2 grub2-x86_64-efi-2.02-137.2 grub2-x86_64-xen-2.02-137.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): grub2-snapper-plugin-2.02-137.2 grub2-systemd-sleep-plugin-2.02-137.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-137.2 grub2-debuginfo-2.02-137.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-137.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02-137.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): grub2-arm64-efi-2.02-137.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): grub2-snapper-plugin-2.02-137.2 grub2-systemd-sleep-plugin-2.02-137.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): grub2-i386-pc-2.02-137.2 grub2-x86_64-efi-2.02-137.2 grub2-x86_64-xen-2.02-137.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): grub2-s390x-emu-2.02-137.2 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): grub2-snapper-plugin-2.02-137.2 grub2-systemd-sleep-plugin-2.02-137.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): grub2-2.02-137.2 grub2-debuginfo-2.02-137.2 grub2-debugsource-2.02-137.2 grub2-i386-pc-2.02-137.2 grub2-x86_64-efi-2.02-137.2 grub2-x86_64-xen-2.02-137.2 - HPE Helion Openstack 8 (noarch): grub2-snapper-plugin-2.02-137.2 grub2-systemd-sleep-plugin-2.02-137.2 - HPE Helion Openstack 8 (x86_64): grub2-2.02-137.2 grub2-debuginfo-2.02-137.2 grub2-debugsource-2.02-137.2 grub2-i386-pc-2.02-137.2 grub2-x86_64-efi-2.02-137.2 grub2-x86_64-xen-2.02-137.2 References: https://www.suse.com/security/cve/CVE-2021-3695.html https://www.suse.com/security/cve/CVE-2021-3696.html https://www.suse.com/security/cve/CVE-2021-3697.html https://www.suse.com/security/cve/CVE-2022-28733.html https://www.suse.com/security/cve/CVE-2022-28734.html https://www.suse.com/security/cve/CVE-2022-28736.html https://bugzilla.suse.com/1191184 https://bugzilla.suse.com/1191185 https://bugzilla.suse.com/1191186 https://bugzilla.suse.com/1193282 https://bugzilla.suse.com/1197948 https://bugzilla.suse.com/1198460 https://bugzilla.suse.com/1198493 https://bugzilla.suse.com/1198496 https://bugzilla.suse.com/1198581 . SUSE has released a vital update for grub2 that tackles severe vulnerabilities, enhancing the overall protection of systems. Key information included.. SUSE Linux, Grub2 Update, Security Fixes, Advisory Information. . Severity: Important. LinuxSecurity.com Team
Jun 10, 2022
•Important
SuSE
203
security advisorysecurity issueC programmingMageia: 2019-0403 Moderate: htmldoc One-Byte Underflow Vulnerability
Updated htmldoc packages fix security vulnerability: In HTMLDOC, there was a one-byte underflow in htmldoc/ps-pdf.cxx caused by a floating point math difference between GCC and Clang (CVE-2019-19630). . MGASA-2019-0403 - Updated htmldoc packages fix security vulnerability Publication date: 19 Dec 2019 URL: https://advisories.mageia.org/MGASA-2019-0403.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-19630 Updated htmldoc packages fix security vulnerability: In HTMLDOC, there was a one-byte underflow in htmldoc/ps-pdf.cxx caused by a floating point math difference between GCC and Clang (CVE-2019-19630). References: - https://bugs.mageia.org/show_bug.cgi?id=25876 - https://lists.debian.org/debian-lts-announce/2019/12/msg00008.html - https://www.cve.org/CVERecord?id=CVE-2019-19630 SRPMS: - 7/core/htmldoc-1.9.3-2.1.mga7 . Revised htmldoc distributions fix serious vulnerability stemming from discrepancies in mathematical operations between GCC and Clang compilers.. htmldoc update, Mageia security, underflow issue, critical security advisory. . LinuxSecurity.com Team
Dec 19, 2019
Mageia
200
security advisorycriticalphpScientific Linux 6: SLSA-2019-3287-1 Critical: PHP Underflow Exploit
php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) SL6 x86_64 php-5.3.3-50.el6_10.x86_64.rpm php-bcmath-5.3.3-50.el6_10.x86_64.rpm php-cli-5.3.3-50.el6_10.x86_64.rpm php-common-5.3.3-50.el6_10.x86_64.rpm php-dba-5.3.3-50.el6_10.x86_64.rpm php-debuginfo-5.3.3-50.el6_10.x86_64.rpm php-devel-5.3.3-50.el6_10.x86_64.rpm php-embedded-5.3.3-50.el6_10.x86 [More...]. Synopsis: Critical: php security update Advisory ID: SLSA-2019:3287-1 Issue Date: 2019-10-31 CVE Numbers: CVE-2019-11043 -- Security Fix(es): * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) -- SL6 x86_64 php-5.3.3-50.el6_10.x86_64.rpm php-bcmath-5.3.3-50.el6_10.x86_64.rpm php-cli-5.3.3-50.el6_10.x86_64.rpm php-common-5.3.3-50.el6_10.x86_64.rpm php-dba-5.3.3-50.el6_10.x86_64.rpm php-debuginfo-5.3.3-50.el6_10.x86_64.rpm php-devel-5.3.3-50.el6_10.x86_64.rpm php-embedded-5.3.3-50.el6_10.x86_64.rpm php-enchant-5.3.3-50.el6_10.x86_64.rpm php-fpm-5.3.3-50.el6_10.x86_64.rpm php-gd-5.3.3-50.el6_10.x86_64.rpm php-imap-5.3.3-50.el6_10.x86_64.rpm php-intl-5.3.3-50.el6_10.x86_64.rpm php-ldap-5.3.3-50.el6_10.x86_64.rpm php-mbstring-5.3.3-50.el6_10.x86_64.rpm php-mysql-5.3.3-50.el6_10.x86_64.rpm php-odbc-5.3.3-50.el6_10.x86_64.rpm php-pdo-5.3.3-50.el6_10.x86_64.rpm php-pgsql-5.3.3-50.el6_10.x86_64.rpm php-process-5.3.3-50.el6_10.x86_64.rpm php-pspell-5.3.3-50.el6_10.x86_64.rpm php-recode-5.3.3-50.el6_10.x86_64.rpm php-snmp-5.3.3-50.el6_10.x86_64.rpm php-soap-5.3.3-50.el6_10.x86_64.rpm php-tidy-5.3.3-50.el6_10.x86_64.rpm php-xml-5.3.3-50.el6_10.x86_64.rpm php-xmlrpc-5.3.3-50.el6_10.x86_64.rpm php-zts-5.3.3-50.el6_10.x86_64.rpm i386 php-5.3.3-50.el6_10.i686.rpm php-bcmath-5.3.3-50.el6_10.i686.rpm php-cli-5.3.3-50.el6_10.i686.rpm php-common-5.3.3-50.el6_10.i686.rpm php-dba-5.3.3-50.el6_10.i686.rpm php-debuginfo-5.3.3-50.el6_10.i686.rpm php-devel-5.3.3-50.el6_10.i686.rpm php-embedded-5.3.3-50.el6_10.i686.rpm php-enchant-5.3.3-50.el6_10.i686.rpm php-fpm-5.3.3-50.el6_10.i686.rpm php-gd-5.3.3-50.el6_10.i686.rpm php-imap-5.3.3-50.el6_10.i686.rpm php-intl-5.3.3-50.el6_10.i686.rpm php-ldap-5.3.3-50.el6_10.i686.rpm php-mbstring-5.3.3-50.el6_10.i686.rpm php-mysql-5.3.3-50.el6_10.i686.rpm php-odbc-5.3.3-50.el6_10.i686.rpm php-pdo-5.3.3-50.el6_10.i686.rpm php-pgsql-5.3.3-50.el6_10.i686.rpm php-process-5.3.3-50.el6_10.i686.rpm php-pspell-5.3.3-50.el6_10.i686.rpm php-recode-5.3.3-50.el6_10.i686.rpm php-snmp-5.3.3-50.el6_10.i686.rpm php-soap-5.3.3-50.el6_10.i686.rpm php-tidy-5.3.3-50.el6_10.i686.rpm php-xml-5.3.3-50.el6_10.i686.rpm php-xmlrpc-5.3.3-50.el6_10.i686.rpm php-zts-5.3.3-50.el6_10.i686.rpm - Scientific Linux Development Team . Important security patch for Scientific Linux tackling overflow issue in env_path_info, referenced under advisory ID SLSA-2020:4532-3.. php security update, Scientific Linux, underflow issue, fpm_main, SL6. . Severity: Critical. LinuxSecurity.com Team
Nov 01, 2019
•Critical
Scientific Linux
200
security advisorycriticalphpSciLinux SL7: SLSA-2019:3286-1 Critical: PHP Underflow Vulnerability
php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) SL7 x86_64 php-5.4.16-46.1.el7_7.x86_64.rpm php-bcmath-5.4.16-46.1.el7_7.x86_64.rpm php-cli-5.4.16-46.1.el7_7.x86_64.rpm php-common-5.4.16-46.1.el7_7.x86_64.rpm php-dba-5.4.16-46.1.el7_7.x86_64.rpm php-debuginfo-5.4.16-46.1.el7_7.x86_64.rpm php-devel-5.4.16-46.1.el7_7.x86_64.rpm php-embedded-5.4.1 [More...]. Synopsis: Critical: php security update Advisory ID: SLSA-2019:3286-1 Issue Date: 2019-10-31 CVE Numbers: CVE-2019-11043 -- Security Fix(es): * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) -- SL7 x86_64 php-5.4.16-46.1.el7_7.x86_64.rpm php-bcmath-5.4.16-46.1.el7_7.x86_64.rpm php-cli-5.4.16-46.1.el7_7.x86_64.rpm php-common-5.4.16-46.1.el7_7.x86_64.rpm php-dba-5.4.16-46.1.el7_7.x86_64.rpm php-debuginfo-5.4.16-46.1.el7_7.x86_64.rpm php-devel-5.4.16-46.1.el7_7.x86_64.rpm php-embedded-5.4.16-46.1.el7_7.x86_64.rpm php-enchant-5.4.16-46.1.el7_7.x86_64.rpm php-fpm-5.4.16-46.1.el7_7.x86_64.rpm php-gd-5.4.16-46.1.el7_7.x86_64.rpm php-intl-5.4.16-46.1.el7_7.x86_64.rpm php-ldap-5.4.16-46.1.el7_7.x86_64.rpm php-mbstring-5.4.16-46.1.el7_7.x86_64.rpm php-mysql-5.4.16-46.1.el7_7.x86_64.rpm php-mysqlnd-5.4.16-46.1.el7_7.x86_64.rpm php-odbc-5.4.16-46.1.el7_7.x86_64.rpm php-pdo-5.4.16-46.1.el7_7.x86_64.rpm php-pgsql-5.4.16-46.1.el7_7.x86_64.rpm php-process-5.4.16-46.1.el7_7.x86_64.rpm php-pspell-5.4.16-46.1.el7_7.x86_64.rpm php-recode-5.4.16-46.1.el7_7.x86_64.rpm php-snmp-5.4.16-46.1.el7_7.x86_64.rpm php-soap-5.4.16-46.1.el7_7.x86_64.rpm php-xml-5.4.16-46.1.el7_7.x86_64.rpm php-xmlrpc-5.4.16-46.1.el7_7.x86_64.rpm - Scientific Linux Development Team . Urgent patch released for Scientific Linux SL7 focusing on a critical buffer overflow vulnerability in PHP. Prompt action advised.. php update, security patch, critical php fix, Scientific Linux security, SL7 php advisory. . Severity: Critical. LinuxSecurity.com Team
Oct 31, 2019
•Critical
Scientific Linux
89
security advisorymoderateupdateMandriva 2015: 2015-9b7a6c038b Critical libjpeg8 Overflow Issue
An underflow read was found in png_check_keyword in libpng10. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-0a543024bf 2015-12-30 21:35:46.514910 -------------------------------------------------------------------------------- Name : libpng10 Product : Fedora 22 Version : 1.0.66 Release : 1.fc22 URL : http://www.libpng.org/pub/png/libpng.html Summary : Old version of libpng, needed to run old binaries Description : The libpng10 package contains an old version of libpng, a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamically with libpng 1.0.x. -------------------------------------------------------------------------------- Update Information: An underflow read was found in png_check_keyword in libpng10. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1291312 - CVE-2015-8540 libpng: underflow read in png_check_keyword() https://bugzilla.redhat.com/show_bug.cgi?id=1291312 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libpng10' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Dec 31, 2015
•Critical
Fedora
89
security advisoryFedoraupdate notificationFedora 23: FEDORA-2015-3868cfa17b Critical: Libpng10 Underflow Read
An underflow read was found in png_check_keyword in libpng10. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-3868cfa17b 2015-12-28 19:20:02.184175 -------------------------------------------------------------------------------- Name : libpng10 Product : Fedora 23 Version : 1.0.66 Release : 1.fc23 URL : http://www.libpng.org/pub/png/libpng.html Summary : Old version of libpng, needed to run old binaries Description : The libpng10 package contains an old version of libpng, a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamically with libpng 1.0.x. -------------------------------------------------------------------------------- Update Information: An underflow read was found in png_check_keyword in libpng10. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1291312 - CVE-2015-8540 libpng: underflow read in png_check_keyword() https://bugzilla.redhat.com/show_bug.cgi?id=1291312 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libpng10' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Dec 28, 2015
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!