Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
89
security advisoryfedoraimportantFedora 43 pgbouncer Essential Untrusted Search Path Security Fix Update
Update to 1.25.2.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-fad57ac86d 2026-05-18 00:58:32.597423+00:00 -------------------------------------------------------------------------------- Name : pgbouncer Product : Fedora 43 Version : 1.25.2 Release : 1.fc43 URL : https://www.pgbouncer.org Summary : Lightweight connection pooler for PostgreSQL Description : pgbouncer is a lightweight connection pooler for PostgreSQL and uses libevent for low-level socket handling. -------------------------------------------------------------------------------- Update Information: Update to 1.25.2. -------------------------------------------------------------------------------- ChangeLog: * Sat May 9 2026 Simone Caronni - 1.25.2-1 - Update to 1.25.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2419513 - CVE-2025-12819 pgbouncer: Untrusted search path in auth_query connection in PgBouncer [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2419513 [ 2 ] Bug #2419514 - CVE-2025-12819 pgbouncer: Untrusted search path in auth_query connection in PgBouncer [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2419514 [ 3 ] Bug #2419515 - CVE-2025-12819 pgbouncer: Untrusted search path in auth_query connection in PgBouncer [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2419515 [ 4 ] Bug #2419516 - CVE-2025-12819 pgbouncer: Untrusted search path in auth_query connection in PgBouncer [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2419516 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-fad57ac86d' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 18, 2026
•Important
Fedora
91
security advisorygentooprivilege escalationGentoo: GLSA-202007-51 Normal: FileZilla Untrusted Search Path Issue
A vulnerability was found in FileZilla which might allow privilege escalation.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-51 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: FileZilla: Untrusted search path Date: July 27, 2020 Bugs: #717726 ID: 202007-51 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability was found in FileZilla which might allow privilege escalation. Background ========= FileZilla is an open source FTP client. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-ftp/filezilla < 3.47.2.1 > = 3.47.2.1 Description ========== It was discovered that FileZilla uses an untrusted search path. Impact ===== An attacker could use a malicious binary to escalate privileges. Workaround ========= There is no known workaround at this time. Resolution ========= All FileZilla users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-ftp/filezilla-3.47.2.1" References ========= [ 1 ] CVE-2019-5429 https://nvd.nist.gov/vuln/detail/CVE-2019-5429 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202007-51 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jul 26, 2020
Gentoo
91
security advisorygentoocode executionGentoo: GLSA-202301-15 Moderate: GIMP Untrusted Path Execution
An untrusted search path vulnerability in Blender might result in the execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201001-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Blender: Untrusted search path Date: January 13, 2010 Bugs: #245310 ID: 201001-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= An untrusted search path vulnerability in Blender might result in the execution of arbitrary code. Background ========= Blender is a 3D Creation/Animation/Publishing System. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/blender < 2.48a-r3 > = 2.48a-r3 Description ========== Steffen Joeris reported that Blender's BPY_interface calls PySys_SetArgv() in such a way that Python prepends sys.path with an empty string. Impact ===== A local attacker could entice a user to run "blender" from a directory containing a specially crafted Python module, resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround ========= There is no known workaround at this time. Resolution ========= All Blender users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-gfx/blender-2.48a-r3" References ========= [ 1 ] CVE-2008-4863 https://www.cve.org/CVERecord?id=CVE-2008-4863 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201001-07 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Jan 13, 2010
Gentoo
91
security advisoryGentoosoftware updateGentoo GLSA 200904-07 Normal: Xpdf Untrusted Search Path Risk
A vulnerability in Xpdf might allow local attackers to execute arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xpdf: Untrusted search path Date: April 07, 2009 Bugs: #242930 ID: 200904-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in Xpdf might allow local attackers to execute arbitrary code. Background ========= Xpdf is a PDF file viewer that runs under the X Window System. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/xpdf < 3.02-r2 > = 3.02-r2 Description ========== Erik Wallin reported that Gentoo's Xpdf attempts to read the "xpdfrc" file from the current working directory if it cannot find a ".xpdfrc" file in the user's home directory. This is caused by a missing definition of the SYSTEM_XPDFRC macro when compiling a repackaged version of Xpdf. Impact ===== A local attacker could entice a user to run "xpdf" from a directory containing a specially crafted "xpdfrc" file, resulting in the execution of arbitrary code when attempting to, e.g., print a file. Workaround ========= Do not run Xpdf from untrusted working directories. Resolution ========= All Xpdf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-text/xpdf-3.02-r2" References ========= [ 1 ] CVE-2009-1144 https://www.cve.org/CVERecord?id=CVE-2009-1144 Availability =========== This GLSA andany updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200904-07 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Apr 07, 2009
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!