Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
89
security advisoryfedoranetworkingFedora 44 rust-reqsign-aws-v4 Networking Stack Breaking Change Alert
Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the networking stack used by uv. While its developers think that breakage will be rare, it is possible that these changes will result in the rejection of certificates previously trusted by uv so, they have marked the change as breaking out of an abundance of caution. The changes are largely driven by the. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b8b59dcf44 2026-03-28 00:15:26.019955+00:00 -------------------------------------------------------------------------------- Name : rust-reqsign-aws-v4 Product : Fedora 44 Version : 3.0.0 Release : 1.fc44 URL : https://crates.io/crates/reqsign-aws-v4 Summary : AWS SigV4 signing implementation for reqsign Description : AWS SigV4 signing implementation for reqsign. -------------------------------------------------------------------------------- Update Information: Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the networking stack used by uv. While its developers think that breakage will be rare, it is possible that these changes will result in the rejection of certificates previously trusted by uv so, they have marked the change as breaking out of an abundance of caution. The changes are largely driven by the upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included some breaking changes to TLS certificate verification. This update also includes updates for several of uv\u2019s Rust library dependencies. Update rust-openssl-probe to 0.2.1, including breaking changes introduced in 0.2.0, and introduce a new rust-openssl-probe0.1 compat package. Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2. Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option, added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added support for ALPN on the server side. Version 0.2.18 fixed min/maxprotocol selection fallback for very old OpenSSL versions. Add an initial package for rust-webpki-root-certs. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 24 2026 Benjamin A. Beasley - 3.0.0-1 - Update to version 3.0.0; Fixes RHBZ#2432776 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2425802 [ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2425819 [ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432768 [ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432769 [ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432770 [ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432771 [ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432772 [ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432773 [ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432774 [ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432775 [ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432776 [ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432777 [ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432779 [ 14 ]Bug #2436289 - rust-ambient-id-0.0.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=2436289 [ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437941 [ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437942 [ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437976 [ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439752 [ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2450541 [ 20 ] Bug #2450582 - uv-0.11.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2450582 [ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format https://bugzilla.redhat.com/show_bug.cgi?id=2451103 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Critical update for Fedora that addresses changes to the networking stack in rust-reqsign-aws-v4 impacting certificate verification.. Fedora security advisory, rust package update, AWS SigV4 signing implementation. . Severity: Important. LinuxSecurity.com Team
Mar 28, 2026
•Important
Fedora
89
security advisoryFedoraDoSFedora 41: 2024-347164df1c critical: DoS in rust-tonic-build
Update the hyper-rustls crate to version 0.27.3. Update the reqwest crate to version 0.12.8. Update the rustls-native-certs crate to version 0.8.0 and add a compat package for version 0.7. Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-347164df1c 2024-10-15 00:15:42.652894 -------------------------------------------------------------------------------- Name : rust-tonic-build Product : Fedora 41 Version : 0.12.3 Release : 1.fc41 URL : https://crates.io/crates/tonic-build Summary : Codegen module of tonic gRPC implementation Description : Codegen module of `tonic` gRPC implementation. -------------------------------------------------------------------------------- Update Information: Update the hyper-rustls crate to version 0.27.3. Update the reqwest crate to version 0.12.8. Update the rustls-native-certs crate to version 0.8.0 and add a compat package for version 0.7. Update the tonic, tonic-build, and tonic-types crates to version 0.12.3. Update the tower crate to version 0.5.1 and add a compat package for version 0.4. Update the tower-http crate to version 0.6.1 and add a compat package for version 0.5. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 8 2024 Cristian Le - 0.12.3-1 - Update to version 0.12.3 (RHBZ#2314946) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2316020 - CVE-2024-47609 rust-tonic: Remotely exploitable DoS in Tonic `
Oct 15, 2024
•Critical
Fedora
89
security advisoryFedoracross-site scriptingFedora 36: 2022-09-09 MediaWiki Security Advisory - Critical Fixes
MediaWiki 1.37.4 This is a maintenance release of the MediaWiki 1.37 branch. Changes since MediaWiki 1.37.3 Localisation updates. (T311568) UploadBase::setTempFile() handle $tempPath being passed as null. (T311559) SpecialListFiles: user parameter isn't always present. (T311561) ImageListPager: Don't call htmlspecialchars() on null. (T311920). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-f83aec6d57 2022-09-09 11:21:56.289494 --------------------------------------------------------------------------------Name : mediawiki Product : Fedora 36 Version : 1.37.4 Release : 1.fc36 URL : https://www.mediawiki.org/wiki/MediaWiki Summary : A wiki engine Description : MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki/README.RPM. Remember to remove the config dir after completing the configuration. --------------------------------------------------------------------------------Update Information: MediaWiki 1.37.4 This is a maintenance release of the MediaWiki 1.37 branch. Changes since MediaWiki 1.37.3 Localisation updates. (T311568) UploadBase::setTempFile() handle $tempPath being passed as null. (T311559) SpecialListFiles: user parameter isn't always present. (T311561) ImageListPager: Don't call htmlspecialchars() on null. (T311920) SpecialBlockList: Prevent passing null to trim(). (T311921) SpecialUserrights: Don't pass null to str_replace. (T311570) SpecialWithoutInterwiki: Don't pass null through to Title::capitalize(). (T311574, T311576) SpecialLinkSearch: Don't pass null through to the parser. (T312059) Update guzzlehttp/guzzle to 7.4.5 in vendor. (T296435,T297669) cache: Add four fields to LinkCache::getSelectFields. MediaWiki 1.37.3 This is a security and maintenance release of the MediaWiki 1.37 branch. Changes since MediaWiki 1.37.2 Localisation updates. (T289879) Type hints for ArrayAccess and JsonSerializable. (T304783) TemplateParser: avoid warnings when called by NoLocalSettings. Rebuilt vendor with composer 2.3.3. Fix old_name in UserLogoutComplete hook. (T289879) Address some deprecations for PHP 8.1. (T193565) UserGroupManager: Fix dbDomain in addUserToGroup() deferred update. (T309114) LocalFile::prerenderThumbnails: Limit the number of thumbnail jobs triggered. (T307982) Updated wikimedia/parsoid from v0.14.0 to v0.14.1. (T308471) SECURITY: Escape welcomeuser message passed to showSuccessPage(). (T308473) SECURITY: Escape contributions-title msg for use within page title. (T311272) Call parent constructor of AddSite maintenance script first. MediaWiki: Don't eagerly initialize action name. Updated wikimedia/shellbox from v2.0.0 to v2.1.1. (T311384, CVE-2022-27776) Updated guzzlehttp/guzzle from 7.2.0 to 7.4.5. (T289926) Avoid passing null to trim() in SkinTemplate. (T311473) rollbackEdits: Pass user identity to RollbackPage. (T307282) Avoid passing null to strcasecmp(), for PHP 8.1. (T311551) ShellboxClientFactory::getUrl(): Check if $this-> key is null. (T311552) ChangesListSpecialPage: Don't pass null to FormatJson::decode(). (T311569) FileBackend::isStoragePath() Handle being passed null. (T311544) Pass int to ApiUsageException::newWithMessage()'s $httpCode param. (T311678) SpecialEditWatchlist: Prevent passing null to strtolower(). (T281741) ChangeTags: Fix adding CSS classes for hidden tags. (T296642) changetags: Fix management of a '0' tag. (T311554) ChangeTags: Return early in formatSummaryRow() if $tags === null. (T303033) Handle null in ChangeTags::modifyDisplayQuery. Updated wikimedia/common-passwords from 0.3.0 to0.4.0. --------------------------------------------------------------------------------ChangeLog: * Thu Sep 1 2022 Michael Cronenworth - 1.37.4-1 - Update to 1.37.4 - --------------------------------------------------------------------------------References: [ 1 ] Bug #2101639 - MediaWiki 1.37.2 pulls in version of dependency (Parsoid 0.14.0) broken with PHP 8.1 https://bugzilla.redhat.com/show_bug.cgi?id=2101639 [ 2 ] Bug #2102955 - mediawiki-1.38.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2102955 [ 3 ] Bug #2112771 - CVE-2022-34911 mediawiki: Cross-site Scripting [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2112771 [ 4 ] Bug #2112773 - CVE-2022-34912 mediawiki: Username not escaped in the contributions-title message [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2112773 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-f83aec6d57' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Sep 09, 2022
•Critical
Fedora
89
security advisoryFedorasoftware patchFedora 33: 2021-11-25 Security Advisory For Getdata Memory Error
0.11.0, fix use after free, CVE-2021-20204. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-3b8bb26909 2021-11-25 01:04:40.275950 --------------------------------------------------------------------------------Name : getdata Product : Fedora 33 Version : 0.11.0 Release : 1.fc33 URL : Summary : Library for reading and writing dirfile data Description : The GetData Project is the reference implementation of the Dirfile Standards, a filesystem-based database format for time-ordered binary data. The Dirfile database format is designed to provide a fast, simple format for storing and reading data. --------------------------------------------------------------------------------Update Information: 0.11.0, fix use after free, CVE-2021-20204 --------------------------------------------------------------------------------ChangeLog: * Tue Nov 16 2021 Gwyn Ciesla - 0.11.0-1 - 0.11.0 - Spec cleanup. * Thu Jul 22 2021 Fedora Release Engineering - 0.10.0-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Tue Jan 26 2021 Fedora Release Engineering - 0.10.0-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1917635 - Memory corruption (use after free) in getdata v0.10.0 https://bugzilla.redhat.com/show_bug.cgi?id=1917635 [ 2 ] Bug #1956350 - CVE-2021-20204 getdata: Use after free in _GD_Supports() in encoding.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1956350 [ 3 ] Bug #2023520 - getdata-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2023520 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-3b8bb26909' at the command line. For moreinformation, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 24, 2021
•Important
Fedora
89
security advisoryfedoracritical fixFedora 33: 2021-f3ad34aa9f Critical: User Enumeration Security Fix
**Version 3.4.49** (2021-05-19) * security **CVE-2021-21424** [Security\Core] Fix user enumeration via response body on invalid credentials (chalasr) ---- **Version 3.4.48** (2021-05-12) * security **CVE-2021-21424** [Security][Guard] Prevent user enumeration (chalasr). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-f3ad34aa9f 2021-05-28 01:10:41.955472 --------------------------------------------------------------------------------Name : php-symfony3 Product : Fedora 33 Version : 3.4.49 Release : 1.fc33 URL : https://symfony.com Summary : Symfony PHP framework (version 3) Description : Symfony PHP framework (version 3). NOTE: Does not require PHPUnit bridge. --------------------------------------------------------------------------------Update Information: **Version 3.4.49** (2021-05-19) * security **CVE-2021-21424** [Security\Core] Fix user enumeration via response body on invalid credentials (chalasr) ----**Version 3.4.48** (2021-05-12) * security **CVE-2021-21424** [Security][Guard] Prevent user enumeration (chalasr) --------------------------------------------------------------------------------ChangeLog: * Wed May 19 2021 Remi Collet - 3.4.49-1 - update to 3.4.49 * Mon May 17 2021 Remi Collet - 3.4.48-1 - update to 3.4.48 * Wed Jan 27 2021 Fedora Release Engineering - 3.4.47-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1960631 - CVE-2021-21424 php-symfony: user enumeration in authentication mechanisms [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1960631 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-f3ad34aa9f' at the command line. For more information, refer to thednf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 27, 2021
•Critical
Fedora
89
security advisoryfedoraFedoraFedora 33: FEDORA-2020-0be2d40e13 Moderate: XSS Issues Resolved
https://lists.wikimedia.org/hyperkitty/list/
Dec 26, 2020
Fedora
89
security advisoryFedorakrb5Fedora 29: krb5 Security Update FEDORA-2018-7db7ccda4d Low Severity
Fix low-severity CVE-2018-20217 (an authenticated user who can obtain a TGT using an older encryption type (DES, DES3, or RC4) can cause an assertion failure in the KDC by sending an S4U2Self request.). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-7db7ccda4d 2018-12-24 06:06:55.202771 --------------------------------------------------------------------------------Name : krb5 Product : Fedora 29 Version : 1.16.1 Release : 22.fc29 URL : http://web.mit.edu/kerberos/www/ Summary : The Kerberos network authentication system Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form. --------------------------------------------------------------------------------Update Information: Fix low-severity CVE-2018-20217 (an authenticated user who can obtain a TGT using an older encryption type (DES, DES3, or RC4) can cause an assertion failure in the KDC by sending an S4U2Self request.) --------------------------------------------------------------------------------ChangeLog: * Thu Dec 20 2018 Robbie Harwood - 1.16.1-22 - Remove incorrect KDC assertion (CVE-2018-20217) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-7db7ccda4d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list
Dec 24, 2018
•Low
Fedora
89
security advisoryFedoracritical fixFedora 26: FEDORA-2017-ee04231942 critical: Mingw-Librsvg2 Division-By-Zero
MinGW cross compiled librsvg 2.40.18 release, fixing CVE-2017-11464 (division- by-zero in the Gaussian blur code).. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-ee04231942 2017-07-28 14:19:30.530856 --------------------------------------------------------------------------------Name : mingw-librsvg2 Product : Fedora 26 Version : 2.40.18 Release : 1.fc26 URL : https://wiki.gnome.org/Projects/LibRsvg Summary : SVG library based on cairo for MinGW Description : An SVG library based on cairo for MinGW. --------------------------------------------------------------------------------Update Information: MinGW cross compiled librsvg 2.40.18 release, fixing CVE-2017-11464 (division-by-zero in the Gaussian blur code). --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade mingw-librsvg2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jul 28, 2017
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!