Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
100
security advisorybuffer overflowSuSESUSE Linux Micro 6.0 xz Important Buffer Overflow CVE-2026-34743
An update that solves one vulnerability can now be installed.. # Security update for xz Announcement ID: SUSE-SU-2026:21729-1 Release Date: 2026-05-21T12:03:45Z Rating: important References: * bsc#1261280 Cross-References: * CVE-2026-34743 CVSS scores: * CVE-2026-34743 ( SUSE ): 7.5 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34743 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34743 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34743 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for xz fixes the following issue * CVE-2026-34743: buffer overflow in lzma_index_append() (bsc#1261280). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-723=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * liblzma5-debuginfo-5.4.3-6.1 * xz-5.4.3-6.1 * xz-debuginfo-5.4.3-6.1 * xz-debugsource-5.4.3-6.1 * liblzma5-5.4.3-6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34743.html * https://bugzilla.suse.com/show_bug.cgi?id=1261280 . Important update for xz resolves buffer overflow CVE-2026-34743 in SUSE Linux Micro 6.0. Install recommended fixes now.. xz update,suse security,buffer overflow fix,SUSE Linux Micro 6.0,vulnerability patch. . Severity: Important. LinuxSecurity.com Team
May 22, 2026
•Important
SuSE
98
security advisoryRed HatgzipUbuntu 20.04: USN-2022-5003-02 Critical: tar Improper-File-Handling
An update for xz is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: xz security update Advisory ID: RHSA-2022:4992-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:4992 Issue date: 2022-06-13 CVE Names: CVE-2022-1271 ==================================================================== 1. Summary: An update for xz is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fix(es): * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 2073310 - CVE-2022-1271 gzip: arbitrary-file-write vulnerability 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: xz-5.2.4-4.el8_2.src.rpm aarch64: xz-5.2.4-4.el8_2.aarch64.rpm xz-debuginfo-5.2.4-4.el8_2.aarch64.rpm xz-debugsource-5.2.4-4.el8_2.aarch64.rpm xz-devel-5.2.4-4.el8_2.aarch64.rpm xz-libs-5.2.4-4.el8_2.aarch64.rpm xz-libs-debuginfo-5.2.4-4.el8_2.aarch64.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.aarch64.rpm ppc64le: xz-5.2.4-4.el8_2.ppc64le.rpm xz-debuginfo-5.2.4-4.el8_2.ppc64le.rpm xz-debugsource-5.2.4-4.el8_2.ppc64le.rpm xz-devel-5.2.4-4.el8_2.ppc64le.rpm xz-libs-5.2.4-4.el8_2.ppc64le.rpm xz-libs-debuginfo-5.2.4-4.el8_2.ppc64le.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.ppc64le.rpm s390x: xz-5.2.4-4.el8_2.s390x.rpm xz-debuginfo-5.2.4-4.el8_2.s390x.rpm xz-debugsource-5.2.4-4.el8_2.s390x.rpm xz-devel-5.2.4-4.el8_2.s390x.rpm xz-libs-5.2.4-4.el8_2.s390x.rpm xz-libs-debuginfo-5.2.4-4.el8_2.s390x.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.s390x.rpm x86_64: xz-5.2.4-4.el8_2.x86_64.rpm xz-debuginfo-5.2.4-4.el8_2.i686.rpm xz-debuginfo-5.2.4-4.el8_2.x86_64.rpm xz-debugsource-5.2.4-4.el8_2.i686.rpm xz-debugsource-5.2.4-4.el8_2.x86_64.rpm xz-devel-5.2.4-4.el8_2.i686.rpm xz-devel-5.2.4-4.el8_2.x86_64.rpm xz-libs-5.2.4-4.el8_2.i686.rpm xz-libs-5.2.4-4.el8_2.x86_64.rpm xz-libs-debuginfo-5.2.4-4.el8_2.i686.rpm xz-libs-debuginfo-5.2.4-4.el8_2.x86_64.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.i686.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v.8.2): aarch64: xz-debuginfo-5.2.4-4.el8_2.aarch64.rpm xz-debugsource-5.2.4-4.el8_2.aarch64.rpm xz-libs-debuginfo-5.2.4-4.el8_2.aarch64.rpm xz-lzma-compat-5.2.4-4.el8_2.aarch64.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.aarch64.rpm ppc64le: xz-debuginfo-5.2.4-4.el8_2.ppc64le.rpm xz-debugsource-5.2.4-4.el8_2.ppc64le.rpm xz-libs-debuginfo-5.2.4-4.el8_2.ppc64le.rpm xz-lzma-compat-5.2.4-4.el8_2.ppc64le.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.ppc64le.rpm s390x: xz-debuginfo-5.2.4-4.el8_2.s390x.rpm xz-debugsource-5.2.4-4.el8_2.s390x.rpm xz-libs-debuginfo-5.2.4-4.el8_2.s390x.rpm xz-lzma-compat-5.2.4-4.el8_2.s390x.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.s390x.rpm x86_64: xz-debuginfo-5.2.4-4.el8_2.x86_64.rpm xz-debugsource-5.2.4-4.el8_2.x86_64.rpm xz-libs-debuginfo-5.2.4-4.el8_2.x86_64.rpm xz-lzma-compat-5.2.4-4.el8_2.x86_64.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYqcmgNzjgjWX9erEAQiFmA//QvLebq6O1ElGuQbAOcMZMk+essRRYnAD dqAwMuepS7op1u9FsHmugzWZLFHLEmekR9Kq2odyzkWc5FB73+Iv9eqw4iODcZhb IkDjQbZmHRrAjZ3GC2kHP/xL9SkYyAQICvGO6kBeunG7DXrZT2C24UllhBWnl2ST PLlXIL8k8IvzViacLrR7rtMZU1IsARPdn391bB8XMCGnuzL0D4Z3ncnGCgQ3u+20 raw4ZD5EY8aNzpd3E44l0BKkxxluFM6Td2KXIcK8hIyvSqbMSuOZiJTIfFgqY5Ms tjvfZBW8WVHwAWoD/nF7Ctv8GwvFRiypZnjtiiGEzxzl8ht63J5lqo/LgaY2upZM +AIH9aUNsTlSftKUU1/qHfzWIfTz9tpzSR/IMuKsomfCuZWkTU5cU/HyXn4gYmSH +OaiD06PZDxk0pjil19FbOvn36FWCprbM/KuKFsLMK0LSUXRIpzMfjR8Ok887fqS gtxbCRUacD/EUcIoqv8paV3R3J5ozP+PFmLBqrnNOhkyJ2JkdY22fZyZoDKQIATA 2b3mW4aPxrhNj0bnTj+5PmhaxK+LnZtrYf1WVx0Tv4HZWqv2kmqClT61kvrIcU1r 1VFSn7DhVquKaHtMe7InXjP62bnla47rTHBs/zcagfnkd8T3u4ZWrS2CiH3FBbft NUeDYdX5EhQ=4jHG -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 13, 2022
•Important
Red Hat
98
security advisorysecurity fiximportantRed Hat: RHSA-2022-4995-01 Critical: xz Archive Handling Vulnerability
An update for xz is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: xz security update Advisory ID: RHSA-2022:4994-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:4994 Issue date: 2022-06-13 CVE Names: CVE-2022-1271 ==================================================================== 1. Summary: An update for xz is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fix(es): * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2073310 - CVE-2022-1271 gzip:arbitrary-file-write vulnerability 6. Package List: Red Hat Enterprise Linux BaseOS E4S (v. 8.1): Source: xz-5.2.4-4.el8_1.src.rpm aarch64: xz-5.2.4-4.el8_1.aarch64.rpm xz-debuginfo-5.2.4-4.el8_1.aarch64.rpm xz-debugsource-5.2.4-4.el8_1.aarch64.rpm xz-devel-5.2.4-4.el8_1.aarch64.rpm xz-libs-5.2.4-4.el8_1.aarch64.rpm xz-libs-debuginfo-5.2.4-4.el8_1.aarch64.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_1.aarch64.rpm ppc64le: xz-5.2.4-4.el8_1.ppc64le.rpm xz-debuginfo-5.2.4-4.el8_1.ppc64le.rpm xz-debugsource-5.2.4-4.el8_1.ppc64le.rpm xz-devel-5.2.4-4.el8_1.ppc64le.rpm xz-libs-5.2.4-4.el8_1.ppc64le.rpm xz-libs-debuginfo-5.2.4-4.el8_1.ppc64le.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_1.ppc64le.rpm s390x: xz-5.2.4-4.el8_1.s390x.rpm xz-debuginfo-5.2.4-4.el8_1.s390x.rpm xz-debugsource-5.2.4-4.el8_1.s390x.rpm xz-devel-5.2.4-4.el8_1.s390x.rpm xz-libs-5.2.4-4.el8_1.s390x.rpm xz-libs-debuginfo-5.2.4-4.el8_1.s390x.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_1.s390x.rpm x86_64: xz-5.2.4-4.el8_1.x86_64.rpm xz-debuginfo-5.2.4-4.el8_1.i686.rpm xz-debuginfo-5.2.4-4.el8_1.x86_64.rpm xz-debugsource-5.2.4-4.el8_1.i686.rpm xz-debugsource-5.2.4-4.el8_1.x86_64.rpm xz-devel-5.2.4-4.el8_1.i686.rpm xz-devel-5.2.4-4.el8_1.x86_64.rpm xz-libs-5.2.4-4.el8_1.i686.rpm xz-libs-5.2.4-4.el8_1.x86_64.rpm xz-libs-debuginfo-5.2.4-4.el8_1.i686.rpm xz-libs-debuginfo-5.2.4-4.el8_1.x86_64.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_1.i686.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYqcmc9zjgjWX9erEAQgqQRAAm/fGQamwzgXIr6dPxZTYZyCs6DLknzJE 46CLEojxVLzJKbeoFmQ8GcPLqRPM6lAl+h1aAuIb9ucQuuEPHVZHUScDt55OZPmX jeB1Tofdz5qB/BsOgKZjGnCSF2JmBSsBYTKYsj+8n4IAWchT9GZpwwqLU49LIgEv H6oyEoJCz/UhMkZRtRpPKYvJs6+EA/FVfVkZ+LzVaLde4E67pqwW9kLH0laLIED1 qszhimDN9DyqU0BZpEFK5vl2RpQkOSkxKN6BKvmAcGmM97EF2ePGyEzY+siUq9qD t8WC2D63myCPfHZMLbQSeJnfY7FSZEbEY5wvVPCVdZGPzqqzc2P5gyFkZralYSRg 021Hr0cfjI3Sz4f/Hj+MYwJzGDEAKORY/vM3mBVE1aqHFMOd4s/a3T59GnLSX0qj NFUsL+qMYnx7Esnj4Y60+/O1fR4uCdPmK1kjiDYtj7aULHRC5/eO+c4c5pLI+5wk 7RE2s1ghGKFqIXc9e4323KTPoGz9a8akBQRpafrgeVGPnWdT/PAdLQhnwN9vrv6a rrtSMoi2eQfHLZ8WYEfc6jLGdtxJED3tjXZEucGGnjrBt9vNqAFpMEvfPoBnhn6y bplL5p5/IkwZVKXK7urzdYhlObBC1MOb76E3ihYhh/TTo4/7lg437F3sfsY47OdD Lp0DiP3Y824=OTzz -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 13, 2022
•Important
Red Hat
100
security advisoryimportantsuseSUSE: 2022:616-1 Important: suse/sle15 Security Update for xz
The container suse/sle15 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:616-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.25.2.52 , suse/sle15:15.4 , suse/sle15:15.4.25.2.52 Container Release : 25.2.52 Severity : important Type : security References : 1197293 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1150-1 Released: Mon Apr 11 17:34:19 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1197293 This update for suse-build-key fixes the following issues: No longer install 1024bit keys by default. (bsc#1197293) - The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package. - The old PTF (pre March 2022) key moved to documentation directory. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - libgcrypt20-hmac-1.9.4-150400.3.1 updated - libgcrypt20-1.9.4-150400.3.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libsystemd0-249.11-150400.4.5 updated - libudev1-249.11-150400.4.5 updated - libyaml-cpp0_6-0.6.3-150400.2.1 updated - sles-release-15.4-150400.50.1 updated - suse-build-key-12.0-150000.8.22.1 updated . SUSE Container Notice alerts regardingvulnerabilities and updates for suse/sle15 impacting xz and suse-build-key components.. SUSE Container Security Update, SUSE SLE15 Patches, Important Security Advisory. . Severity: Important. LinuxSecurity.com Team
Apr 14, 2022
•Important
SuSE
100
security advisorysecurity patchsuseSUSE: 2022:600-2 Critical Update: SLES12SP5 Security Patches Applied
The container suse/sles12sp5 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:599-1 Container Tags : suse/sles12sp5:6.5.315 , suse/sles12sp5:latest Container Release : 6.5.315 Severity : important Type : security References : 1180225 1190984 1191502 1193841 1195529 1195899 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1160-1 Released: Tue Apr 12 14:49:18 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1169-1 Released: Tue Apr 12 18:19:42 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1180225,1190984,1191502,1193841,1195529,1195899 This update for systemd fixes the following issues: - Core: make sure we always free the list of changes - Install: correctly report symlink creations - Core: make sure we generate a nicer error when a linked unit is attempted to be enabled - Install: unify checking whether operations may be applied to a unit file in a new function - Install: fix errno handling - Allow 'edit' and 'cat' on unloaded units - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - systemd-coredump: allow setting external core size to infinity (bsc#1195899jsc#SLE-23869 jsc#SLE-23871) - systemctl: exit with 1 if no unit files found (bsc#1193841) - umount: show correct error message - core/umount: fix unitialized fields in MountPoint - umount: Add more asserts and remove some unused arguments, fix memory leak - mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984) - busctl: add a timestamp to the output of the busctl monitor command (bsc#1180225 jsc#SLE-21861) The following package changes have been done: - liblzma5-5.0.5-6.7.1 updated - libsystemd0-228-157.38.4 updated - libudev1-228-157.38.4 updated . SUSE Container Patch Notification for suse/sles12sp5 encompasses critical enhancements related to security vulnerabilities and overall system efficiency.. SUSE Container Update,suse/sles12sp5,xz security,systemd recommended update,security patches. . Severity: Important. LinuxSecurity.com Team
Apr 14, 2022
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!