Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
100
security advisorymoderatebuffer overflowSUSE 16.0 zlib Moderate Buffer Overflow and Infinite Loop Fix 2026-21151-1
An update that solves two vulnerabilities can now be installed.. # Security update for zlib Announcement ID: SUSE-SU-2026:21151-1 Release Date: 2026-04-09T11:18:30Z Rating: moderate References: * bsc#1216378 * bsc#1258392 Cross-References: * CVE-2023-45853 * CVE-2026-27171 CVSS scores: * CVE-2023-45853 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45853 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45853 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27171 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-27171 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27171 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27171 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for zlib fixes the following issues: * CVE-2026-27171: Fixed an infinite loop via the crc32_combine64 and crc32_combine_gen64 functions due to missing checks for negative lengths. (bsc#1258392) * CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6. (bsc#1216378) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-502=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-502=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * minizip-devel-1.2.13-160000.3.1 * zlib-devel-static-1.2.13-160000.3.1 *libminizip1-1.2.13-160000.3.1 * libz1-debuginfo-1.2.13-160000.3.1 * zlib-devel-1.2.13-160000.3.1 * libz1-1.2.13-160000.3.1 * libminizip1-debuginfo-1.2.13-160000.3.1 * zlib-debugsource-1.2.13-160000.3.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * libz1-x86-64-v3-debuginfo-1.2.13-160000.3.1 * libminizip1-x86-64-v3-debuginfo-1.2.13-160000.3.1 * libminizip1-x86-64-v3-1.2.13-160000.3.1 * libz1-x86-64-v3-1.2.13-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * minizip-devel-1.2.13-160000.3.1 * zlib-devel-static-1.2.13-160000.3.1 * libminizip1-1.2.13-160000.3.1 * libz1-debuginfo-1.2.13-160000.3.1 * zlib-devel-1.2.13-160000.3.1 * libz1-1.2.13-160000.3.1 * libminizip1-debuginfo-1.2.13-160000.3.1 * zlib-debugsource-1.2.13-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * libz1-x86-64-v3-debuginfo-1.2.13-160000.3.1 * libminizip1-x86-64-v3-debuginfo-1.2.13-160000.3.1 * libminizip1-x86-64-v3-1.2.13-160000.3.1 * libz1-x86-64-v3-1.2.13-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45853.html * https://www.suse.com/security/cve/CVE-2026-27171.html * https://bugzilla.suse.com/show_bug.cgi?id=1216378 * https://bugzilla.suse.com/show_bug.cgi?id=1258392 . Update for SUSE fixes moderate vulnerabilities in zlib, addressing critical stability and security issues to enhance protection.. SUSE Linux, zlib update, software security, moderate fix. . LinuxSecurity.com Team
Apr 21, 2026
SuSE
100
security advisorymoderateSuSESUSE Python-Requests Moderate Predicable Filename Issue 2026-1218-1
An update that solves one vulnerability can now be installed.. # Security update for python-requests Announcement ID: SUSE-SU-2026:1218-1 Release Date: 2026-04-08T14:39:50Z Rating: moderate References: * bsc#1260589 Cross-References: * CVE-2026-25645 CVSS scores: * CVE-2026-25645 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-25645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-25645 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N * CVE-2026-25645 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-requests fixes the following issues: * CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_updateor "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2026-1218=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1218=1 ## Package List: * Public Cloud Module 12 (noarch) * python3-requests-2.24.0-8.26.1 * python-requests-2.24.0-8.26.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * python-requests-2.24.0-8.26.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25645.html * https://bugzilla.suse.com/show_bug.cgi?id=1260589 . An update for python-requests on SUSE fixes a moderate issue with predictable filenames in zip extraction.. SUSE Security Advisory, python-requests Update, zip Extraction Security, Linux Patch Management. . LinuxSecurity.com Team
Apr 08, 2026
SuSE
100
security advisorymoderatebuffer overflowSUSE Linux Micro 6.1 zlib Moderate Integer Overflow Heap Issue
An update that solves two vulnerabilities can now be installed.. # Security update for zlib Announcement ID: SUSE-SU-2026:20659-1 Release Date: 2026-03-09T10:25:10Z Rating: moderate References: * bsc#1216378 * bsc#1258392 Cross-References: * CVE-2023-45853 * CVE-2026-27171 CVSS scores: * CVE-2023-45853 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45853 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45853 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27171 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-27171 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27171 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27171 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for zlib fixes the following issues: * CVE-2026-27171: Fixed an infinite loop via the crc32_combine64 and crc32_combine_gen64 functions due to missing checks for negative lengths. (bsc#1258392) * CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6. (bsc#1216378) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-432=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * zlib-debugsource-1.2.13-slfo.1.1_2.1 * zlib-devel-1.2.13-slfo.1.1_2.1 * libz1-1.2.13-slfo.1.1_2.1 * libz1-debuginfo-1.2.13-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45853.html * https://www.suse.com/security/cve/CVE-2026-27171.html *https://bugzilla.suse.com/show_bug.cgi?id=1216378 * https://bugzilla.suse.com/show_bug.cgi?id=1258392 . An update for SUSE zlib fixes two vulnerabilities; moderate severity with solutions provided for safe installations.. SUSE Linux Micro,zlib update,security threats,buffer overflow,integer overflow. . LinuxSecurity.com Team
Mar 18, 2026
SuSE
89
security advisoryfedoracriticalFedora 41: uv 0.8.8 Critical ZIP Validation Threat CVE-2025-54368
Update uv to version 0.8.8. Update the h2 crate to version 0.4.12. The builds in this update also address CVE-2025-54368.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-92fd810e1d 2025-08-19 04:44:05.202870+00:00 -------------------------------------------------------------------------------- Name : uv Product : Fedora 41 Version : 0.8.8 Release : 1.fc41 URL : https://github.com/astral-sh/uv Summary : An extremely fast Python package installer and resolver, written in Rust Description : An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: \u2022 \u2696\ufe0f Drop-in replacement for common pip, pip-tools, and virtualenv commands. \u2022 \u26a1\ufe0f 10-100x faster than pip and pip-tools (pip-compile and pip-sync). \u2022 \U0001f4be Disk-space efficient, with a global cache for dependency deduplication. \u2022 \U0001f40d Installable via curl, pip, pipx, etc. uv is a static binary that can be installed without Rust or Python. \u2022 \U0001f9ea Tested at-scale against the top 10,000 PyPI packages. \u2022 \U0001f5a5\ufe0f Support for macOS, Linux, and Windows. \u2022 \U0001f9f0 Advanced features such as dependency version overrides and alternative resolution strategies. \u2022 \u2049\ufe0f Best-in-class error messages with a conflict-tracking resolver. \u2022 \U0001f91d Support for a wide range of advanced pip features, including editable installs, Git dependencies, direct URL dependencies, local dependencies, constraints, source distributions, HTML and JSON indexes, and more. -------------------------------------------------------------------------------- Update Information: Update uv to version 0.8.8. Update the h2 crate to version 0.4.12. The builds in this update also addressCVE-2025-54368. -------------------------------------------------------------------------------- ChangeLog: * Sat Aug 9 2025 Benjamin A. Beasley - 0.8.8-1 - Update to 0.8.8 (close RHBZ#2387194) * Sat Aug 9 2025 Benjamin A. Beasley - 0.8.6-1 - Update to 0.8.6 * Wed Aug 6 2025 Benjamin A. Beasley - 0.8.5-1 - Update to 0.8.5 (close RHBZ#2386647) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2386891 - rust-h2-0.4.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2386891 [ 2 ] Bug #2387194 - uv-0.8.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=2387194 [ 3 ] Bug #2387242 - CVE-2025-54368 uv: uv ZIP Archive Validation Vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2387242 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-92fd810e1d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Upgrade uv to version 0.8.8 addressing severe ZIP validation vulnerabilities on Fedora 41. Utilize dnf for secure installation.. Fedora 41 update, uv package manager, ZIP validation security. . Severity: Critical. LinuxSecurity.com Team
Aug 19, 2025
•Critical
Fedora
87
security advisorybuffer overflowcriticalDebian Woody: DSA 624-1 Critical: Zip Buffer Overflow Execution
A buffer overflow has been discovered in zip, the archiver for .zip files. When doing recursive folder compression the program did not check the resulting path length, which would lead to memory being overwritten. A malicious person could convince a user to create an archive containing a specially crafted path name, which could lead to the execution of arbitrary code.. --------------------------------------------------------------------------Debian Security Advisory DSA 624-1
Jan 05, 2005
•Critical
Debian
91
security advisorygentoobuffer overflowGentoo Linux GLSA 200411-16 Normal: Zip Buffer Overflow Risk
zip contains a buffer overflow when creating a ZIP archive of files with very long path names. This could lead to the execution of arbitrary code. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200411-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: zip: Path name buffer overflow Date: November 09, 2004 Bugs: #70227 ID: 200411-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= zip contains a buffer overflow when creating a ZIP archive of files with very long path names. This could lead to the execution of arbitrary code. Background ========= zip is a compression and file packaging utility. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-arch/zip = 2.3-r4 Description ========== zip does not check the resulting path length when doing recursive folder compression. Impact ===== An attacker could exploit this by enticing another user or web application to create an archive including a specially-crafted path name, potentially resulting in the execution of arbitrary code with the permissions of the user running zip. Workaround ========= There is no known workaround at this time. Resolution ========= All zip users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-arch/zip-2.3-r4" References ========= [ 1 ] HexView zip Advisory Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200411-16 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Nov 09, 2004
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!