ALSA-2025:7593 Moderate: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: Ghostscript: NPDL device: Compression buffer overflow CVE-2025-27832 For more details...

Important: Red Hat Security Advisory: xz security update

An update for xz is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

kernel: erofs: fix missing unmap if z_erofs_get_extent_compressedlen() fails

A resource leak flaw was found in the Linux kernel's EROFS filesystem. When zerofsgetextentcompressedlen fails, the corresponding meta buffer is not properly unmapped, leading to a memory leak over time...

[SECURITY] Fedora 40 Update: libxmp-4.6.2-3.fc40

Libxmp is a library that renders module files to PCM data. It supports over 90 mainstream and obscure module formats including Protracker MOD, Scream Tracker 3 S3M, Fast Tracker II XM, and Impulse Tracker IT. Many compressed module formats are supported, including popular Unix, DOS, and Amiga fil...

ALSA-2025:7524 Important: xz security update

XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm LZMA, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fixes: xz: XZ has a...

[SECURITY] Fedora 41 Update: xz-5.8.1-2.fc41

XZ Utils are an attempt to make LZMA compression easy to use on free as in freedom operating systems. This is achieved by providing tools and libraries which are similar to use than the equivalents of the most popular existing compression algorithms. LZMA is a general purpose compression algorith...

[SECURITY] Fedora 41 Update: perl-Compress-Raw-Lzma-2.212-6.fc41

This module provides a Perl interface to the lzma compression library. It is used by IO::Compress::Lzma...

[SECURITY] Fedora 40 Update: xz-5.8.1-2.fc40

XZ Utils are an attempt to make LZMA compression easy to use on free as in freedom operating systems. This is achieved by providing tools and libraries which are similar to use than the equivalents of the most popular existing compression algorithms. LZMA is a general purpose compression algorith...

The vulnerability of the f2fs_unlock_rpages() function in the fs/f2fs/compress.c module of the F2FS file system support in Linux kernel allows a malicious actor to cause a service failure.

The vulnerability of the f2fsunlockrpages function in the fs/f2fs/compress.c module of the F2FS file system support in Linux operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

qatzip bug fix update

An update is available for qatzip. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list QATzip is a user space library which builds on top of the Intel QuickAssist...

Configure the Rotate Policy in rsyslog

rsyslog collects logs from the system and records them in files. logrotate copies and compresses log files periodically and quantitatively to ensure that log files do not occupy too many drive resources or even cannot be maintained. If the rotate policy is not configured for log files, they will...

SUSE CVE-2023-53144

In the Linux kernel, the following vulnerability has been resolved: erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms As the call trace shown, the root cause is kunmap incorrect pages: BUG: kernel NULL pointer dereference, address: 00000000 CPU: 1 PID: 40 Comm: kworker/u5:0 Not tainted...

CVE-2023-53144

In the Linux kernel, the following vulnerability has been resolved: erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms As the call trace shown, the root cause is kunmap incorrect pages: BUG: kernel NULL pointer dereference, address: 00000000 CPU: 1 PID: 40 Comm: kworker/u5:0 Not tainted...

CVE-2023-53144

In the Linux kernel, the following vulnerability has been resolved: erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms As the call trace shown, the root cause is kunmap incorrect pages: BUG: kernel NULL pointer dereference, address: 00000000 CPU: 1 PID: 40 Comm: kworker/u5:0 Not tainted...

UBUNTU-CVE-2023-53144

In the Linux kernel, the following vulnerability has been resolved: erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms As the call trace shown, the root cause is kunmap incorrect pages: BUG: kernel NULL pointer dereference, address: 00000000 CPU: 1 PID: 40 Comm: kworker/u5:0 Not tainted...

CVE-2023-53144 erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms

In the Linux kernel, the following vulnerability has been resolved: erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms As the call trace shown, the root cause is kunmap incorrect pages: BUG: kernel NULL pointer dereference, address: 00000000 CPU: 1 PID: 40 Comm: kworker/u5:0 Not tainted...

PT-2025-18908 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.2.0-rc5 Description: A bug in the Linux kernel has been resolved, related to the erofs filesystem when using LZMA compression on HIGHMEM platforms. The issue causes a kernel NULL pointer dereference due to...

CVE-2025-27611

base-x is a base encoder and decoder of any given alphabet using bitcoin style leading zero compression. Versions 4.0.0, 5.0.0, and all prior to 3.0.11, are vulnerable to attackers potentially deceiving users into sending funds to an unintended address. This issue has been patched in versions...

CVE-2025-27611

CVE-2025-27611 is a base-x homograph attack affecting the base-x base encoder/decoder. The shared issue, present in versions 4.0.0, 5.0.0, and all prior to 3.0.11, can allow Unicode lookalike characters to bypass validation, potentially deceiving users into sending funds to an unintended address....

PT-2025-18320 · Base-X · Base-X

Name of the Vulnerable Software and Affected Versions: base-x versions prior to 3.0.11 base-x version 4.0.0 base-x version 5.0.0 Description: The issue allows attackers to potentially deceive users into sending funds to an unintended address. This is achieved through a problem in the base-x encod...