Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
Does sandboxing completely stop hackers?
Loading...
Explore Latest Linux Security advisories
We found 9,991 articles for you...
100
security advisorySuSEimportantSUSE Apache Commons Important StackOverflowError Issue 2026-2642-1
An update that solves one vulnerability can now be installed.. # Security update for apache-commons-configuration2, apache-commons-text Announcement ID: SUSE-SU-2026:2642-1 Release Date: 2026-06-26T07:59:45Z Rating: important References: * bsc#1265299 Cross-References: * CVE-2026-45205 CVSS scores: * CVE-2026-45205 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-45205 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45205 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for apache-commons-configuration2, apache-commons-text fixes the following issues * CVE-2026-45205: uncontrolled recursion leads to `StackOverflowError` when processing specially crafted configuration files (bsc#1265299). Changes for apache-commons-configuration2: * Upgrade to version2.15.0: * Disable include schemes http[s] by default, see AbstractFileLocationStrategy * Detect and avoid processing cycles in YAML input (YAMLConfiguration) (bsc#1265299, CVE-2026-45205) * Extend scheme validation to inner schemes of jar: URLs * Add XMLConfiguration.read(Element) * Add ConfigurationException.ConfigurationException(String, Object...) * Add ConfigurationException.ConfigurationException(Throwable, String, Object...) * Add ConversionException.ConversionException(String, Object...) * Add ConversionException.ConversionException(Throwable, String, * Add ConfigurationRuntimeException .ConfigurationRuntimeException(Throwable, String, Object...) * Fixed Bugs * Fix Apache RAT plugin console warnings * Migrate from deprecated APIs * Add org.apache.commons.configuration2.ImmutableConfiguration .entrySet() .forEach(BiConsumer ) * Add VEX entry for CVE-2025-48924 * Shared primitive variable "throwExceptionOnMissing" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.configuration2 .AbstractConfiguration] At AbstractConfiguration.java: [line 1493] AT_STALE_THREAD_WRITE_OF_PRIMITIVE * Shared primitive variable "forceSingleLine" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.configuration2 .PropertiesConfigurationLayout] At PropertiesConfigurationLayout.java:[line 821] AT_STALE_THREAD_WRITE_OF_PRIMITIVE * CONFIGURATION-849: Fix undoubling of strings * CONFIGURATION-852: Mark the package jakarta.servlet.* import as optional in OSGi * Fix build [WARNING] Parameter 'forkMode' is unknown for plugin 'maven- surefire-plugin:3.5.3:test (default-test)' * New features: * Add PrefixedKeysIterator.toString() to package-private PrefixedKeysIterator * CONFIGURATION-836: New web configurations using the jakarta.servlet namespace are now available * CONFIGURATION-836: Add org.apache.commons.configuration2.web .JakartaServletConfiguration .JakartaServletContextConfiguration .JakartaServletFilterConfiguration .JakartaServletRequestConfiguration * Add org.apache.commons.configuration2 .AbstractHierarchicalConfiguration.getKeysInternal(String, String) * Fixed Bugs: * PropertyConverter.to(Class, Object, DefaultConversionHandler) doesn't convert custom java.lang.Number subclasses * DefaultConversionHandler.convertValue(Object, Class, ConfigurationInterpolator) doesn't convert custom java.lang .Number subclasses * DefaultConversionHandler.to(Object, Class, * CONFIGURATION-848: SubsetConfiguration does not account for delimiters as it did in 2.9.0 * CONFIGURATION-848: CompositeConfiguration does not account for * Describe the security model * De-emphasize the 1.x version line on the website * CONFIGURATION-851: HomeDirectoryLocationStrategy no longer resolves the user HOME directory correctly * CONFIGURATION-844: Add support for empty sections * Add ImmutableConfiguration.containsValue(Object) * Fail-fast with a NullPointerException if DataConfiguration .DataConfiguration(Configuration) is called with null * Fail-fast with a NullPointerException if XMLPropertiesConfiguration.XMLPropertiesConfiguration(Element) is called with null * Fail-fast with a NullPointerException if a SubsetConfiguration constructor is called with a null Configuration * CONFIGURATION-843: Methods should not be empty * Guard MapConfiguration against null maps AppletConfiguration(Applet) is called with null ServletConfiguration(Servlet) is called with null ServletConfiguration(ServletConfig) is called with null ServletContextConfiguration(Servlet) is called with null ServletContextConfiguration(ServletContext) is called with null ServletFilterConfiguration(FilterConfig) is called with null ServletRequestConfiguration(ServletRequest) is called with null * Deprecate DatabaseConfiguration.getDatasource() in favor of getDataSource() * Fix PMDDynamicCombinedConfiguration in AbstractImmutableNodeHandler AbstractListDelimiterHandler DefaultPrefixLookupsHolder DynamicCombinedConfiguration PropertiesConfiguration * CONFIGURATION-846: Restore previous behavior allowing Spring to inject multiple values * CONFIGURATION-847: Property with an empty string value was not processed Changes for apache-commons-text: * Upgrade to version 1.15.0 * New features * Add experimental CycloneDX VEX file * TEXT-235: Add Damerau-Levenshtein distance * Add unit tests to increase coverage * Add new test for CharSequenceTranslator#with() * Add tests and assertions to org.apache.commons.text.similarity to get to 100% code coverage * Fixed Bugs * Fix exception message typo in XmlStringLookup .XmlStringLookup(Map, Path...) * TEXT-236: Inserting at the end of a TextStringBuilder throws a StringIndexOutOfBoundsException * Fix TextStringBuilderTest.testAppendToCharBuffer() to use proper argument type * Fix Apache RAT plugin console warnings * Fix site XML to use version 2.0.0 XML schema * Removed unreachable threshold verification code in src/main/java/org/apache/commons/text/similarity * Enable secure processing for the XML parser in XmlStringLookup in case the underlying JAXP implementation doesn't * Interface StringLookup now extends UnaryOperator * Interface TextRandomProvider extends IntUnaryOperator * Add RandomStringGenerator.Builder .usingRandom(IntUnaryOperator) * Add PMD check to default Maven goal * Add org.apache.commons.text.RandomStringGenerator.Builder .setAccumulate(boolean) * Fix PMD UnnecessaryFullyQualifiedName in StringLookupFactory * Fix PMD UnnecessaryFullyQualifiedName in DefaultStringLookupsHolder PropertiesStringLookup JavaPlatformStringLookup * Fix PMD UnnecessaryFullyQualifiedName in StringSubstitutor * Fix PMD UnnecessaryFullyQualifiedName in StrSubstitutor * Fix PMD UnnecessaryFullyQualifiedName in AlphabetConverter * Fix PMDAvoidBranchingStatementAsLastInLoop in TextStringBuilder * Fix PMD AvoidBranchingStatementAsLastInLoop in StrBuilder * org.apache.commons.text.translate.LookupTranslator .LookupTranslator(Map CharSequence> ) now throws NullPointerException instead of java.security.InvalidParameterException * Remove -nouses directive from maven-bundle-plugin. OSGi package imports now state 'uses' definitions for package imports, this doesn't affect JPMS (from org.apache.commons:commons-parent:80) * Deprecate EntityArrays.EntityArrays() * StringLookupFactory.DefaultStringLookupsHolder .createDefaultStringLookups() maps DefaultStringLookup .LOCAL_HOST twice instead of once for LOCAL_HOST and LOOPBACK_ADDRESS * Add StringLookupFactory.loopbackAddressStringLookup() * Add StringLookupFactory.KEY_LOOPBACK_ADDRESS * Add DefaultStringLookup.LOOPBACK_ADDRESS * Add richer inputs in package org.apache.commons.text .similarity with SimilarityInput * Add HammingDistance.apply(SimilarityInput, SimilarityInput) * Add JaccardDistance.apply(SimilarityInput, SimilarityInput) * Add JaccardSimilarity.apply(SimilarityInput, SimilarityInput) * Add JaroWinklerDistance.apply(SimilarityInput, SimilarityInput) * Add JaroWinklerSimilarity.apply(SimilarityInput, * Add LevenshteinDetailedDistance.apply(SimilarityInput, * Add LevenshteinDistance.apply(SimilarityInput, * Fix build on Java 22 * Fix build on Java 23-ea * Make package-private constructor private: StrLookup.MapStrLookup.MapStrLookup(Map) * Make package-private constructor private: StrLookup .SystemPropertiesStrLookup.SystemPropertiesStrLookup() * Make package-private class private and final: MapStrLookup * Make package-private class private: StrMatcher.CharMatcher * Make package-private class private: StrMatcher.CharSetMatcher * Make package-private class private: StrMatcher.NoMatcher * Make package-private class private: StrMatcher.StringMatcher * Make package-private class private: StrMatcher.TrimMatcher *Make package-private class private and final: IntersectionSimilarity.BagCount IntersectionSimilarity.TinyCount * Deprecate LevenshteinDistance.LevenshteinDistance() in favor of LevenshteinDistance.getDefaultInstance() * Deprecate LevenshteinDetailedDistance .LevenshteinDetailedDistance() in favor of LevenshteinDetailedDistance.getDefaultInstance() * TEXT-234: Improve StrBuilder documentation for new line text * TEXT-234: Improve TextStringBuilder documentation for new line text * TEXT-233: Required OSGi Import-Package version numbers in MANIFEST.MF * Add StringLookupFactory.fileStringLookup(Path...) and deprecated fileStringLookup() * Add StringLookupFactory.propertiesStringLookup(Path...) and deprecated propertiesStringLookup() * Add StringLookupFactory.xmlStringLookup(Map, Path...) and deprecated xmlStringLookup() and xmlStringLookup(Map) * Add StringLookupFactory.builder() for fencing Path resolution of the file, properties and XML lookups * Add DoubleFormat.Builder.get() as Builder now implements Supplier * TEXT-232: WordUtils.containsAllWords?() may throw PatternSyntaxException * TEXT-175: Fix regression for determining whitespace in WordUtils * Deprecate Builder in favor of Supplier * TEXT-224: Set SecureProcessing feature in XmlStringLookup by default * TEXT-224: Add StringLookupFactory.xmlStringLookup(Map ...) * Add @FunctionalInterface to FormatFactory * Add RandomStringGenerator.builder() * TEXT-229: Add XmlEncoderStringLookup/XmlDecoderStringLookup * Add StringSubstitutor.toString() * TEXT-219: Fix StringTokenizer.getTokenList to return an independent modifiable list * Fix Javadoc for StringEscapeUtils.escapeHtml4 * TextStringBuidler#hashCode() allocates a String on each call * TEXT-221: Fix Bundle-SymbolicName to use the package name org.apache.commons.text * Add and use a package-private singleton for RegexTokenizer * Add and use a package-private singleton for CosineSimilarity * Add and use a package-privatesingleton for LongestCommonSubsequence JaroWinklerSimilarity * Add and use a package-private singleton for JaccardSimilarity * [StepSecurity] ci: Harden GitHub Actions * Improve AlphabetConverter Javadoc * Fix exception message in IntersectionResult to make set-theoretic sense * Add null-check in RandomStringGenerator#Builder#selectFrom() to avoid NullPointerException * Add null-check in RandomStringGenerator#Builder#withinRange() * TEXT-228: Fix TextStringBuilder to over-allocate when ensuring capacity * Constructor for ResourceBundleStringLookup should be private instead of package-private * Constructor for UrlDecoderStringLookup should be private * Constructor for UrlEncoderStringLookup should be private * TEXT-230: Javadoc of org.apache.commons.text.lookup .DefaultStringLookup.XML is incorrect * Update DoubleFormat to state it is based on Double.toString ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2642=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2642=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2642=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2642=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2642=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2642=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2642=1 * SUSE Linux Enterprise High PerformanceComputing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2642=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2642=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2642=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2642=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * apache-commons-text-1.15.0-150200.5.14.1 * apache-commons-configuration2-2.15.0-150200.5.11.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * apache-commons-text-1.15.0-150200.5.14.1 * apache-commons-configuration2-2.15.0-150200.5.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * apache-commons-text-1.15.0-150200.5.14.1 * apache-commons-configuration2-2.15.0-150200.5.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * apache-commons-text-1.15.0-150200.5.14.1 * apache-commons-configuration2-2.15.0-150200.5.11.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * apache-commons-text-1.15.0-150200.5.14.1 * apache-commons-configuration2-2.15.0-150200.5.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * apache-commons-text-1.15.0-150200.5.14.1 * apache-commons-configuration2-2.15.0-150200.5.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * apache-commons-text-1.15.0-150200.5.14.1 * apache-commons-configuration2-2.15.0-150200.5.11.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * apache-commons-text-1.15.0-150200.5.14.1 * apache-commons-configuration2-2.15.0-150200.5.11.1 * Development Tools Module 15-SP7 (noarch) * apache-commons-text-1.15.0-150200.5.14.1 * apache-commons-configuration2-2.15.0-150200.5.11.1 *SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * apache-commons-text-1.15.0-150200.5.14.1 * apache-commons-configuration2-2.15.0-150200.5.11.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * apache-commons-text-1.15.0-150200.5.14.1 * apache-commons-configuration2-2.15.0-150200.5.11.1 ## References: * https://www.suse.com/security/cve/CVE-2026-45205.html * https://bugzilla.suse.com/show_bug.cgi?id=1265299 . The update addresses crucial security issues in Apache Commons with respectful recommendations for installation and patches.. SUSE System Update Security Patch Apache Commons. . Severity: Important. LinuxSecurity.com Team
Jun 26, 2026
•Important
SuSE
219
security advisorydenial of servicesecurity updateRocky Linux 10 Buildah Important Denial of Service Update RLSA-2026-29195
Important: buildah security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:29195", "synopsis": "Important: buildah security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for buildah.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. \n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}, {"ticket": "2456339", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "description": ""}, {"ticket": "2456333", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333", "description": ""}, {"ticket": "2456338", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "description": ""}],"cves": [{"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}, {"name": "CVE-2026-32280", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}, {"name": "CVE-2026-32281", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32281", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-1050"}, {"name": "CVE-2026-32283", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-764"}], "references": [], "publishedAt": "2026-06-26T12:05:00.179765Z", "rpms": {"Rocky Linux 10": {"nvras": ["buildah-2:1.43.1-2.el10_2.src.rpm", "buildah-2:1.43.1-2.el10_2.ppc64le.rpm", "buildah-debuginfo-2:1.43.1-2.el10_2.aarch64.rpm", "buildah-tests-2:1.43.1-2.el10_2.x86_64.rpm", "buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le.rpm", "buildah-debugsource-2:1.43.1-2.el10_2.s390x.rpm", "buildah-debuginfo-2:1.43.1-2.el10_2.x86_64.rpm", "buildah-tests-2:1.43.1-2.el10_2.s390x.rpm", "buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le.rpm", "buildah-2:1.43.1-2.el10_2.s390x.rpm", "buildah-2:1.43.1-2.el10_2.x86_64.rpm", "buildah-debuginfo-2:1.43.1-2.el10_2.s390x.rpm", "buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64.rpm", "buildah-debugsource-2:1.43.1-2.el10_2.x86_64.rpm", "buildah-tests-2:1.43.1-2.el10_2.aarch64.rpm", "buildah-2:1.43.1-2.el10_2.aarch64.rpm", "buildah-debugsource-2:1.43.1-2.el10_2.ppc64le.rpm", "buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64.rpm", "buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x.rpm","buildah-debugsource-2:1.43.1-2.el10_2.aarch64.rpm", "buildah-tests-2:1.43.1-2.el10_2.ppc64le.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important buildah security update for Rocky Linux 10 addressing multiple denial of service issues with CVE-2026-25679 and others.. buildah security, Rocky Linux update, security issues, denial of service, security advisories. . Severity: Important. LinuxSecurity.com Team
Jun 26, 2026
•Important
Rocky Linux
219
security advisorymoderatesecurity issueRocky Linux 10 RLSA-2026-29980 golang Moderate Input Injection Fix
Moderate: golang security, bug fix, and enhancement update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:29980", "synopsis": "Moderate: golang security, bug fix, and enhancement update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for golang.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The golang packages provide the Go programming language compiler.\n\nSecurity Fix(es):\n\n* net/textproto: golang: Golang net/textproto: Misleading error messages via input injection (CVE-2026-42507)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Go to version 1.26.4+1 [rhel-10.2.z] (JIRA:Rocky Linux-183347)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2484205", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2484205", "description": ""}], "cves": [{"name": "CVE-2026-42507", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42507", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss3BaseScore": "5.3", "cwe": "CWE-117"}], "references": [], "publishedAt": "2026-06-26T12:05:00.179765Z", "rpms": {"Rocky Linux 10": {"nvras": ["golang-bin-0:1.26.4-1.el10_2.ppc64le.rpm", "golang-race-0:1.26.4-1.el10_2.aarch64.rpm", "go-toolset-0:1.26.4-1.el10_2.aarch64.rpm", "golang-race-0:1.26.4-1.el10_2.x86_64.rpm", "go-toolset-0:1.26.4-1.el10_2.ppc64le.rpm", "golang-race-0:1.26.4-1.el10_2.ppc64le.rpm", "golang-bin-0:1.26.4-1.el10_2.s390x.rpm", "golang-misc-0:1.26.4-1.el10_2.noarch.rpm", "golang-docs-0:1.26.4-1.el10_2.noarch.rpm", "golang-0:1.26.4-1.el10_2.s390x.rpm", "golang-bin-0:1.26.4-1.el10_2.aarch64.rpm","go-toolset-0:1.26.4-1.el10_2.s390x.rpm", "golang-0:1.26.4-1.el10_2.aarch64.rpm", "golang-0:1.26.4-1.el10_2.x86_64.rpm", "golang-0:1.26.4-1.el10_2.ppc64le.rpm", "golang-bin-0:1.26.4-1.el10_2.x86_64.rpm", "golang-tests-0:1.26.4-1.el10_2.noarch.rpm", "go-toolset-0:1.26.4-1.el10_2.x86_64.rpm", "golang-race-0:1.26.4-1.el10_2.s390x.rpm", "golang-src-0:1.26.4-1.el10_2.noarch.rpm", "golang-0:1.26.4-1.el10_2.src.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux 10 offers a moderate security fix for golang addressing misleading error messages. Update recommended!. golang security, Rocky Linux 10, security issues. . Severity: moderate. LinuxSecurity.com Team
Jun 26, 2026
•moderate
Rocky Linux
219
security advisorydenial of servicecode executionRocky Linux nginx Important Code Exec DoS Risk RLSA-2026-29874
Important: nginx security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:29874", "synopsis": "Important: nginx security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for nginx.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* nginx: ngx_http_rewrite_module: code execution and denial of service (CVE-2026-9256)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2480746", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2480746", "description": ""}], "cves": [{"name": "CVE-2026-9256", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9256", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.1", "cwe": "CWE-122"}], "references": [], "publishedAt": "2026-06-26T12:05:00.179765Z", "rpms": {"Rocky Linux 10": {"nvras": ["nginx-2:1.26.3-6.el10_2.4.src.rpm", "nginx-2:1.26.3-6.el10_2.4.s390x.rpm", "nginx-core-debuginfo-2:1.26.3-6.el10_2.4.x86_64.rpm", "nginx-core-debuginfo-2:1.26.3-6.el10_2.4.aarch64.rpm", "nginx-mod-devel-2:1.26.3-6.el10_2.4.aarch64.rpm", "nginx-mod-mail-2:1.26.3-6.el10_2.4.aarch64.rpm", "nginx-core-2:1.26.3-6.el10_2.4.s390x.rpm", "nginx-mod-stream-2:1.26.3-6.el10_2.4.ppc64le.rpm", "nginx-mod-http-perl-debuginfo-2:1.26.3-6.el10_2.4.aarch64.rpm", "nginx-filesystem-2:1.26.3-6.el10_2.4.noarch.rpm", "nginx-2:1.26.3-6.el10_2.4.ppc64le.rpm", "nginx-mod-http-perl-2:1.26.3-6.el10_2.4.x86_64.rpm","nginx-mod-http-image-filter-2:1.26.3-6.el10_2.4.s390x.rpm", "nginx-debuginfo-2:1.26.3-6.el10_2.4.s390x.rpm", "nginx-mod-http-image-filter-2:1.26.3-6.el10_2.4.ppc64le.rpm", "nginx-2:1.26.3-6.el10_2.4.aarch64.rpm", "nginx-mod-http-xslt-filter-2:1.26.3-6.el10_2.4.ppc64le.rpm", "nginx-mod-mail-debuginfo-2:1.26.3-6.el10_2.4.s390x.rpm", "nginx-mod-mail-2:1.26.3-6.el10_2.4.x86_64.rpm", "nginx-mod-stream-debuginfo-2:1.26.3-6.el10_2.4.s390x.rpm", "nginx-mod-http-image-filter-debuginfo-2:1.26.3-6.el10_2.4.x86_64.rpm", "nginx-mod-stream-2:1.26.3-6.el10_2.4.x86_64.rpm", "nginx-mod-http-perl-2:1.26.3-6.el10_2.4.s390x.rpm", "nginx-mod-stream-2:1.26.3-6.el10_2.4.s390x.rpm", "nginx-mod-http-xslt-filter-debuginfo-2:1.26.3-6.el10_2.4.ppc64le.rpm", "nginx-mod-http-xslt-filter-2:1.26.3-6.el10_2.4.s390x.rpm", "nginx-debugsource-2:1.26.3-6.el10_2.4.ppc64le.rpm", "nginx-mod-mail-debuginfo-2:1.26.3-6.el10_2.4.aarch64.rpm", "nginx-all-modules-2:1.26.3-6.el10_2.4.noarch.rpm", "nginx-mod-http-perl-2:1.26.3-6.el10_2.4.aarch64.rpm", "nginx-debuginfo-2:1.26.3-6.el10_2.4.ppc64le.rpm", "nginx-mod-stream-debuginfo-2:1.26.3-6.el10_2.4.x86_64.rpm", "nginx-mod-http-image-filter-debuginfo-2:1.26.3-6.el10_2.4.aarch64.rpm", "nginx-mod-http-perl-debuginfo-2:1.26.3-6.el10_2.4.ppc64le.rpm", "nginx-2:1.26.3-6.el10_2.4.x86_64.rpm", "nginx-mod-http-xslt-filter-debuginfo-2:1.26.3-6.el10_2.4.x86_64.rpm", "nginx-mod-http-image-filter-debuginfo-2:1.26.3-6.el10_2.4.s390x.rpm", "nginx-mod-stream-debuginfo-2:1.26.3-6.el10_2.4.aarch64.rpm", "nginx-mod-http-perl-2:1.26.3-6.el10_2.4.ppc64le.rpm", "nginx-mod-mail-debuginfo-2:1.26.3-6.el10_2.4.x86_64.rpm", "nginx-mod-mail-2:1.26.3-6.el10_2.4.ppc64le.rpm", "nginx-mod-http-image-filter-2:1.26.3-6.el10_2.4.aarch64.rpm", "nginx-mod-http-xslt-filter-2:1.26.3-6.el10_2.4.x86_64.rpm", "nginx-mod-http-xslt-filter-debuginfo-2:1.26.3-6.el10_2.4.aarch64.rpm", "nginx-mod-mail-debuginfo-2:1.26.3-6.el10_2.4.ppc64le.rpm", "nginx-debugsource-2:1.26.3-6.el10_2.4.x86_64.rpm", "nginx-debugsource-2:1.26.3-6.el10_2.4.s390x.rpm","nginx-mod-http-xslt-filter-2:1.26.3-6.el10_2.4.aarch64.rpm", "nginx-mod-stream-debuginfo-2:1.26.3-6.el10_2.4.ppc64le.rpm", "nginx-mod-http-image-filter-2:1.26.3-6.el10_2.4.x86_64.rpm", "nginx-debuginfo-2:1.26.3-6.el10_2.4.aarch64.rpm", "nginx-core-debuginfo-2:1.26.3-6.el10_2.4.ppc64le.rpm", "nginx-mod-devel-2:1.26.3-6.el10_2.4.ppc64le.rpm", "nginx-core-2:1.26.3-6.el10_2.4.aarch64.rpm", "nginx-mod-stream-2:1.26.3-6.el10_2.4.aarch64.rpm", "nginx-core-debuginfo-2:1.26.3-6.el10_2.4.s390x.rpm", "nginx-mod-devel-2:1.26.3-6.el10_2.4.x86_64.rpm", "nginx-mod-http-perl-debuginfo-2:1.26.3-6.el10_2.4.x86_64.rpm", "nginx-mod-http-xslt-filter-debuginfo-2:1.26.3-6.el10_2.4.s390x.rpm", "nginx-debuginfo-2:1.26.3-6.el10_2.4.x86_64.rpm", "nginx-mod-http-image-filter-debuginfo-2:1.26.3-6.el10_2.4.ppc64le.rpm", "nginx-mod-mail-2:1.26.3-6.el10_2.4.s390x.rpm", "nginx-core-2:1.26.3-6.el10_2.4.ppc64le.rpm", "nginx-mod-devel-2:1.26.3-6.el10_2.4.s390x.rpm", "nginx-debugsource-2:1.26.3-6.el10_2.4.aarch64.rpm", "nginx-mod-http-perl-debuginfo-2:1.26.3-6.el10_2.4.s390x.rpm", "nginx-core-2:1.26.3-6.el10_2.4.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Addressing an important nginx security update impacting Rocky Linux 10. Ensure safety against potential exploits now.. Rocky Linux update, nginx security patch, server protection, denial of service, code execution. . Severity: Important. LinuxSecurity.com Team
Jun 26, 2026
•Important
Rocky Linux
219
security advisorydenial of servicenetwork securityRocky Linux 9 RLSA-2026-29703 Important Denial of Service in plugins
Important: containernetworking-plugins security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:29703", "synopsis": "Important: containernetworking-plugins security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for containernetworking-plugins.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. \n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}, {"ticket": "2456333", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333", "description": ""}, {"ticket": "2456338", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "description": ""}, {"ticket": "2456339", "sourceBy": "Red Hat", "sourceLink":"https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "description": ""}], "cves": [{"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}, {"name": "CVE-2026-32280", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}, {"name": "CVE-2026-32281", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32281", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-1050"}, {"name": "CVE-2026-32283", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-764"}], "references": [], "publishedAt": "2026-06-26T12:03:13.137376Z", "rpms": {"Rocky Linux 9": {"nvras": ["containernetworking-plugins-1:1.9.0-3.el9_8.aarch64.rpm", "containernetworking-plugins-1:1.9.0-3.el9_8.ppc64le.rpm", "containernetworking-plugins-1:1.9.0-3.el9_8.s390x.rpm", "containernetworking-plugins-1:1.9.0-3.el9_8.src.rpm", "containernetworking-plugins-1:1.9.0-3.el9_8.x86_64.rpm", "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.aarch64.rpm", "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.ppc64le.rpm", "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.s390x.rpm", "containernetworking-plugins-debuginfo-1:1.9.0-3.el9_8.x86_64.rpm", "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.aarch64.rpm", "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.ppc64le.rpm", "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.s390x.rpm", "containernetworking-plugins-debugsource-1:1.9.0-3.el9_8.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}.Rocky Linux provides an important security update for containernetworking-plugins impacting network connectivity of containers.. Rocky Linux Security Update, containernetworking-plugins Fix, Important Linux Security. . Severity: Important. LinuxSecurity.com Team
Jun 26, 2026
•Important
Rocky Linux
219
security advisoryimportantinformation disclosureRocky Linux Thunderbird Essential Measures for Various CVEs RLSA-2026-29940
Important: thunderbird security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:29940", "synopsis": "Important: thunderbird security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for thunderbird.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* firefox: thunderbird: Sandbox escape in the DOM: Workers component (CVE-2026-12294)\n\n* firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12313)\n\n* firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12311)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12290)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12327)\n\n* firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component (CVE-2026-12299)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12329)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12312)\n\n* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12302)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12328)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Internationalization component (CVE-2026-12330)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12314)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12309)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR140.12 (CVE-2026-12310)\n\n* firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component (CVE-2026-12325)\n\n* firefox: thunderbird: Sandbox escape in the DOM: Navigation component (CVE-2026-12295)\n\n* firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-12289)\n\n* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12315)\n\n* firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component (CVE-2026-12296)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12306)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12307)\n\n* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component (CVE-2026-12297)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12305)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Web Audio component (CVE-2026-12292)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12308)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2026-12324)\n\n* firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component (CVE-2026-12304)\n\n* firefox: thunderbird: Use-after-free in the Networking: HTTP component (CVE-2026-12291)\n\n* firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12 (CVE-2026-12298)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2489207", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489207", "description": ""}, {"ticket": "2489208", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489208", "description": ""},{"ticket": "2489209", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489209", "description": ""}, {"ticket": "2489210", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489210", "description": ""}, {"ticket": "2489211", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489211", "description": ""}, {"ticket": "2489212", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489212", "description": ""}, {"ticket": "2489214", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489214", "description": ""}, {"ticket": "2489215", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489215", "description": ""}, {"ticket": "2489217", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489217", "description": ""}, {"ticket": "2489218", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489218", "description": ""}, {"ticket": "2489220", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489220", "description": ""}, {"ticket": "2489221", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489221", "description": ""}, {"ticket": "2489223", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489223", "description": ""}, {"ticket": "2489224", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489224", "description": ""}, {"ticket": "2489225", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489225", "description": ""}, {"ticket": "2489226", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489226", "description": ""}, {"ticket": "2489229", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489229", "description": ""}, {"ticket": "2489231", "sourceBy":"Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489231", "description": ""}, {"ticket": "2489232", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489232", "description": ""}, {"ticket": "2489233", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489233", "description": ""}, {"ticket": "2489234", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489234", "description": ""}, {"ticket": "2489235", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489235", "description": ""}, {"ticket": "2489236", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489236", "description": ""}, {"ticket": "2489237", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489237", "description": ""}, {"ticket": "2489239", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489239", "description": ""}, {"ticket": "2489240", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489240", "description": ""}, {"ticket": "2489243", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489243", "description": ""}, {"ticket": "2489244", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489244", "description": ""}, {"ticket": "2489248", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489248", "description": ""}], "cves": [{"name": "CVE-2026-12289", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12289", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-266"}, {"name": "CVE-2026-12290", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12290", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5","cwe": "CWE-823"}, {"name": "CVE-2026-12291", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12291", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-12292", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12292", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}, {"name": "CVE-2026-12294", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12294", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-266"}, {"name": "CVE-2026-12295", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12295", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-653"}, {"name": "CVE-2026-12296", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12296", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-403"}, {"name": "CVE-2026-12297", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12297", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-653"}, {"name": "CVE-2026-12298", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12298", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-843"}, {"name": "CVE-2026-12299", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12299", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-733"}, {"name": "CVE-2026-12302", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12302", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": null}, {"name": "CVE-2026-12304", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12304", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-346"}, {"name": "CVE-2026-12305", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12305", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-12306", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12306", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-12307", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12307", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-12308", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12308", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": null}, {"name": "CVE-2026-12309", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12309", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-12310", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12310", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-12311", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12311", "cvss3ScoringVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-243"}, {"name": "CVE-2026-12312", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12312", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-12313", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12313", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-403"}, {"name": "CVE-2026-12314", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12314", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-12315", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12315", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-807"}, {"name": "CVE-2026-12324", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12324", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "cvss3BaseScore": "3.4", "cwe": "CWE-131"}, {"name": "CVE-2026-12325", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12325", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "cvss3BaseScore": "3.4", "cwe": "CWE-1286"}, {"name": "CVE-2026-12327", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12327", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-12328", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12328", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-12329","sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12329", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": null}, {"name": "CVE-2026-12330", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12330", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-131"}], "references": [], "publishedAt": "2026-06-26T12:03:13.137376Z", "rpms": {"Rocky Linux 9": {"nvras": ["thunderbird-0:140.12.0-1.el9_8.aarch64.rpm", "thunderbird-0:140.12.0-1.el9_8.ppc64le.rpm", "thunderbird-0:140.12.0-1.el9_8.s390x.rpm", "thunderbird-0:140.12.0-1.el9_8.src.rpm", "thunderbird-0:140.12.0-1.el9_8.x86_64.rpm", "thunderbird-debuginfo-0:140.12.0-1.el9_8.aarch64.rpm", "thunderbird-debuginfo-0:140.12.0-1.el9_8.ppc64le.rpm", "thunderbird-debuginfo-0:140.12.0-1.el9_8.s390x.rpm", "thunderbird-debuginfo-0:140.12.0-1.el9_8.x86_64.rpm", "thunderbird-debugsource-0:140.12.0-1.el9_8.aarch64.rpm", "thunderbird-debugsource-0:140.12.0-1.el9_8.ppc64le.rpm", "thunderbird-debugsource-0:140.12.0-1.el9_8.s390x.rpm", "thunderbird-debugsource-0:140.12.0-1.el9_8.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Explore the important thunderbird security update for Rocky Linux, addressing multiple critical issues and vulnerabilities.. thunderbird security update, rocky linux vulnerabilities, sandbox escape issues, memory safety fixes. . Severity: Important. LinuxSecurity.com Team
Jun 26, 2026
•Important
Rocky Linux
219
security advisorydenial of servicepatchRocky Linux 9 RLSA-2026-29455 Buildah Important Denial of Service
Important: buildah security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:29455", "synopsis": "Important: buildah security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for buildah.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. \n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\n* golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters (CVE-2026-39829)\n\n* golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses (CVE-2026-39830)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}, {"ticket": "2456333", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333","description": ""}, {"ticket": "2456338", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "description": ""}, {"ticket": "2456339", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "description": ""}, {"ticket": "2480681", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2480681", "description": ""}, {"ticket": "2480684", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2480684", "description": ""}], "cves": [{"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}, {"name": "CVE-2026-32280", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}, {"name": "CVE-2026-32281", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32281", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-1050"}, {"name": "CVE-2026-32283", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-764"}, {"name": "CVE-2026-39829", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39829", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1284"}, {"name": "CVE-2026-39830", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39830", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-772"}], "references": [],"publishedAt": "2026-06-26T12:03:13.137376Z", "rpms": {"Rocky Linux 9": {"nvras": ["buildah-2:1.43.1-2.el9_8.aarch64.rpm", "buildah-2:1.43.1-2.el9_8.ppc64le.rpm", "buildah-2:1.43.1-2.el9_8.s390x.rpm", "buildah-2:1.43.1-2.el9_8.src.rpm", "buildah-2:1.43.1-2.el9_8.x86_64.rpm", "buildah-debuginfo-2:1.43.1-2.el9_8.aarch64.rpm", "buildah-debuginfo-2:1.43.1-2.el9_8.ppc64le.rpm", "buildah-debuginfo-2:1.43.1-2.el9_8.s390x.rpm", "buildah-debuginfo-2:1.43.1-2.el9_8.x86_64.rpm", "buildah-debugsource-2:1.43.1-2.el9_8.aarch64.rpm", "buildah-debugsource-2:1.43.1-2.el9_8.ppc64le.rpm", "buildah-debugsource-2:1.43.1-2.el9_8.s390x.rpm", "buildah-debugsource-2:1.43.1-2.el9_8.x86_64.rpm", "buildah-tests-2:1.43.1-2.el9_8.aarch64.rpm", "buildah-tests-2:1.43.1-2.el9_8.ppc64le.rpm", "buildah-tests-2:1.43.1-2.el9_8.s390x.rpm", "buildah-tests-2:1.43.1-2.el9_8.x86_64.rpm", "buildah-tests-debuginfo-2:1.43.1-2.el9_8.aarch64.rpm", "buildah-tests-debuginfo-2:1.43.1-2.el9_8.ppc64le.rpm", "buildah-tests-debuginfo-2:1.43.1-2.el9_8.s390x.rpm", "buildah-tests-debuginfo-2:1.43.1-2.el9_8.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important buildah security update for Rocky Linux enhances container image security and resolves several denial of service issues.. Rocky Linux buildah security important update denial of service. . Severity: Important. LinuxSecurity.com Team
Jun 26, 2026
•Important
Rocky Linux
219
security advisorydenial of serviceimportantRocky Linux 9 Runc Important Denial of Service Update RLSA-2026-29702
Important: runc security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:29702", "synopsis": "Important: runc security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for runc.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}, {"ticket": "2456333", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333", "description": ""}, {"ticket": "2456339", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "description": ""}], "cves": [{"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}, {"name": "CVE-2026-32280", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5","cwe": "CWE-770"}, {"name": "CVE-2026-32281", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32281", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-1050"}], "references": [], "publishedAt": "2026-06-26T12:03:13.137376Z", "rpms": {"Rocky Linux 9": {"nvras": ["runc-4:1.4.2-2.el9_8.aarch64.rpm", "runc-4:1.4.2-2.el9_8.ppc64le.rpm", "runc-4:1.4.2-2.el9_8.s390x.rpm", "runc-4:1.4.2-2.el9_8.src.rpm", "runc-4:1.4.2-2.el9_8.x86_64.rpm", "runc-debuginfo-4:1.4.2-2.el9_8.aarch64.rpm", "runc-debuginfo-4:1.4.2-2.el9_8.ppc64le.rpm", "runc-debuginfo-4:1.4.2-2.el9_8.s390x.rpm", "runc-debuginfo-4:1.4.2-2.el9_8.x86_64.rpm", "runc-debugsource-4:1.4.2-2.el9_8.aarch64.rpm", "runc-debugsource-4:1.4.2-2.el9_8.ppc64le.rpm", "runc-debugsource-4:1.4.2-2.el9_8.s390x.rpm", "runc-debugsource-4:1.4.2-2.el9_8.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Explore the important runc security update for Rocky Linux 9, addressing serious vulnerabilities including Denial of Service.. Rocky Linux runc Update security important. . Severity: Important. LinuxSecurity.com Team
Jun 26, 2026
•Important
Rocky Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
Does sandboxing completely stop hackers?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!