Explore top 10 tips to secure your open-source projects now. Read More
×MGASA-2026-0145 - Updated firefox & thunderbird packages fix security vulnerabilities. MGASA-2026-0145 - Updated firefox & thunderbird packages fix security vulnerabilities Publication date: 16 May 2026 URL: https://advisories.mageia.org/MGASA-2026-0145.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-62813, CVE-2026-32776, CVE-2026-32777, CVE-2026-32778, CVE-2026-8090, CVE-2026-8092, CVE-2026-8094 Description: LZ4 compression library issue. (CVE-2025-62813) libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. (CVE-2026-32776) libexpat before 2.7.5 allows an infinite loop while parsing DTD content. (CVE-2026-32777) libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. (CVE-2026-32778) Use-after-free in the DOM: Networking component. (CVE-2026-8090) Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2, Firefox 150.0.2, Thunderbird ESR 140.10.2 and Thunderbird 150.0.2. (CVE-2026-8092) Another issue in the WebRTC component. (CVE-2026-8094) References: - https://bugs.mageia.org/show_bug.cgi?id=35508 - https://www.firefox.com/en-US/firefox/140.10.2/releasenotes/ - https://www.thunderbird.net/en-US/thunderbird/140.10.2esr/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa2026-41/ - https://www.mozilla.org/en-US/security/advisories/mfsa2026-44/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32776 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32777 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32778 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8090 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8092 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8094 SRPMS: - 9/core/firefox-140.10.2-1.mga9 - 9/core/firefox-l10n-140.10.2-1.mga9 - 9/core/thunderbird-140.10.2-1.mga9 -9/core/thunderbird-l10n-140.10.2-1.mga9 . Updated Firefox and Thunderbird packages address multiple security issues in Mageia 9. Critical fixes for memory safety and DTD parsing.. Firefox security patch, Mageia 9 advisory, software vulnerability fix, libexpat exploit, memory safety issues. . LinuxSecurity.com Team
An update that solves 4 vulnerabilities can now be installed.. # perl-Net-CIDR-Lite-0.240.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10780-1 Rating: moderate Cross-References: * CVE-2026-40198 * CVE-2026-40199 * CVE-2026-45190 * CVE-2026-45191 CVSS scores: * CVE-2026-40198 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-40199 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-45190 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-45191 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Tumbleweed An update that solves 4 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the perl-Net-CIDR-Lite-0.240.0-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * perl-Net-CIDR-Lite 0.240.0-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40198.html * https://www.suse.com/security/cve/CVE-2026-40199.html * https://www.suse.com/security/cve/CVE-2026-45190.html * https://www.suse.com/security/cve/CVE-2026-45191.html . Discover an update for perl-Net-CIDR-Lite addressing 4 moderate issues on openSUSE Tumbleweed. Act now for protection.. openSUSE update, perl-Net-CIDR-Lite, moderate security issue, Linux vulnerabilities. . LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # keylime-config-7.14.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10779-1 Rating: moderate Cross-References: * CVE-2026-6420 CVSS scores: * CVE-2026-6420 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L * CVE-2026-6420 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the keylime-config-7.14.2-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * keylime-config 7.14.2-1.1 * keylime-firewalld 7.14.2-1.1 * keylime-logrotate 7.14.2-1.1 * keylime-registrar 7.14.2-1.1 * keylime-tenant 7.14.2-1.1 * keylime-tpm_cert_store 7.14.2-1.1 * keylime-verifier 7.14.2-1.1 * python311-keylime 7.14.2-1.1 * python313-keylime 7.14.2-1.1 * python314-keylime 7.14.2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-6420.html . Resolve a moderate issue in keylime-config on openSUSE Tumbleweed with this latest update aimed at improving security.. openSUSE update, keylime-config security, software threat management, moderate CVSS score, security patch. . LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # perl-libwww-perl-6.830.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10781-1 Rating: moderate Cross-References: * CVE-2026-8368 CVSS scores: * CVE-2026-8368 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-8368 ( SUSE ): 6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the perl-libwww-perl-6.830.0-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * perl-libwww-perl 6.830.0-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-8368.html . This advisory details a moderate security update for perl-libwww-perl on openSUSE, addressing CVE-2026-8368 risks.. openSUSE Perl Library Security Update, CVE-2026-8368, Moderate Risk Warning. . LinuxSecurity.com Team
Multiple vulnerabilities were discoverd in Nginx, a high-performance web and reverse proxy server, which could result in bypass of authorisation rules or rate limits, denial of service or memory disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 1.22.1-9+deb12u7.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6278-1
A vulnerability has been discovered in the Linux kernel that may lead to information leaks or local privilege escalation. For Debian 11 bullseye, this problem has been fixed in version 5.10.251-5. We recommend that you upgrade your linux packages.. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4587-1
MGASA-2026-0144 - Updated dpkg packages fix security vulnerabilities. MGASA-2026-0144 - Updated dpkg packages fix security vulnerabilities Publication date: 16 May 2026 URL: https://advisories.mageia.org/MGASA-2026-0144.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-2219 Description: It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU). References: - https://bugs.mageia.org/show_bug.cgi?id=35489 - https://lists.opensuse.org/archives/list/
MGASA-2026-0143 - Updated golang packages fix security vulnerabilities. MGASA-2026-0143 - Updated golang packages fix security vulnerabilities Publication date: 16 May 2026 URL: https://advisories.mageia.org/MGASA-2026-0143.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-27142, CVE-2026-25679, CVE-2026-27139, CVE-2026-27140, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289 Description: We are moving to a supported branch as ver. 1.24 reaches EOL. This update comes with the security vulnerabilities fixed in the 1.25 branch. Please see the links for details. References: - https://bugs.mageia.org/show_bug.cgi?id=35181 - https://www.openwall.com/lists/oss-security/2026/05/08/20 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27142 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27139 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27140 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27143 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27144 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32281 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32288 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32289 SRPMS: - 9/core/golang-1.25.10-1.mga9 . Updated golang packages in Mageia address multiple security flaws effectively. Essential patching guidance included.. Mageia advisories, golang updates, security patches. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.