Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 798 articles for you...
100
security advisorydenial of servicebuffer overflowSUSE GnuTLS Important Buffers Vulnerability Fix Advisory 2026-2366-1
An update that solves three vulnerabilities can now be installed.. # Security update for gnutls Announcement ID: SUSE-SU-2026:2366-1 Release Date: 2026-06-11T09:12:43Z Rating: important References: * bsc#1263704 * bsc#1263705 * bsc#1263708 Cross-References: * CVE-2026-33845 * CVE-2026-33846 * CVE-2026-42009 CVSS scores: * CVE-2026-33845 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33845 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-33845 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-33845 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33846 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33846 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33846 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42009 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42009 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42009 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for gnutls fixes the following issues * CVE-2026-33845: buffers: switch from end_offset over to frag_length (bsc#1263704). * CVE-2026-33846: buffers: add more checks to DTLS reassembly (bsc#1263705). * CVE-2026-42009: lib/buffers: ensure packets have differing sequence numbers (bsc#1263708). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypperpatch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-2366=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2366=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libgnutls30-3.4.17-8.23.1 * libgnutls30-debuginfo-3.4.17-8.23.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (ppc64le s390x x86_64) * gnutls-debugsource-3.4.17-8.23.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libgnutls30-debuginfo-32bit-3.4.17-8.23.1 * libgnutls30-32bit-3.4.17-8.23.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libgnutls30-3.4.17-8.23.1 * libgnutls30-32bit-3.4.17-8.23.1 * libgnutls30-debuginfo-3.4.17-8.23.1 * libgnutls30-debuginfo-32bit-3.4.17-8.23.1 * gnutls-debugsource-3.4.17-8.23.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33845.html * https://www.suse.com/security/cve/CVE-2026-33846.html * https://www.suse.com/security/cve/CVE-2026-42009.html * https://bugzilla.suse.com/show_bug.cgi?id=1263704 * https://bugzilla.suse.com/show_bug.cgi?id=1263705 * https://bugzilla.suse.com/show_bug.cgi?id=1263708 . Crucial update for SUSE GnuTLS addressing multiple issues; recommended installation for system security.. SUSE GnuTLS Update, Security Patch, Important Security Advisory, SUSE Linux Enterprise. . Severity: Important. LinuxSecurity.com Team
Jun 11, 2026
•Important
SuSE
100
security advisorysecurity issuebuffer overflowSUSE Linux Enterprise gnutls Important Update Advisories 2026-2367-1
An update that solves four vulnerabilities can now be installed.. # Security update for gnutls Announcement ID: SUSE-SU-2026:2367-1 Release Date: 2026-06-11T09:12:53Z Rating: important References: * bsc#1263704 * bsc#1263705 * bsc#1263708 Cross-References: * CVE-2025-9820 * CVE-2026-33845 * CVE-2026-33846 * CVE-2026-42009 CVSS scores: * CVE-2025-9820 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-9820 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33845 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33845 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-33845 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-33845 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33846 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33846 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33846 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42009 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42009 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42009 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for gnutls fixes the following issues * CVE-2026-33845: buffers: switch from end_offset over to frag_length (bsc#1263704). * CVE-2026-33846: buffers: add more checks to DTLS reassembly (bsc#1263705). * CVE-2026-42009: lib/buffers: ensure packets have differingsequence numbers (bsc#1263708). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-2367=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2367=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libgnutlsxx-devel-3.3.27-3.18.1 * libgnutls-openssl-devel-3.3.27-3.18.1 * libgnutls28-debuginfo-3.3.27-3.18.1 * libgnutls-openssl27-3.3.27-3.18.1 * gnutls-debugsource-3.3.27-3.18.1 * gnutls-3.3.27-3.18.1 * libgnutls28-3.3.27-3.18.1 * libgnutls-openssl27-debuginfo-3.3.27-3.18.1 * gnutls-debuginfo-3.3.27-3.18.1 * libgnutls-devel-3.3.27-3.18.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libgnutls28-debuginfo-32bit-3.3.27-3.18.1 * libgnutls28-32bit-3.3.27-3.18.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libgnutlsxx-devel-3.3.27-3.18.1 * libgnutls-openssl-devel-3.3.27-3.18.1 * libgnutls28-debuginfo-32bit-3.3.27-3.18.1 * libgnutls28-debuginfo-3.3.27-3.18.1 * libgnutls-openssl27-3.3.27-3.18.1 * gnutls-debugsource-3.3.27-3.18.1 * gnutls-3.3.27-3.18.1 * libgnutls28-3.3.27-3.18.1 * libgnutls-openssl27-debuginfo-3.3.27-3.18.1 * libgnutls28-32bit-3.3.27-3.18.1 * gnutls-debuginfo-3.3.27-3.18.1 * libgnutls-devel-3.3.27-3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2025-9820.html * https://www.suse.com/security/cve/CVE-2026-33845.html * https://www.suse.com/security/cve/CVE-2026-33846.html * https://www.suse.com/security/cve/CVE-2026-42009.html * https://bugzilla.suse.com/show_bug.cgi?id=1263704 * https://bugzilla.suse.com/show_bug.cgi?id=1263705 *https://bugzilla.suse.com/show_bug.cgi?id=1263708 . A critical update is available to address four important security issues in gnutls, enhancing system protection for SUSE users.. SUSE security update, gnutls patch, important security issues, Linux vulnerabilities, system protection. . Severity: Important. LinuxSecurity.com Team
Jun 11, 2026
•Important
SuSE
203
security advisorydenial of servicebuffer overflowMageia 9 gnupg2 Important DoS Buffer Overflow Vulnerability 2026-0197
Security update. Publication date: 11 Jun 2026 URL: https://advisories.mageia.org/MGASA-2026-0197.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-68973, CVE-2026-24882, CVE-2026-24883 Description: CVE-2025-68973, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. CVE-2026-24882, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys. CVE-2026-24883, a long signature packet length causes parse_signature to return success with sig-> data[] set to a NULL value, leading to a denial of service (application crash). Upstream has still not fixed CVE-2025-68972. We will be tracking the solution and providing an update to fix it when possible. References: - https://bugs.mageia.org/show_bug.cgi?id=34934 - https://www.openwall.com/lists/oss-security/2025/12/28/1 - https://ubuntu.com/security/notices/USN-7946-1 - https://www.openwall.com/lists/oss-security/2026/01/27/8 - https://www.openwall.com/lists/oss-security/2026/01/27/11 - https://www.cve.org/CVERecord?id=CVE-2025-68973 - https://www.cve.org/CVERecord?id=CVE-2026-24882 - https://www.cve.org/CVERecord?id=CVE-2026-24883 SRPMS: - 9/core/gnupg2-2.3.8-1.5.mga9 . Critical Mageia security advisory for gnupg2 reveals important fixes for multiple vulnerabilities.. Mageia Security Update, gnupg2 Buffer Overflow, Mageia 9 Threats. . Severity: Important. LinuxSecurity.com Team
Jun 11, 2026
•Important
Mageia
203
security advisorysecurity updateMageiaMageia 9 Erlang-Hex Core Critical Object Injection Flaw CVE-2026-0196
Security update. Publication date: 11 Jun 2026 URL: https://advisories.mageia.org/MGASA-2026-0196.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-21619 Description: Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm hex (mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hex_api.erl, src/mix_hex_api.erl, apps/rebar/src/vendored/r3_hex_api.erl and program routines hex_core:request/4, mix_hex_api:request/4, r3_hex_api:request/4. This issue affects hex_core: from 0.1.0 before 0.12.1; hex: from 2.3.0 before 2.3.2; rebar3: from 3.9.1 before 3.27.0. References: - https://bugs.mageia.org/show_bug.cgi?id=35187 - https://lists.fedoraproject.org/archives/list/
Jun 11, 2026
•Important
Mageia
203
security advisoryimportantinformation disclosureMageia 9 sqlite3 Important Info Disclosure Fix CVE-2025-70873
Security update. Publication date: 11 Jun 2026 URL: https://advisories.mageia.org/MGASA-2026-0195.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-70873 Description: sqlite3 shipped in Mageia 9 lacks ICU support. This update brings sqlite3-icu to allow ICU support be loaded as an optional extension. This update fixes CVE-2025-70873, an information disclosure issue. The zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file. References: - https://bugs.mageia.org/show_bug.cgi?id=35267 - https://lists.opensuse.org/archives/list/
Jun 11, 2026
•Important
Mageia
172
security advisorycriticalUbuntuUbuntu 26.04 Kylin Software Center Critical Privilege Escalation USN-8424-1
Ubuntu Kylin Software Center could be made to run programs as an administrator if it received specially crafted input via its D-Bus service.. ========================================================================== Ubuntu Security Notice USN-8424-1 June 11, 2026 ubuntu-kylin-software-center vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS Summary: Ubuntu Kylin Software Center could be made to run programs as an administrator if it received specially crafted input via its D-Bus service. Software Description: - ubuntu-kylin-software-center: Software maintenance management tools Details: It was discovered that Ubuntu Kylin Software Center incorrectly handled user-supplied input in its D-Bus service. A local attacker could possibly use this issue to gain administrative privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS ubuntu-kylin-software-center 4.5.77.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8424-1 https://launchpad.net/bugs/2154543 Package Information: https://launchpad.net/ubuntu/+source/ubuntu-kylin-software-center/4.5.77.1ubuntu0.1 . Ubuntu Kylin Software Center faced a critical issue allowing admin access through D-Bus, needing urgent action.. Ubuntu Kylin Security, Administrator Privilege Issue, D-Bus Service Risk. . Severity: Critical. LinuxSecurity.com Team
Jun 11, 2026
•Critical
Ubuntu
100
security advisorySuSEremote executionSUSE Linux Micro 5.5 Cockpit Important Remote Execution Issues 2026-2363-1
An update that solves four vulnerabilities can now be installed.. # Security update for cockpit Announcement ID: SUSE-SU-2026:2363-1 Release Date: 2026-06-11T06:54:19Z Rating: important References: * bsc#1257838 * bsc#1258900 * bsc#1259015 * bsc#1265040 Cross-References: * CVE-2026-25547 * CVE-2026-27606 * CVE-2026-27904 * CVE-2026-4802 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27606 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-27606 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27606 ( NVD ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27606 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27904 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27904 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27904 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4802 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4802 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4802 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves four vulnerabilities can now be installed. ## Description: This update for cockpit fixes the following issues * CVE-2026-4802: remote command execution via unsanitized user-controlled parameters within crafted links in system logs UI (bsc#1265040). * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257838). * CVE-2026-27606: rollup: Arbitrary File Write via Path Traversal in Rollup 4 (bsc#1258900). * CVE-2026-27904: minimatch: nested *() extglobs can lead to regular expressions with exponential backtracking complexity and a ReDoS (bsc#1259015). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-2363=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * cockpit-debugsource-298-150500.3.12.1 * cockpit-ws-298-150500.3.12.1 * cockpit-bridge-debuginfo-298-150500.3.12.1 * cockpit-debuginfo-298-150500.3.12.1 * cockpit-bridge-298-150500.3.12.1 * cockpit-ws-debuginfo-298-150500.3.12.1 * cockpit-298-150500.3.12.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * cockpit-selinux-298-150500.3.12.1 * cockpit-system-298-150500.3.12.1 * cockpit-storaged-298-150500.3.12.1 * cockpit-networkmanager-298-150500.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-27606.html * https://www.suse.com/security/cve/CVE-2026-27904.html * https://www.suse.com/security/cve/CVE-2026-4802.html * https://bugzilla.suse.com/show_bug.cgi?id=1257838 * https://bugzilla.suse.com/show_bug.cgi?id=1258900 * https://bugzilla.suse.com/show_bug.cgi?id=1259015 * https://bugzilla.suse.com/show_bug.cgi?id=1265040 . Critical security update for SUSE addressing four important vulnerabilities in cockpit, enhancing system integrity and security.. SUSE cockpit security update vulnerabilities 2026 remote execution.. Severity: Important. LinuxSecurity.com Team
Jun 11, 2026
•Important
SuSE
100
security advisorydenial of serviceSuSESUSE Linux 15-SP7 Xen Important Security Update CVE-2026-42487
An update that solves four vulnerabilities can now be installed.. # Security update for xen Announcement ID: SUSE-SU-2026:2364-1 Release Date: 2026-06-11T06:54:28Z Rating: important References: * bsc#1266952 * bsc#1266953 * bsc#1266955 Cross-References: * CVE-2026-42487 * CVE-2026-42488 * CVE-2026-42489 * CVE-2026-42490 CVSS scores: * CVE-2026-42487 ( SUSE ): 8.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-42487 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-42488 ( SUSE ): 8.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-42488 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-42489 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-42489 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2026-42490 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-42490 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves four vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2026-42487: x86 HVM I/O port list traversal (bsc#1266952). * CVE-2026-42488: x86: mismatched mapcache metadata (bsc#1266955). * CVE-2026-42489,CVE-2026-42490: domctl lock open to abuse (bsc#1266953). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2364=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-2364=1 ## Package List: * Basesystem Module 15-SP7 (x86_64) * xen-libs-debuginfo-4.20.3_06-150700.3.41.1 * xen-tools-domU-debuginfo-4.20.3_06-150700.3.41.1 * xen-libs-4.20.3_06-150700.3.41.1 * xen-tools-domU-4.20.3_06-150700.3.41.1 * xen-debugsource-4.20.3_06-150700.3.41.1 * Server Applications Module 15-SP7 (x86_64) * xen-tools-4.20.3_06-150700.3.41.1 * xen-devel-4.20.3_06-150700.3.41.1 * xen-tools-debuginfo-4.20.3_06-150700.3.41.1 * xen-debugsource-4.20.3_06-150700.3.41.1 * xen-4.20.3_06-150700.3.41.1 * Server Applications Module 15-SP7 (noarch) * xen-tools-xendomains-wait-disk-4.20.3_06-150700.3.41.1 ## References: * https://www.suse.com/security/cve/CVE-2026-42487.html * https://www.suse.com/security/cve/CVE-2026-42488.html * https://www.suse.com/security/cve/CVE-2026-42489.html * https://www.suse.com/security/cve/CVE-2026-42490.html * https://bugzilla.suse.com/show_bug.cgi?id=1266952 * https://bugzilla.suse.com/show_bug.cgi?id=1266953 * https://bugzilla.suse.com/show_bug.cgi?id=1266955 . Install the important security update for xen to fix four vulnerabilities affecting SUSE Linux Enterprise systems.. SUSE Xen Update Security, Important Xen Patch, Linux Security Advisory. . Severity: Important. LinuxSecurity.com Team
Jun 11, 2026
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!