An update that solves one vulnerability and has one security fix can now be installed.. # Security update for python311 Announcement ID: SUSE-SU-2026:2723-1 Release Date: 2026-07-01T18:09:22Z Rating: moderate References: * bsc#1258364 * bsc#1261970 Cross-References: * CVE-2026-3446 CVSS scores: * CVE-2026-3446 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-3446 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for python311 fixes the following issues: Security issues fixed: * CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). Other updates and bugfixes: * Rewrite structure of Python interpreter packages. `python3*` symbols should be now provided by real `python3` packages and its subpackages instead of the virtual provides (bsc#1258364). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-2723=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2723=1 ## Package List: * openSUSE Leap 15.4 (aarch64 i586ppc64le s390x x86_64) * python311-core-debugsource-3.11.15-150400.9.88.1 * python311-testsuite-3.11.15-150400.9.88.1 * python311-curses-debuginfo-3.11.15-150400.9.88.1 * python311-doc-devhelp-3.11.15-150400.9.88.1 * python311-dbm-3.11.15-150400.9.88.1 * python311-testsuite-debuginfo-3.11.15-150400.9.88.1 * python311-idle-3.11.15-150400.9.88.1 * python311-debugsource-3.11.15-150400.9.88.1 * python311-tools-3.11.15-150400.9.88.1 * libpython3_11-1_0-3.11.15-150400.9.88.1 * python311-base-3.11.15-150400.9.88.1 * python311-doc-3.11.15-150400.9.88.1 * python311-curses-3.11.15-150400.9.88.1 * python311-devel-3.11.15-150400.9.88.1 * libpython3_11-1_0-debuginfo-3.11.15-150400.9.88.1 * python311-3.11.15-150400.9.88.1 * python311-tk-debuginfo-3.11.15-150400.9.88.1 * python311-tk-3.11.15-150400.9.88.1 * python311-dbm-debuginfo-3.11.15-150400.9.88.1 * python311-debuginfo-3.11.15-150400.9.88.1 * python311-base-debuginfo-3.11.15-150400.9.88.1 * openSUSE Leap 15.4 (x86_64) * libpython3_11-1_0-32bit-debuginfo-3.11.15-150400.9.88.1 * python311-32bit-debuginfo-3.11.15-150400.9.88.1 * python311-base-32bit-debuginfo-3.11.15-150400.9.88.1 * python311-32bit-3.11.15-150400.9.88.1 * libpython3_11-1_0-32bit-3.11.15-150400.9.88.1 * python311-base-32bit-3.11.15-150400.9.88.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libpython3_11-1_0-64bit-debuginfo-3.11.15-150400.9.88.1 * python311-base-64bit-debuginfo-3.11.15-150400.9.88.1 * python311-64bit-3.11.15-150400.9.88.1 * libpython3_11-1_0-64bit-3.11.15-150400.9.88.1 * python311-64bit-debuginfo-3.11.15-150400.9.88.1 * python311-base-64bit-3.11.15-150400.9.88.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python311-base-3.11.15-150400.9.88.1 * python311-3.11.15-150400.9.88.1 * libpython3_11-1_0-3.11.15-150400.9.88.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3446.html *https://bugzilla.suse.com/show_bug.cgi?id=1258364 * https://bugzilla.suse.com/show_bug.cgi?id=1261970 . An important python311 update for openSUSE addresses CVE-2026-3446 with a moderate severity rating.. openSUSE python311 security python update CVE-2026-3446. . LinuxSecurity.com Team
Important: php:7.4 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:34354", "synopsis": "Important: php:7.4 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for module.libzip, php-pear, php-pecl-xdebug, libzip, module.php-pecl-xdebug, php-pecl-rrd, module.php-pecl-apcu, module.php-pecl-rrd, php-pecl-zip, module.php-pecl-zip, module.php-pear, php-pecl-apcu.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* php: php-soap: php-src: PHP SOAP extension: Remote Code Execution via use-after-free vulnerability (CVE-2026-6722)\n\n* PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions (CVE-2026-7258)\n\n* PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation (CVE-2026-6735)\n\n* PHP: PHP SoapServer: Memory corruption and information disclosure via incorrect persistence handling (CVE-2026-7261)\n\n* php: NULL pointer dereference in SOAP apache:Map decoder with missing (CVE-2026-7262)\n\n* php: signed integer overflow in metaphone() (CVE-2026-7568)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2468560", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468560", "description": ""}, {"ticket": "2468561", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468561", "description": ""}, {"ticket": "2468562", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468562", "description": ""}, {"ticket": "2468563","sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468563", "description": ""}, {"ticket": "2468565", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468565", "description": ""}, {"ticket": "2468566", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468566", "description": ""}], "cves": [{"name": "CVE-2026-6722", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6722", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "cvss3BaseScore": "7.7", "cwe": "CWE-825"}, {"name": "CVE-2026-6735", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6735", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss3BaseScore": "5.4", "cwe": "CWE-79"}, {"name": "CVE-2026-7258", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7258", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-839"}, {"name": "CVE-2026-7261", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7261", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss3BaseScore": "5.6", "cwe": "CWE-825"}, {"name": "CVE-2026-7262", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7262", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-476"}, {"name": "CVE-2026-7568", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7568", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-190"}], "references": [], "publishedAt": "2026-07-02T00:01:04.334825Z", "rpms": {"Rocky Linux 8": {"nvras": ["apcu-panel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.noarch.rpm","apcu-panel-0:5.1.18-1.module+el8.10.0+1912+72767185.noarch.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.src.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.src.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1604+6558efc7.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1912+72767185.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1605+02e07af7.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1605+02e07af7.src.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1912+72767185.src.rpm","php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm","php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm","php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important updates for PHP affecting Rocky Linux 8 include security fixes for remote code execution and denial of service issues.. PHP security updates, Rocky Linux security, Remote Code Execution, Denial of Service. . LinuxSecurity.com Team
Important: php:7.4 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:34354", "synopsis": "Important: php:7.4 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for module.libzip, php-pear, php-pecl-xdebug, libzip, module.php-pecl-xdebug, php-pecl-rrd, module.php-pecl-apcu, module.php-pecl-rrd, php-pecl-zip, module.php-pecl-zip, module.php-pear, php-pecl-apcu.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* php: php-soap: php-src: PHP SOAP extension: Remote Code Execution via use-after-free vulnerability (CVE-2026-6722)\n\n* PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions (CVE-2026-7258)\n\n* PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation (CVE-2026-6735)\n\n* PHP: PHP SoapServer: Memory corruption and information disclosure via incorrect persistence handling (CVE-2026-7261)\n\n* php: NULL pointer dereference in SOAP apache:Map decoder with missing (CVE-2026-7262)\n\n* php: signed integer overflow in metaphone() (CVE-2026-7568)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2468560", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468560", "description": ""}, {"ticket": "2468561", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468561", "description": ""}, {"ticket": "2468562", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468562", "description": ""}, {"ticket": "2468563","sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468563", "description": ""}, {"ticket": "2468565", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468565", "description": ""}, {"ticket": "2468566", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468566", "description": ""}], "cves": [{"name": "CVE-2026-6722", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6722", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "cvss3BaseScore": "7.7", "cwe": "CWE-825"}, {"name": "CVE-2026-6735", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6735", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss3BaseScore": "5.4", "cwe": "CWE-79"}, {"name": "CVE-2026-7258", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7258", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-839"}, {"name": "CVE-2026-7261", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7261", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss3BaseScore": "5.6", "cwe": "CWE-825"}, {"name": "CVE-2026-7262", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7262", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-476"}, {"name": "CVE-2026-7568", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7568", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-190"}], "references": [], "publishedAt": "2026-07-02T00:01:04.334825Z", "rpms": {"Rocky Linux 8": {"nvras": ["apcu-panel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.noarch.rpm","apcu-panel-0:5.1.18-1.module+el8.10.0+1912+72767185.noarch.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.src.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.src.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1604+6558efc7.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1912+72767185.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1605+02e07af7.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1605+02e07af7.src.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1912+72767185.src.rpm","php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm","php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm","php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Essential PHP security updates for Rocky Linux address critical vulnerabilities affecting systems. Ensure your installation is protected.. Rocky Linux PHP security update, critical PHP vulnerabilities, PHP remote code execution, server security advisory, PHP denial of service. . LinuxSecurity.com Team
Important: php:7.4 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:34354", "synopsis": "Important: php:7.4 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for module.libzip, php-pear, php-pecl-xdebug, libzip, module.php-pecl-xdebug, php-pecl-rrd, module.php-pecl-apcu, module.php-pecl-rrd, php-pecl-zip, module.php-pecl-zip, module.php-pear, php-pecl-apcu.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* php: php-soap: php-src: PHP SOAP extension: Remote Code Execution via use-after-free vulnerability (CVE-2026-6722)\n\n* PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions (CVE-2026-7258)\n\n* PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation (CVE-2026-6735)\n\n* PHP: PHP SoapServer: Memory corruption and information disclosure via incorrect persistence handling (CVE-2026-7261)\n\n* php: NULL pointer dereference in SOAP apache:Map decoder with missing (CVE-2026-7262)\n\n* php: signed integer overflow in metaphone() (CVE-2026-7568)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2468560", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468560", "description": ""}, {"ticket": "2468561", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468561", "description": ""}, {"ticket": "2468562", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468562", "description": ""}, {"ticket": "2468563","sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468563", "description": ""}, {"ticket": "2468565", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468565", "description": ""}, {"ticket": "2468566", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468566", "description": ""}], "cves": [{"name": "CVE-2026-6722", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6722", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "cvss3BaseScore": "7.7", "cwe": "CWE-825"}, {"name": "CVE-2026-6735", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6735", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss3BaseScore": "5.4", "cwe": "CWE-79"}, {"name": "CVE-2026-7258", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7258", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-839"}, {"name": "CVE-2026-7261", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7261", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss3BaseScore": "5.6", "cwe": "CWE-825"}, {"name": "CVE-2026-7262", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7262", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-476"}, {"name": "CVE-2026-7568", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7568", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-190"}], "references": [], "publishedAt": "2026-07-02T00:01:04.334825Z", "rpms": {"Rocky Linux 8": {"nvras": ["apcu-panel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.noarch.rpm","apcu-panel-0:5.1.18-1.module+el8.10.0+1912+72767185.noarch.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.src.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.src.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1604+6558efc7.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1912+72767185.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1605+02e07af7.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1605+02e07af7.src.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1912+72767185.src.rpm","php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm","php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm","php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Critical updates for php in Rocky Linux 8 addressing remote execution and denial of service vulnerabilities.. Rocky Linux Security, PHP Updates, PHP Vulnerabilities, Remote Code Execution, Denial of Service. . LinuxSecurity.com Team
The 7.0.14-101/201 kernel builds contain a fix for an unprivileged container / jail escape. This has not been assigned a CVE number yet, but a POC is in the wild. The 7.0.14 stable kernel update contains a number of important fixes across the tree.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-35e2185559 2026-07-02 01:07:29.332059+00:00 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 43 Version : 7.0.14 Release : 101.fc43 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package -------------------------------------------------------------------------------- Update Information: The 7.0.14-101/201 kernel builds contain a fix for an unprivileged container / jail escape. This has not been assigned a CVE number yet, but a POC is in the wild. The 7.0.14 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 1 2026 Justin M. Forbes [7.0.14-1] - ipv6: account for fraggap on the paged allocation path (Wongi Lee) - ipv4: account for fraggap on the paged allocation path (Wongi Lee) * Sat Jun 27 2026 Justin M. Forbes [7.0.14-0] - Revert "Input: rmi4 - remove the need for artificial IRQ in case of HID" (Justin M. Forbes) - Linux v7.0.14 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-35e2185559' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Fixed a CORS bug that leaked the anti-CSRF nonce. (#8938) Fixed a use-after-free bug in peer code. (#8921) Fixed build error when compiling with fmt 12.2.0. (#8942) Fix qt icon. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-0ed2011b62 2026-07-02 01:07:29.332055+00:00 -------------------------------------------------------------------------------- Name : transmission Product : Fedora 43 Version : 4.1.3 Release : 1.fc43 URL : http://www.transmissionbt.com Summary : A lightweight GTK+ BitTorrent client Description : Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end. -------------------------------------------------------------------------------- Update Information: Fixed a CORS bug that leaked the anti-CSRF nonce. (#8938) Fixed a use-after-free bug in peer code. (#8921) Fixed build error when compiling with fmt 12.2.0. (#8942) Fix qt icon -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 30 2026 Gwyn Ciesla - 4.1.3-1 - 4.1.3 * Sat Jun 20 2026 Ryan Nosurname - 4.1.2-3 - Remove unnecessary Qt icon rename * Fri Jun 12 2026 Yaakov Selkowitz - 4.1.2-2 - Rebuilt for openssl 4.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2447219 - transmission-qt has no icon https://bugzilla.redhat.com/show_bug.cgi?id=2447219 [ 2 ] Bug #2494743 - transmission-4.1.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2494743 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-0ed2011b62' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to latest upstream version Update to latest upstream version.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-2fb5ca48a2 2026-07-02 01:07:29.332031+00:00 -------------------------------------------------------------------------------- Name : thunderbird Product : Fedora 43 Version : 152.0 Release : 2.fc43 URL : http://www.mozilla.org/projects/thunderbird/ Summary : Mozilla Thunderbird mail/newsgroup client Description : Mozilla Thunderbird is a standalone mail and newsgroup client. -------------------------------------------------------------------------------- Update Information: Update to latest upstream version Update to latest upstream version. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 23 2026 Jan Horak - 152.0-1 - Update to 152.0 * Fri Jun 5 2026 Jan Horak - 151.0.1-1 - Update to 151.0.1 * Thu May 21 2026 Jan Horak - 151.0-1 - Update to 151.0 * Thu May 14 2026 Jan Horak - 150.0.2-1 - Update to 150.0.2 * Tue Apr 28 2026 Jan Horak - 150.0-1 - Update to Thunderbird 150.0 * Tue Apr 14 2026 Jan Horak - 149.0.2-1 - Update to 149.0.2 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2fb5ca48a2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Security update resolving 22 CVEs across both caddy itself and its vendored libraries.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3dc324bd9a 2026-07-02 01:07:29.332017+00:00 -------------------------------------------------------------------------------- Name : caddy Product : Fedora 43 Version : 2.10.2 Release : 9.fc43 URL : https://caddyserver.com Summary : Web server with automatic HTTPS Description : Caddy is an extensible server platform that uses TLS by default. -------------------------------------------------------------------------------- Update Information: Security update resolving 22 CVEs across both caddy itself and its vendored libraries. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 23 2026 Carl George - 2.10.2-9 - Port to new golang packaging guidelines - Backport upstream fix for CVE-2026-27585 - Backport upstream fix for CVE-2026-27586 - Backport upstream fix for CVE-2026-27587 - Backport upstream fix for CVE-2026-27588 - Backport upstream fix for CVE-2026-27589 - Backport upstream fix for CVE-2026-27590 - Backport upstream fix for CVE-2026-30851 - Backport upstream fix for CVE-2026-30852 - Update vendored github.com/quic-go/quic-go to v0.57.0 for CVE-2025-64702 - Update vendored golang.org/x/crypto to v0.52.0 for CVE-2025-47913, CVE-2026-39828, CVE-2026-39829, and CVE-2026-39830 - Update vendored github.com/smallstep/certificates to v0.30.0 for CVE-2025-44005 and CVE-2026-40097 - Update vendored github.com/go-chi/chi/v5 to v5.2.5 for CVE-2025-69725 - Update vendored github.com/yuin/goldmark/renderer/html to v1.7.17 for CVE-2026-5160 * Mon Feb 2 2026 Maxwell G - 2.10.2-5 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 * Fri Jan 16 2026 Fedora Release Engineering - 2.10.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering - 2.10.2-3 -Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Oct 10 2025 Alejandro Sáez - 2.10.2-2 - rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2488094 - CVE-2026-30851 caddy: Caddy: Privilege escalation via identity injection due to unstripped client headers [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488094 [ 2 ] Bug #2488095 - CVE-2026-30852 caddy: Caddy: Information disclosure via double-expansion of user-controlled input [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488095 [ 3 ] Bug #2488141 - CVE-2026-40097 caddy: Step CA: Denial of Service via crafted attestation key certificate [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488141 [ 4 ] Bug #2488502 - CVE-2026-27585 caddy: Caddy: Path security bypass due to unsanitized backslashes [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488502 [ 5 ] Bug #2488503 - CVE-2026-27586 caddy: Caddy: Authentication bypass via mTLS client certificate validation failure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488503 [ 6 ] Bug #2488514 - CVE-2026-27587 caddy: Caddy: Access control bypass due to improper handling of percent-escape sequences in HTTP path matcher [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488514 [ 7 ] Bug #2488516 - CVE-2026-27588 caddy: Caddy: Access control bypass due to case-sensitive host matching [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488516 [ 8 ] Bug #2488517 - CVE-2026-27589 caddy: Caddy: Unauthorized configuration modification via cross-origin requests to the admin API [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488517 [ 9 ] Bug #2488518 - CVE-2026-27590 caddy: Caddy: Remote Code Execution via FastCGI path confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488518 [ 10 ] Bug #2488572 - CVE-2025-47910 caddy: CrossOriginProtection bypass in net/http[fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2488572 [ 11 ] Bug #2488575 - CVE-2025-58185 caddy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2488575 [ 12 ] Bug #2488578 - CVE-2025-58188 caddy: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2488578 [ 13 ] Bug #2488580 - CVE-2025-58189 caddy: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2488580 [ 14 ] Bug #2488582 - CVE-2025-61723 caddy: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2488582 [ 15 ] Bug #2488661 - CVE-2025-64702 caddy: quic-go HTTP/3 QPACK Header Expansion DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488661 [ 16 ] Bug #2488663 - CVE-2025-47913 caddy: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488663 [ 17 ] Bug #2488665 - CVE-2025-44005 caddy: github.com/smallstep/certificates: Authorization bypass allows unauthorized certificate creation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488665 [ 18 ] Bug #2488666 - CVE-2025-69725 caddy: Go-chi/chi: Open Redirect vulnerability allows redirection to malicious websites [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488666 [ 19 ] Bug #2488667 - CVE-2026-5160 caddy: github.com/yuin/goldmark/renderer/html: Cross-site Scripting due to improper URL validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488667 [ 20 ] Bug #2489962 - CVE-2026-39828 caddy: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489962 [ 21 ] Bug #2490067 -CVE-2026-39829 caddy: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490067 [ 22 ] Bug #2490486 - CVE-2026-39830 caddy: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3dc324bd9a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 43 security advisory updating Caddy addressing 22 CVEs with critical risks including DoS and information leaks.. Fedora 43, security advisory, Caddy update, CVE patching, web server security. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.