Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 502
Alerts This Week
Warning Icon 1 502

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 493 articles for you...
89

Fedora 43 perl-CSS-Minifier-XS Critical Memory Leak Fix CVE-2026-13593

This package contains the Perl module CSS::Minifier::XS. Versions of the module before 0.14 have a memory leak when the entire document is minified away (CVE-2026-13593). This update brings version 0.15 which fixes this issue.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-abc468979d 2026-07-09 01:07:23.887028+00:00 -------------------------------------------------------------------------------- Name : perl-CSS-Minifier-XS Product : Fedora 43 Version : 0.15 Release : 1.fc43 URL : https://metacpan.org/release/CSS-Minifier-XS Summary : XS based CSS minifier Description : 'CSS::Minifier::XS' is a CSS "minifier". It's designed to remove unnecessary white-space and comments from CSS files, while also *not* breaking the CSS. 'CSS::Minifier::XS' is similar in function to 'CSS::Minifier', but is substantially faster as it's written in XS and not just pure Perl. -------------------------------------------------------------------------------- Update Information: This package contains the Perl module CSS::Minifier::XS. Versions of the module before 0.14 have a memory leak when the entire document is minified away (CVE-2026-13593). This update brings version 0.15 which fixes this issue. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 30 2026 Emmanuel Seyman - 0.15-1 - Update to 0.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494733 - CVE-2026-13593 perl-CSS-Minifier-XS: CSS::Minifier::XS: Memory leak via crafted input leading to Denial of Service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494733 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-abc468979d' at the command line. For more information,refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update for perl-CSS-Minifier-XS in Fedora 43 fixes memory leak issue, ensuring better performance and stability.. Fedora 43 Perl Module Update Memory Leak CSS Minifier. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 Fedora
89

Fedora 43 opkssh Moderate DoS Security Fix 2026-387cf555e7

Update to opkssh 0.15.0. This release fixes several CVEs in bundled/vendored dependencies: CVE-2026-39829: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters CVE-2026-39835: golang.org/x/crypto/ssh: Denial of Service via crafted SSH. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-387cf555e7 2026-07-09 01:07:23.887030+00:00 -------------------------------------------------------------------------------- Name : opkssh Product : Fedora 43 Version : 0.15.0 Release : 2.fc43 URL : https://github.com/openpubkey/opkssh Summary : OpenPubkey SSH Description : OpenPubkey SSH is a tool which enables ssh to be used with OpenID Connect allowing SSH access to be managed via identities like This email address is being protected from spambots. You need JavaScript enabled to view it. instead of long-lived SSH keys. -------------------------------------------------------------------------------- Update Information: Update to opkssh 0.15.0. This release fixes several CVEs in bundled/vendored dependencies: CVE-2026-39829: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters CVE-2026-39835: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate CVE-2026-39833: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation CVE-2026-27145: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries (fixed via the Go toolchain used to build this package) -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 2 2026 Till Hofmann - 0.15.0-2 - Drop obsolete golang.org/x/crypto override * Thu Jul 2 2026 Till Hofmann - 0.15.0-1 - Update to 0.15.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2490078 - CVE-2026-39829 opkssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters[fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490078 [ 2 ] Bug #2492509 - opkssh-0.15.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2492509 [ 3 ] Bug #2493536 - CVE-2026-39835 opkssh: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2493536 [ 4 ] Bug #2494282 - CVE-2026-27145 opkssh: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494282 [ 5 ] Bug #2494472 - CVE-2026-39833 opkssh: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494472 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-387cf555e7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update for Fedora 43 addresses several CVEs related to Denial of Service in opksshdependencies.. Fedora opkssh security update Denial of Service CVE. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 Fedora
89

Fedora 43 python-jiter Important Update for JSON Parser 2026-f774d1a878

Update rust-jiter to 0.16.0, adding a serde Deserializer implementation; update python-jiter to match. Both packages now use PyO3 0.29, with fixes for RUSTSEC-2026-0176 and RUSTSEC-2026-0177.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f774d1a878 2026-07-09 01:07:23.886973+00:00 -------------------------------------------------------------------------------- Name : python-jiter Product : Fedora 43 Version : 0.16.0 Release : 1.fc43 URL : https://github.com/pydantic/jiter Summary : Fast iterable JSON parser Description : Fast iterable JSON parser. -------------------------------------------------------------------------------- Update Information: Update rust-jiter to 0.16.0, adding a serde Deserializer implementation; update python-jiter to match. Both packages now use PyO3 0.29, with fixes for RUSTSEC-2026-0176 and RUSTSEC-2026-0177. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 30 2026 Benjamin A. Beasley - 0.16.0-1 - Update to 0.16.0 upstream release - Resolves: rhbz#2494427 * Sat Jun 20 2026 Benjamin A. Beasley - 0.15.0-3 - Update to PyO3 0.29 * Wed Jun 3 2026 Python Maint - 0.15.0-2 - Rebuilt for Python 3.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494427 - python-jiter-0.16.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2494427 [ 2 ] Bug #2494428 - rust-jiter-0.16.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2494428 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f774d1a878' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label Allpackages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update available for python-jiter 0.16.0 resolving critical JSON parsing issues in Fedora 43 with security notifications.. Fedora, Python, JSON Parsing, Security Update, Package Management. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 Fedora
89

Fedora 43 rust-jiter Important JSON Parsing Update 2026-f774d1a878

Update rust-jiter to 0.16.0, adding a serde Deserializer implementation; update python-jiter to match. Both packages now use PyO3 0.29, with fixes for RUSTSEC-2026-0176 and RUSTSEC-2026-0177.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f774d1a878 2026-07-09 01:07:23.886973+00:00 -------------------------------------------------------------------------------- Name : rust-jiter Product : Fedora 43 Version : 0.16.0 Release : 1.fc43 URL : https://crates.io/crates/jiter Summary : Fast Iterable JSON parser Description : Fast Iterable JSON parser. -------------------------------------------------------------------------------- Update Information: Update rust-jiter to 0.16.0, adding a serde Deserializer implementation; update python-jiter to match. Both packages now use PyO3 0.29, with fixes for RUSTSEC-2026-0176 and RUSTSEC-2026-0177. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 30 2026 Benjamin A. Beasley - 0.16.0-1 - Update to version 0.16.0; Fixes RHBZ#2494428 * Sat Jun 20 2026 Benjamin A. Beasley - 0.15.0-2 - Update to PyO3 0.29 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494427 - python-jiter-0.16.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2494427 [ 2 ] Bug #2494428 - rust-jiter-0.16.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2494428 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f774d1a878' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by theFedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update rust-jiter to version 0.16.0 on Fedora 43, enhancing JSON parsing capabilities with fixes for identified issues.. Fedora 43 rust-jiter update fast iterable JSON parser. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 Fedora
89

Fedora OpenSSH Serious Denial of Service and Heap Vulnerabilities Issues

Improve GSS KEX algorithms documentation CVE-2026-55653: Fix double free in openssh DH-GEX client path during FIPS known- group validation that leads to client-side denial of service CVE-2026-55654: Fix heap out-of-bounds read during GSSAPI indicator cleanup due to missing NULL terminator. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a80275b42d 2026-07-09 00:54:37.609381+00:00 -------------------------------------------------------------------------------- Name : openssh Product : Fedora 44 Version : 10.2p1 Release : 12.fc44 URL : http://www.openssh.com/portable.html Summary : An open source implementation of SSH protocol version 2 Description : SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. -------------------------------------------------------------------------------- Update Information: Improve GSS KEX algorithms documentation CVE-2026-55653: Fix double free in openssh DH-GEX client path during FIPS known- group validation that leads to client-side denial of service CVE-2026-55654: Fix heap out-of-bounds read during GSSAPI indicator cleanup due to missing NULL terminator CVE-2026-55655: Fix MITM of X11 forwarding via abstract UNIX socket pre-binding -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 7 2026 Dmitry Belyavskiy -10.2p1-12 - Improve GSS KEX algorithms documentation Patches are submitted by This email address is being protected from spambots. You need JavaScript enabled to view it. Resolves: rhbz#2241564 * Tue Jul 7 2026 Zoltan Fridrich - 10.2p1-11 - CVE-2026-55653: Fix double free in openssh DH-GEX client path during FIPS known-group validation that leads to client-side denial of service - CVE-2026-55654: Fix heap out-of-bounds read during GSSAPI indicator cleanup due to missing NULL terminator - CVE-2026-55655: Fix MITM of X11 forwarding via abstract UNIX socket pre-binding - Remove duplicate manpage entries from ssh(1) Resolves: rhbz#2442505 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2241564 - KexAlgorithms accepts gss-* algorithms in certain cases, but it is completely unclear what this does https://bugzilla.redhat.com/show_bug.cgi?id=2241564 [ 2 ] Bug #2442505 - 0043-openssh-8.7p1-ssh-manpage.patch introduces duplicates in documentation https://bugzilla.redhat.com/show_bug.cgi?id=2442505 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a80275b42d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines ListArchives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical advisories for Fedora OpenSSH address denial of service and heap overflow issues for 2026 updates.. Fedora OpenSSH Critical Updates, Denial of Service Fixes, Security Advisory 2026. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 Fedora
89

Fedora 44 Upower Moderate Access Control Fix FEDORA-2026-e5305cffc2

upower 1.91.3: Feature: up-device-battery: Prefer "Standard" over "Fast" charging (!316 (merged), #344 (closed)) Fix: Resolve potential leaks (!327 (merged)) Fix: Potential out-of-bound access (!328 (merged)). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e5305cffc2 2026-07-09 00:54:37.609376+00:00 -------------------------------------------------------------------------------- Name : upower Product : Fedora 44 Version : 1.91.3 Release : 1.fc44 URL : https://upower.freedesktop.org/ Summary : Power Management Service Description : UPower (formerly DeviceKit-power) provides a daemon, API and command line tools for managing power devices attached to the system. -------------------------------------------------------------------------------- Update Information: upower 1.91.3: Feature: up-device-battery: Prefer "Standard" over "Fast" charging (!316 (merged), #344 (closed)) Fix: Resolve potential leaks (!327 (merged)) Fix: Potential out-of-bound access (!328 (merged)) Fix: Improve access control (!326 (merged)) Fix: Remove unused codes (!329 (merged)) Fix: Fix for Asus Battery Charge Threshold Detection (!330 (merged), #347 (closed)) -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 7 2026 Peter Robinson - 1.91.3-1 - Update to 1.91.3 (fixes rhbz#2496407 rhbz#2414589) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2414589 - Settings > Power > Battery Charging: "Preserve Battery Health" can't be set persistently when BIOS Admin Password (a.k.a Setup Password) is set. https://bugzilla.redhat.com/show_bug.cgi?id=2414589 [ 2 ] Bug #2496407 - upower-1.91.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2496407 -------------------------------------------------------------------------------- This update can be installed with the"dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e5305cffc2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Explore the latest Fedora update for upower 1.91.3 addressing leaks and out-of-bounds access concerns.. Fedora Update, UPower Security, Out-of-Bounds Access, Power Management, Security Advisory. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 Fedora
89

Fedora 44 opkssh 0.15.0 Important Denial of Service Vulnern 2026-a7570524a7

Update to opkssh 0.15.0. This release fixes several CVEs in bundled/vendored dependencies: CVE-2026-39829: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters CVE-2026-39835: golang.org/x/crypto/ssh: Denial of Service via crafted SSH. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a7570524a7 2026-07-09 00:54:37.609359+00:00 -------------------------------------------------------------------------------- Name : opkssh Product : Fedora 44 Version : 0.15.0 Release : 2.fc44 URL : https://github.com/openpubkey/opkssh Summary : OpenPubkey SSH Description : OpenPubkey SSH is a tool which enables ssh to be used with OpenID Connect allowing SSH access to be managed via identities like This email address is being protected from spambots. You need JavaScript enabled to view it. instead of long-lived SSH keys. -------------------------------------------------------------------------------- Update Information: Update to opkssh 0.15.0. This release fixes several CVEs in bundled/vendored dependencies: CVE-2026-39829: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters CVE-2026-39835: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate CVE-2026-39833: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation CVE-2026-27145: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries (fixed via the Go toolchain used to build this package) -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 2 2026 Till Hofmann - 0.15.0-2 - Drop obsolete golang.org/x/crypto override * Thu Jul 2 2026 Till Hofmann - 0.15.0-1 - Update to 0.15.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2490078 - CVE-2026-39829 opkssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters[fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490078 [ 2 ] Bug #2492509 - opkssh-0.15.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2492509 [ 3 ] Bug #2493536 - CVE-2026-39835 opkssh: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2493536 [ 4 ] Bug #2494282 - CVE-2026-27145 opkssh: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494282 [ 5 ] Bug #2494472 - CVE-2026-39833 opkssh: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494472 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a7570524a7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . The opkssh 0.15.0 update for Fedora 44 resolves critical Denial of Service issuesaffecting its dependencies.. Denial of Service, Fedora updates, opkssh security, package management, Linux security. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 Fedora
89

Fedora 44 perl-CSS-Minifier-XS Important Memory Leak Fix CVE-2026-13593

This package contains the Perl module CSS::Minifier::XS. Versions of the module before 0.14 have a memory leak when the entire document is minified away (CVE-2026-13593). This update brings version 0.15 which fixes this issue.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-9f14575d85 2026-07-09 00:54:37.609348+00:00 -------------------------------------------------------------------------------- Name : perl-CSS-Minifier-XS Product : Fedora 44 Version : 0.15 Release : 1.fc44 URL : https://metacpan.org/release/CSS-Minifier-XS Summary : XS based CSS minifier Description : 'CSS::Minifier::XS' is a CSS "minifier". It's designed to remove unnecessary white-space and comments from CSS files, while also *not* breaking the CSS. 'CSS::Minifier::XS' is similar in function to 'CSS::Minifier', but is substantially faster as it's written in XS and not just pure Perl. -------------------------------------------------------------------------------- Update Information: This package contains the Perl module CSS::Minifier::XS. Versions of the module before 0.14 have a memory leak when the entire document is minified away (CVE-2026-13593). This update brings version 0.15 which fixes this issue. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 30 2026 Emmanuel Seyman - 0.15-1 - Update to 0.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494733 - CVE-2026-13593 perl-CSS-Minifier-XS: CSS::Minifier::XS: Memory leak via crafted input leading to Denial of Service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494733 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9f14575d85' at the command line. For more information,refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . This update for Fedora 44 addresses a critical memory leak in perl-CSS-Minifier-XS, enhancing system security.. Fedora 44, perl CSS Minifier, security advisory, memory leak, Denial of Service. . LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200