Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 495
Alerts This Week
Warning Icon 1 495

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 486 articles for you...
89

Fedora 43 k9s Important Update for Libraries 2026-d6f3a0fa5a

Bump golang.org/x/crypto to v0.52.0 and golang.org/x/net to v0.55.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-d6f3a0fa5a 2026-07-10 01:05:32.166944+00:00 -------------------------------------------------------------------------------- Name : k9s Product : Fedora 43 Version : 0.51.0 Release : 2.fc43 URL : https://github.com/derailed/k9s Summary : Kubernetes CLI To Manage Your Clusters In Style Description : Kubernetes CLI To Manage Your Clusters In Style! -------------------------------------------------------------------------------- Update Information: Bump golang.org/x/crypto to v0.52.0 and golang.org/x/net to v0.55.0 -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 7 2026 blinxen - 0.51.0-2 - Bump golang.org/x/crypto to v0.52.0 and golang.org/x/net to v0.55.0 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-d6f3a0fa5a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . The update for k9s on Fedora 43 enhances security by bumping library versions. Essential for maintaining cluster performance.. Fedora k9s update, Kubernetes CLI upgrade, security notification. . LinuxSecurity.com Team

Calendar%202 Jul 09, 2026 Fedora
89

Fedora 43 kind 0.31.0 Important Update for Golang Toolchain 2026-e48c1b5f93

Rebuild with newer golang toolchain. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e48c1b5f93 2026-07-10 01:05:32.166941+00:00 -------------------------------------------------------------------------------- Name : kind Product : Fedora 43 Version : 0.31.0 Release : 4.fc43 URL : https://github.com/kubernetes-sigs/kind Summary : Kubernetes IN Docker Description : Kubernetes IN Docker - local clusters for testing Kubernetes. -------------------------------------------------------------------------------- Update Information: Rebuild with newer golang toolchain -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 7 2026 blinxen - 0.31.0-4 - Rebuild (rhbz#2494326) * Tue Feb 3 2026 Mikel Olasagasti Uranga - 0.31.0-3 - Use correct goipath * Tue Feb 3 2026 Maxwell G - 0.31.0-2 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e48c1b5f93' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fedora 43 update for kind includes improvements with a newer golang toolchain for Kubernetes management.. Fedora Advisory,kubernetes toolchain,kind updating,kubernetes local clusters,golang compatibility. . LinuxSecurity.com Team

Calendar%202 Jul 09, 2026 Fedora
89

Fedora 43 nmap Important Denial of Service Fix CVE-2026-58058

Fix CVE-2026-58058 (rhbz#2494410). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-602d919dbc 2026-07-10 01:05:32.166902+00:00 -------------------------------------------------------------------------------- Name : nmap Product : Fedora 43 Version : 7.92 Release : 8.fc43 URL : http://nmap.org/ Summary : Network exploration tool and security scanner Description : Nmap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), and TCP/IP fingerprinting (remote host operating system identification). Nmap also offers flexible target and port specification, decoy scanning, determination of TCP sequence predictability characteristics, reverse-identd scanning, and more. In addition to the classic command-line nmap executable, the Nmap suite includes a flexible data transfer, redirection, and debugging tool (netcat utility ncat), a utility for comparing scan results (ndiff), and a packet generation and response analysis tool (nping). -------------------------------------------------------------------------------- Update Information: Fix CVE-2026-58058 (rhbz#2494410) -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 1 2026 Martin Osvald - 4:7.92-8 - Fix CVE-2026-58058 (rhbz#2494410) * Wed Aug 13 2025 František Hrdina - 4:7.92-7 - Update of fmf plans -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494410 - CVE-2026-58058 nmap: Nmap: Denial of Service via crafted IPv6 response [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494410 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-602d919dbc' at thecommand line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fix for CVE-2026-58058 in Fedora 43 nmap addresses denial of service flaw via crafted IPv6 response.. nmap security scanner, Fedora advisory, CVE-2026-58058 fix, network exploration tool. . LinuxSecurity.com Team

Calendar%202 Jul 09, 2026 Fedora
89

Fedora 43 python-pendulum Important RUSTSEC Fix Update 2026-e55bcd0c54

Update to 3.2.0 (final). Update PyO3 to 0.29, fixing RUSTSEC-2026-0176 and RUSTSEC-2026-0177.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e55bcd0c54 2026-07-10 01:05:32.166888+00:00 -------------------------------------------------------------------------------- Name : python-pendulum Product : Fedora 43 Version : 3.2.0 Release : 1.fc43 URL : https://pendulum.eustace.io Summary : Python datetimes made easy Description : Unlike other datetime libraries for Python, Pendulum is a drop-in replacement for the standard datetime class (it inherits from it), so, basically, you can replace all your datetime instances by DateTime instances in you code. It also removes the notion of naive datetimes: each Pendulum instance is timezone-aware and by default in UTC for ease of use. -------------------------------------------------------------------------------- Update Information: Update to 3.2.0 (final). Update PyO3 to 0.29, fixing RUSTSEC-2026-0176 and RUSTSEC-2026-0177. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 30 2026 Benjamin A. Beasley - 3.2.0-1 - Update to 3.2.0 (final); Fixes RHBZ#2435482 - Update PyO3 to 0.29 (fixes RUSTSEC-2026-0176, RUSTSEC-2026-0177) * Thu Jun 4 2026 Python Maint - 3.2.0~dev0^20251024git628fd85-3 - Rebuilt for Python 3.15 * Sat Jan 17 2026 Fedora Release Engineering - 3.2.0~dev0^20251024git628fd85-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2435482 - python-pendulum-3.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2435482 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e55bcd0c54' at thecommand line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fedora 43 addresses important RUSTSEC issues on python-pendulum 3.2.0, requiring prompt updates for security.. Fedora security, python-pendulum, update notification, RUSTSEC, package fix. . LinuxSecurity.com Team

Calendar%202 Jul 09, 2026 Fedora
89

Fedora 43 PHP Significant Issue Resolution Notification 2026-f4272d87ef

PHP version 8.4.23 (03 Jul 2026) Core: Fixed bug GH-22280 (Incorrect compile error for goto to label preceding try/finally block). (Pratik Bhujel) BCMath:. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f4272d87ef 2026-07-10 01:05:32.166877+00:00 -------------------------------------------------------------------------------- Name : php Product : Fedora 43 Version : 8.4.23 Release : 1.fc43 URL : http://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. -------------------------------------------------------------------------------- Update Information: PHP version 8.4.23 (03 Jul 2026) Core: Fixed bug GH-22280 (Incorrect compile error for goto to label preceding try/finally block). (Pratik Bhujel) BCMath: Fixed issues with oversized allocations and signed overflow in bcround() and BcMath\Number::round(). (edorian) Date: Fix incorrect recurrence check of DatePeriod::createFromISO8601String(). (ndossche) DOM: Fix GH-22219 (Dom\XMLDocument::schemaValidate fails to resolve xs:QName with prefix from imported schema). (David Carlier) Exif: Read correct value for single and double tags. (ndossche) GD: Fixed bug GH-22121 (Double free in gdImageSetStyle() after overflow-triggered early return). (iliaal) Fixed bug GH-19666 (imageconvolution() unexpected nan filter value). (David Carlier) Fixed bug GH-19739 (imageellipse/imagefilledellipse overflow). (David Carlier) Fixed bug GH-19730 (imageaffine overflow). (David Carlier) Intl: Fix incorrectargument positions for uninitialized calendar arguments in IntlCalendar::equals(), ::before(), ::after(), and ::isEquivalentTo(), and for invalid start/end arguments in transliterator_transliterate(). (Weilin Du) Fixed IntlTimeZone::getDisplayName() to synchronize object error state for invalid display types. (Weilin Du) Fixed Spoofchecker restriction-level APIs to only be exposed with ICU 53 and later. (Graham Campbell) mysqli: Fix stmt-> query leak in mysqli_execute_query() validation errors. (David Carlier) Opcache: Fixed bug GH-20469 (Unsafe inheritance cache replay with reentrant autoloading). (Levi Morrison) OpenSSL: Fixed bug GH-22187 (Memory corruption (zend_mm_heap corrupted) in openssl_encrypt with AES-WRAP-PAD). (David Carlier) Phar: Fixed a bypass of the magic ".phar" directory protection in Phar::addEmptyDir() for paths starting with "/.phar", while allowing non-magic directory names that merely share the ".phar" prefix. (Weilin Du) Reflection: Preserve class-name case in ReflectionClass::getProperty() error messages and autoloading. (jorgsowa) Sqlite: Fix error checks for column retrieval. (ndossche) Zlib: Fixed memory leak if deflate initialization fails and there is a dict. (ndossche) Fixed memory leak in inflate_add(). (ndossche) -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 1 2026 Remi Collet - 8.4.23-1 - Update to 8.4.23 - http://www.php.net/releases/8_4_23.php -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f4272d87ef' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Discover key fixes in PHP 8.4.23 for Fedora 43 including crucial bug fixes to enhance functionality and stability.. PHP update, Fedora advisory, bug fix, software upgrade, server security. . LinuxSecurity.com Team

Calendar%202 Jul 09, 2026 Fedora
89

Fedora 43 tmux Important Use-After-Free Advisory 2026-5060f8da27

update to 3.7, remove upstreamed patch Upstream ChangeLog: https://raw.githubusercontent.com/tmux/tmux/3.7/CHANGES CHANGES FROM 3.6b TO 3.7 Add floating panes. These are panes which sit above the layout ("tiled panes") like popups but unlike popups are not modal and behave like panes (so the same. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-5060f8da27 2026-07-10 01:05:32.166872+00:00 -------------------------------------------------------------------------------- Name : tmux Product : Fedora 43 Version : 3.7 Release : 3.fc43 URL : https://tmux.github.io/ Summary : A terminal multiplexer Description : tmux is a "terminal multiplexer." It enables a number of terminals (or windows) to be accessed and controlled from a single terminal. tmux is intended to be a simple, modern, BSD-licensed alternative to programs such as GNU Screen. -------------------------------------------------------------------------------- Update Information: update to 3.7, remove upstreamed patch Upstream ChangeLog: https://raw.githubusercontent.com/tmux/tmux/3.7/CHANGES CHANGES FROM 3.6b TO 3.7 Add floating panes. These are panes which sit above the layout ("tiled panes") like popups but unlike popups are not modal and behave like panes (so the same escape sequence support). Floating panes are created with the new-pane command, bound to * by default. This is an early release of this feature and they are relatively limited. Currently floating panes can only be moved and resized using the mouse. The default second status line (if status-format is set to 2) has changed to show a list of panes. Many obvious features are not yet available for floating panes (notably the ability to swap floating panes, resize them using resize-pane, change them between floating and tiles, and restore custom layouts with floating panes). Mostly written by Michael Grant with help from Dane Jensen; testing and fixes fromothers. Allow run-shell arguments after a shell command to be expanded as #{1}, #{2} and so on (from Rasmus Thystrup Karstensen in issue 5121). Add -g to kill-session to kill all sessions in a session group (issue 5157 from github at jiku dot jp). Tighten up read-only checks on attach-session, detach-client and switch-client so that a user should be able to only detach their own client (reported by John Walker). Increase escape delay if the buffer contains a partial paste end, fixes issues with at least Windows Terminal (from jing dot empty at gmail.com issue 5088). When mode-keys is set to vi, do not allow the cursor to go into the invisible extra cell to the right of the visible text; this is closer to what vi(1) does (from Max Vim in issue 5070). Add a five second limit on pasting for terminals which mysteriously lose the end sequence if the paste is too big (that is, Terminal.app) (reported by Garri Djavadyan in issue 4527). Show file open errors more sensibly (reported by Meriel Luna Mittelbach in issue 5081). Update supported features list for Foot terminal (from Meriel Luna Mittelbach in issue 5079). Turn off the "is this a paste" guessing if the terminal supports bracket pasting instead (issue 5031). Check FIONREAD for all panes not just piped panes. Add emacs-style recentre-top-bottom command to copy mode (issue 5053 from sinyax75 at gmail dot com). Allow the indicator in tree mode to be customized by two new options: tree-mode- preview-format and tree-mode-preview-style. Fix control client hang on exit after toggling no-output (issue 5049 from Aaron Campbell). Also various other control mode fixes. Add support for line numbers in copy mode. There is a new copy-mode-line-numbers option which may be set to off, default (tmux's normal line numbering where 0 is the top visible line), absolute (first line in history is 1), relative (relative to the cursor) and hybrid (current line is absolute, others relative). Also adds copy-mode-line-number-style andcopy-mode-current-line-number-style to set the style of the line numbers. When copy mode is entered with the mouse, line numbers stay off. From Leo Henon in issue 5025. Make C-[ have the same bindings as Escape for terminals with extended keys where they are different (issue 5035 from Eric Nicolas). Sanitize paste buffer names in paste_set and paste_rename (issue 5032 from Barrett Ruth). Do not hang in run-shell when job_run fails (from Barrett Ruth in issue 5037). Add ability to forward progress bar to outside terminal (issue 4972 from Eric Dorland). Translate keypad keys to text in prompt input (from Barrett Ruth in issue 4996). Sanitize pane titles and window and session names more consistently and strictly, prevents C0 characters and other invisible characters causing problems (reported by Chris Monardo in issue 4999). Make clock visible on terminals without colours (from Manuel Einfalt in issue 5001). Add detach to default session menu (suggested by Przemyslaw Sztoch). Include window format variables for pane notifications (issue 5007 from Saul Nogueras). Limit precision to 100 for formats to stop silly formats from running out of memory, reported by z1281552865 at gmail dot com. Also various other similar changes, mostly found by OSS-Fuzz. Add WAYLAND_DISPLAY to default update-environment (issue 4965). Also some additional XDG_* variables (issue 5169). Add -C flag to command-prompt to match display-message -C (do not freeze panes) (from Barrett Ruth in issue 4978). Cache user from getpwuid because it can be very expensive on some platforms (from Ben Maurer in issue 4973). Add remain-on-exit key to keep pane around until a key is pressed (from Michael Grant). Add some new mouse ranges called "control0" to "control9" and use to add some mouse controls to the pane state line (from Dane Jensen with some bits from Michael Grant). Handle OSC 9;4 progress bar sequence and store in format variables (from Eric Dorland in issue 4954). Correctly size buffer used for parsingclipboard sequences (from Michal Majchrowicz). Limit MSG_COMMAND argument to between 0 and 1000 to prevent a misbehaving client from crashing the server (from Michal Majchrowicz). Reorganize host keys are represented internally so they can be built more easily (from Dane Jensen in issue 4953). Add new fuzzers for command parsing, formats and styles (from David Korczynski in issue 4957). Also fix various issues shown from these. Add bracket_paste_flag format flag (from George Nachman in issue 4951). Use - for hyphens in tmux.1 to cause newer groff versions to render them correctly (from Keith Thompson in issue 4948). Various minor code improvements and fixes from Pavel Lavrukhin (issue 4936 and others). Use window options for cursor-style to avoid crash when no pane (from Arden Packeer in issue 4942). Fix issue where popup window gets overwritten by background updates (from Conor Taylor in issue 4920). Protect against overflow when scrollbar is off screen (from san65384 at gmail dot com in issue 4933). Copy hyperlinks when redrawing popup so they do not vanish (from Antoine Gaudreau Simard in issue 4925). Work around systemd killing panes early during system shutdown by creating dependencies from the panes to the service which started tmux (issue 4926 from Dmitry Torokhov). Allow codepoint-widths to accept ranges (from san65384 at gmail dot com in issue 4930). Add a short builtin help text for each mode accessible with C-h (based on code from Patrick Motard in issue 4751). Draw message as one format, allowing prompts and messages to occupy only a portion of the status bar, overlaying the normal status content rather than replacing the entire line. A new message-format option now controls the entire message (like status-format). The message-style option now need to include "fill" in order to cover the whole width (the default has "fill=yellow"). From Conor Taylor in issue 4861. Add next/previous variables for windows in W: loop (from Conor Taylor in issue 4856). Various bug andmemory leak fixes from Renaud Allard (issue 4916). Add pane_pipe_pid with pipe file descriptor. Make -c work with new-session -A (from Jody Frankowski in issue 4906). Allow copy mode to work for readonly clients, except for copy commands (from Dane Jensen). Pass paste buffer through vis(3) when pasting to prevent buffers containing for example the bracket end sequence causing issues, a new -S flag disables (reported by Mason Davis). Add sorting (-O flag) and a custom format (-F) to list-keys (from Dane Jensen in issue 4845). Add scroll-exit-on, scroll-exit-off, scroll-exit-toggle commands to copy mode (from xcdnlgd at hotmail dot com in issue 4884). Respond to DECRQM 2026 (from David Turnbull in issue 4887) and various others (from Ayman Bagabas in issue 5118). Fix various memory leaks reported by Huihui Huang (issue 4872). Pass which clipboard is set through to the terminal (from Axel Lindskog in issue 4858). Reuse extended entry when clearing RGB cell, to prevent memory growth when cells are repeatedly cleared (from Michael K Darling in issue 4862). Do not write before buffer when parsing empty clipboard or palette replies, or try to allocate zero bytes with an empty clipboard sequence (reported by DongHan Kim). Various bug fixes and code improvements from Conor Taylor (issue 4848). Clear search counts when clearing marks in case of repeated search (reported by Daniel Pereira in issue 4817). Make OSC 52 work in popups (from gogongxt at 163 dot com in issue 4797). Refresh copy mode when style changes (from Josh Cooper in issue 4830). Make sorting code common and add -O for sorting to the list commands (from Dane Jensen in issue 4813). Do not treat cells as empty unless the background colour stays the same, fixes invisible clock in clock mode (reported by Theo Buehler). When history-limit is changed, apply to existing panes, not just new ones (issue 4705). Reevaluate menu and popup styles on each draw to allow them to change when options change (from Josh Cooper in issues 4828and 4829). Handle theme keys earlier so they are processed even if a popup is open (from Josh Cooper in issue 4827). Fix window-size=latest not resizing on switch-client in session groups (from Ilya Grigoriev in issue 4818). Add -e flag to command-prompt to close if empty (from Dane Jensen in issue 4812). Correctly draw indicators when pane-border-indicators is set to both (reported by Ilya Grigoriev in issue 4780). Remember last pane or type of location for double and triple clicks and correctly handle it changes between first and second or second and third (issue 47 -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 28 2026 Filipe Rosset - 3.7-3 - RPMAUTOSPEC: unresolvable merge -------------------------------------------------------------------------------- References: [ 1 ] Bug #2487530 - CVE-2026-11623 tmux: tmux: Use-after-free vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2487530 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-5060f8da27' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update brings new features and a critical fix for a use-after-free issue in tmux on Fedora 43.. tmux security update, Fedora advisory, terminal multiplexer, use-after-free risk. . LinuxSecurity.com Team

Calendar%202 Jul 09, 2026 Fedora
89

Fedora 44 perl-DBI Important Heap Overflow CVE-2026-14739 2026-9fdda5018f

1.650 bump - Fix CVE-2026-14739, CVE-2026-14740 and CVE-2026-14380. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-9fdda5018f 2026-07-10 00:52:14.826398+00:00 -------------------------------------------------------------------------------- Name : perl-DBI Product : Fedora 44 Version : 1.650 Release : 1.fc44 URL : http://dbi.perl.org/ Summary : A database access API for perl Description : DBI is a database access Application Programming Interface (API) for the Perl Language. The DBI API Specification defines a set of functions, variables and conventions that provide a consistent database interface independent of the actual database being used. -------------------------------------------------------------------------------- Update Information: 1.650 bump - Fix CVE-2026-14739, CVE-2026-14740 and CVE-2026-14380 -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 8 2026 Jitka Plesnikova - 1.650-1 - 1.650 bump (rhbz#2497765) - Fix CVE-2026-14739, CVE-2026-14740 and CVE-2026-14380 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2497765 - perl-DBI-1.650 is available https://bugzilla.redhat.com/show_bug.cgi?id=2497765 [ 2 ] Bug #2498112 - CVE-2026-14739 perl-DBI: DBI: Heap overflow when preparsing SQL statements with excessive placeholders [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498112 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9fdda5018f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keysused by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update for perl-DBI in Fedora 44 fixes heap overflow issues related to SQL statement preparation with excessive placeholders.. Fedora perl-DBI heap overflow security advisory update. . LinuxSecurity.com Team

Calendar%202 Jul 09, 2026 Fedora
89

Fedora 44 pam Timing Leak Fix CVE-2026-54411 Security Advisory

pam_userdb: fix password comparison timing leak. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-377015b34b 2026-07-10 00:52:14.826395+00:00 -------------------------------------------------------------------------------- Name : pam Product : Fedora 44 Version : 1.7.2 Release : 2.fc44 URL : http://www.linux-pam.org/ Summary : An extensible library which provides authentication for applications Description : PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication. -------------------------------------------------------------------------------- Update Information: pam_userdb: fix password comparison timing leak -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 8 2026 Iker Pedrosa - 1.7.2-2 - pam_userdb: fix password comparison timing leak Resolves: #2496416 Resolves: CVE-2026-54411 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2496416 - CVE-2026-54411 pam: Plaintext password recovery via timing discrepancy in pam_userdb module [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2496416 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-377015b34b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fix for pam User Database timing leak vulnerability in Fedora 44 requires immediate attention and update.. pam userdb, Fedora 44, timing attack, security update, authentication module. . LinuxSecurity.com Team

Calendar%202 Jul 09, 2026 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200