Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":50,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 424 articles for you...
89

Fedora 44 tmux 3.7b Use After Free Bug Advisory 2026-f5dd9fb83f

fdf6afc update to 3.7b fixes rhbz#2498485 CHANGES FROM 3.7a TO 3.7b Fix so that the end of a synchronized update again triggers a redraw. CHANGES FROM 3.7 TO 3.7a Fix crash in break-pane when no name is provided.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f5dd9fb83f 2026-07-11 01:06:30.201379+00:00 -------------------------------------------------------------------------------- Name : tmux Product : Fedora 44 Version : 3.7b Release : 2.fc44 URL : https://tmux.github.io/ Summary : A terminal multiplexer Description : tmux is a "terminal multiplexer." It enables a number of terminals (or windows) to be accessed and controlled from a single terminal. tmux is intended to be a simple, modern, BSD-licensed alternative to programs such as GNU Screen. -------------------------------------------------------------------------------- Update Information: fdf6afc update to 3.7b fixes rhbz#2498485 CHANGES FROM 3.7a TO 3.7b Fix so that the end of a synchronized update again triggers a redraw. CHANGES FROM 3.7 TO 3.7a Fix crash in break-pane when no name is provided. Scrollbar options are now cached rather than being looked up for every redraw (issue 5298). Only forbid #( in names, allow #[, empty names, : and . -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 9 2026 Filipe Rosset - 3.7b-2 - fix 3.7b build * Thu Jul 9 2026 Filipe Rosset - 3.7b-1 - update to 3.7b fixes rhbz#2498485 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2487530 - CVE-2026-11623 tmux: tmux: Use-after-free vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2487530 [ 2 ] Bug #2498485 - update to 3.7b https://bugzilla.redhat.com/show_bug.cgi?id=2498485 -------------------------------------------------------------------------------- Thisupdate can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f5dd9fb83f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Recent Fedora update for tmux addresses bugs, including a use-after-free issue. Installation instructions included.. Fedora update, tmux patch, use-after-free bug, terminal multiplexer, software upgrade. . LinuxSecurity.com Team

Calendar%202 Jul 10, 2026 Fedora
89

Fedora 44 sssd Severe Use After Free and Path Traversal Vulnerabilities

CVE fixes: CVE-2026-12610 CVE-2026-14474 CVE-2026-14476 - rhbz#2494777: CVE-2026-12610 sssd: Use-after-free crash in SSSD' 'sssd_pam' process - rhbz#2497650: CVE-2026-14476 sssd: sssd: GPO cache path traversal via unsanitized. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-5acfb0243b 2026-07-11 01:06:30.201372+00:00 -------------------------------------------------------------------------------- Name : sssd Product : Fedora 44 Version : 2.13.1 Release : 2.fc44 URL : https://github.com/SSSD/sssd/ Summary : System Security Services Daemon Description : Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA. The sssd subpackage is a meta-package that contains the daemon as well as all the existing back ends. -------------------------------------------------------------------------------- Update Information: CVE fixes: CVE-2026-12610 CVE-2026-14474 CVE-2026-14476 - rhbz#2494777: CVE-2026-12610 sssd: Use-after-free crash in SSSD' 'sssd_pam' process - rhbz#2497650: CVE-2026-14476 sssd: sssd: GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication bypass - rhbz#2497651: CVE-2026-14474 sssd: sssd: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 8 2026 Sumit Bose - 2.13.1-2 - CVE fixes: CVE-2026-12610 CVE-2026-14474 CVE-2026-14476 - rhbz#2494777: CVE-2026-12610 sssd: Use-after-free crash in SSSD' 'sssd_pam' process - rhbz#2497650: CVE-2026-14476 sssd: sssd: GPO cache path traversal via unsanitizedgPCFileSysPath allows Kerberos authentication bypass - rhbz#2497651: CVE-2026-14474 sssd: sssd: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494777 - CVE-2026-12610 sssd: Use-after-free crash in SSSD' 'sssd_pam' process [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494777 [ 2 ] Bug #2497650 - CVE-2026-14476 sssd: sssd: GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2497650 [ 3 ] Bug #2497651 - CVE-2026-14474 sssd: sssd: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2497651 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-5acfb0243b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam,report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical updates for Fedora 44 addressing use-after-free crashes and authentication flaws in sssd software.. Fedora security update, sssd patches, system access flaws, PAM interface issues. . LinuxSecurity.com Team

Calendar%202 Jul 10, 2026 Fedora
89

Fedora 44 attr Critical Symlink Traversal Escalation Vuln CVE-2026-54371

rebase to v2.6.0 to fix CVE-2026-54371. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-daa458d11d 2026-07-11 01:06:30.201361+00:00 -------------------------------------------------------------------------------- Name : attr Product : Fedora 44 Version : 2.6.0 Release : 1.fc44 URL : https://savannah.nongnu.org/projects/attr Summary : Utilities for managing filesystem extended attributes Description : A set of tools for manipulating extended attributes on filesystem objects, in particular getfattr(1) and setfattr(1). An attr(1) command is also provided which is largely compatible with the SGI IRIX tool of the same name. -------------------------------------------------------------------------------- Update Information: rebase to v2.6.0 to fix CVE-2026-54371 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 9 2026 Lukáš Zaoral - 2.6.0-1 - rebase to v2.6.0 to fix the following CVEs: - CVE-2026-54371 - Symlink Traversal Privilege Escalation via getfattr (rhbz#2494172) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494172 - CVE-2026-54371 attr: Symlink Traversal Privilege Escalation via getfattr [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494172 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-daa458d11d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 44 update for attraddresses critical symlink traversal risk via CVE-2026-54371. Apply the update immediately.. Fedora update,Critical security,Attr symlink risk. . LinuxSecurity.com Team

Calendar%202 Jul 10, 2026 Fedora
89

Fedora 44 acl Critical Symlink Traversal Fix FEDORA-2026-6b9a652463

rebase to v2.4.0 to fix CVE-2026-54369 and CVE-2026-54370 Resolves: CVE-2026-54369 Resolves: CVE-2026-54370. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-6b9a652463 2026-07-11 01:06:30.201359+00:00 -------------------------------------------------------------------------------- Name : acl Product : Fedora 44 Version : 2.4.0 Release : 1.fc44 URL : https://savannah.nongnu.org/projects/acl Summary : Access control list utilities Description : This package contains the getfacl and setfacl utilities needed for manipulating access control lists. -------------------------------------------------------------------------------- Update Information: rebase to v2.4.0 to fix CVE-2026-54369 and CVE-2026-54370 Resolves: CVE-2026-54369 Resolves: CVE-2026-54370 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 9 2026 Lukáš Zaoral - 2.4.0-1 - rebase to v2.4.0 to fix the following CVEs: - CVE-2026-54369 - Symlink traversal privilege escalation via libacl functions - CVE-2026-54370 - TOCTOU Symlink Traversal via getfacl/setfacl -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494173 - CVE-2026-54370 acl: TOCTOU Symlink Traversal via getfacl/setfacl [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494173 [ 2 ] Bug #2494174 - CVE-2026-54369 acl: Symlink traversal privilege escalation via libacl functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494174 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6b9a652463' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key.More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Critical Fedora 44 acl update since it fixes symlink privilege escalation issues to enhance system security.. Fedora acl update, privilege escalation, symlink vulnerability. . LinuxSecurity.com Team

Calendar%202 Jul 10, 2026 Fedora
89

Fedora 44 python-pillow Denial of Service Vuln 2026-46c4892063

Fix CVE-2026-55380, CVE-2026-54060, CVE-2026-54059, CVE-2026-55379, CVE-2026-55798. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-46c4892063 2026-07-11 01:06:30.201352+00:00 -------------------------------------------------------------------------------- Name : python-pillow Product : Fedora 44 Version : 12.3.0 Release : 1.fc44 URL : http://python-pillow.github.io/ Summary : Python image processing library Description : Python image processing library, fork of the Python Imaging Library (PIL) This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt), devel (development) and doc (documentation). -------------------------------------------------------------------------------- Update Information: Fix CVE-2026-55380, CVE-2026-54060, CVE-2026-54059, CVE-2026-55379, CVE-2026-55798 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 2 2026 Sandro Mani - 12.3.0-1 - Update to 12.3.0 * Wed Jun 3 2026 Python Maint - 12.2.0-2 - Rebuilt for Python 3.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2497649 - CVE-2026-55379 python-pillow: Pillow: Denial of Service via crafted BDF font file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2497649 [ 2 ] Bug #2497660 - CVE-2026-55380 python-pillow: Pillow: Denial of Service via crafted GD 2.x image file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2497660 [ 3 ] Bug #2497665 - CVE-2026-54060 python-pillow: Pillow: Denial of Service via excessive memory allocation when processing font files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2497665 [ 4 ] Bug #2497682 - CVE-2026-54059 python-pillow: Pillow:Denial of Service via crafted PCF font data [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2497682 [ 5 ] Bug #2497699 - CVE-2026-55798 python-pillow: Pillow: Arbitrary command injection via shell metacharacters in file paths [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2497699 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-46c4892063' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . This update addresses critical issues in Python Pillow library, preventing denial of service and command injection risks.. python pillow update, fedora security, denial of service fix, critical security update, python library vulnerabilities. . LinuxSecurity.com Team

Calendar%202 Jul 10, 2026 Fedora
89

Fedora 44 cjson Moderate Out-of-Bounds Access Issues FEDORA-2026-0c3f6c7c67

Update to version 1.7.19. https://github.com/DaveGamble/cJSON/blob/v1.7.19/CHANGELOG.md. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-0c3f6c7c67 2026-07-11 01:06:30.201347+00:00 -------------------------------------------------------------------------------- Name : cjson Product : Fedora 44 Version : 1.7.19 Release : 1.fc44 URL : https://github.com/DaveGamble/cJSON Summary : Ultralightweight JSON parser in ANSI C Description : cJSON aims to be the dumbest possible parser that you can get your job done with. It's a single file of C, and a single header file. -------------------------------------------------------------------------------- Update Information: Update to version 1.7.19. https://github.com/DaveGamble/cJSON/blob/v1.7.19/CHANGELOG.md -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 1 2026 Carl George - 1.7.19-1 - Update to version 1.7.19 rhbz#2394084 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2495843 - CVE-2025-57052 cjson: out-of-bounds access in decode_array_index_from_pointer() in cJSON_Utils.c via crafted JSON pointer strings [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2495843 [ 2 ] Bug #2495846 - CVE-2023-26819 cjson: cJSON rejects a valid text [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2495846 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-0c3f6c7c67' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . The Fedora 44 security advisory discusses cjson update 1.7.19 addressing moderate severity vulnerabilities and their impact.. Fedora cJSON update security advisory out-of-bounds access JSON parser. . LinuxSecurity.com Team

Calendar%202 Jul 10, 2026 Fedora
89

Fedora 44 JFrog-CLI Important Denial Of Service Issues 2026-a5e27945f7

Update to 2.112.0.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a5e27945f7 2026-07-11 01:06:30.201345+00:00 -------------------------------------------------------------------------------- Name : jfrog-cli Product : Fedora 44 Version : 2.112.0 Release : 1.fc44 URL : https://github.com/jfrog/jfrog-cli Summary : CLI to automate access to JFrog products Description : JFrog CLI is a client that provides a simple interface that automates access to the JFrog products. -------------------------------------------------------------------------------- Update Information: Update to 2.112.0. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 2 2026 Simone Caronni - 2.112.0-1 - Update to 2.112.0 * Tue Jun 30 2026 Simone Caronni - 2.111.0-1 - Update to 2.111.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2486209 - CVE-2026-45287 jfrog-cli: OpenTelemetry-Go: Denial of Service due to file descriptor leak [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486209 [ 2 ] Bug #2486291 - CVE-2026-45287 jfrog-cli: OpenTelemetry-Go: Denial of Service due to file descriptor leak [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486291 [ 3 ] Bug #2489886 - CVE-2026-39828 jfrog-cli: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489886 [ 4 ] Bug #2489892 - CVE-2026-39828 jfrog-cli: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489892 [ 5 ] Bug #2490031 - CVE-2026-39829 jfrog-cli: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490031 [ 6 ] Bug #2490064 - CVE-2026-39829 jfrog-cli: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490064 [ 7 ] Bug #2490392 - CVE-2026-39830 jfrog-cli: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490392 [ 8 ] Bug #2490478 - CVE-2026-39830 jfrog-cli: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490478 [ 9 ] Bug #2493082 - CVE-2026-39832 jfrog-cli: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2493082 [ 10 ] Bug #2493369 - jfrog-cli-2.112.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2493369 [ 11 ] Bug #2493527 - CVE-2026-39835 jfrog-cli: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2493527 [ 12 ] Bug #2493565 - CVE-2026-41567 jfrog-cli: Moby/Docker Engine: Arbitrary Code Execution via malicious container image and compressed archive upload [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2493565 [ 13 ] Bug #2494437 - CVE-2026-39833 jfrog-cli: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494437 [ 14 ] Bug #2496444 - CVE-2026-47262 jfrog-cli: containerd: Denial of Service via maliciously crafted image leading to unbounded group parsing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2496444 [ 15 ] Bug #2496513 - CVE-2026-44740 jfrog-cli: Billy: Denial of Service via crafted input due to insufficient validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2496513 [ 16 ] Bug #2496560 - CVE-2026-53492 jfrog-cli: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2496560 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a5e27945f7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical updates for jfrog-cli 2.112.0 in Fedora 44 address Denial of Service issues and security bypass risks.. Fedora 44,jfrog-cli,security update,Denial of Service. . LinuxSecurity.com Team

Calendar%202 Jul 10, 2026 Fedora
89

Fedora 44 perl-HTML-Gumbo Critical Information Disclosure 2026-75010c7f44

This package provides the Perl module HTML::Gumbo. Versions before 0.19 disclose heap memory via type confusion. Support for the element was added to libgumbo 0.10.0 in 2015, but the walk_tree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen() over-reads the heap block that the. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-75010c7f44 2026-07-11 01:06:30.201339+00:00 -------------------------------------------------------------------------------- Name : perl-HTML-Gumbo Product : Fedora 44 Version : 0.19 Release : 1.fc44 URL : https://metacpan.org/dist/HTML-Gumbo Summary : HTML5 parser based on gumbo C library Description : Gumbo is an implementation of the HTML5 parsing algorithm implemented as a pure C99 library with no outside dependencies. -------------------------------------------------------------------------------- Update Information: This package provides the Perl module HTML::Gumbo. Versions before 0.19 disclose heap memory via type confusion. Support for the element was added to libgumbo 0.10.0 in 2015, but the walk_tree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen() over-reads the heap block that the pointer addresses. -------------------------------------------------------------------------------- ChangeLog: * Sat May 30 2026 Emmanuel Seyman - 0.19-1 - Update to 0.19 - Update dependencies - Use /usr/bin/perl instead of %{__perl} -------------------------------------------------------------------------------- References: [ 1 ] Bug #2496536 - CVE-2025-15646 perl-HTML-Gumbo: HTML::Gumbo: Information disclosure through HTML template processing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2496536 -------------------------------------------------------------------------------- This update can beinstalled with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-75010c7f44' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Heap memory exposure issue in perl-HTML-Gumbo leads to potential information disclosure in Fedora 44. Update recommended.. Fedora Security, perl-HTML-Gumbo, information disclosure, heap memory, software update. . LinuxSecurity.com Team

Calendar%202 Jul 10, 2026 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":50,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200