Explore top 10 tips to secure your open-source projects now. Read More
×rebase to v2.6.0 to fix CVE-2026-54371. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b85570f8e4 2026-07-13 01:03:16.984289+00:00 -------------------------------------------------------------------------------- Name : attr Product : Fedora 43 Version : 2.6.0 Release : 1.fc43 URL : https://savannah.nongnu.org/projects/attr Summary : Utilities for managing filesystem extended attributes Description : A set of tools for manipulating extended attributes on filesystem objects, in particular getfattr(1) and setfattr(1). An attr(1) command is also provided which is largely compatible with the SGI IRIX tool of the same name. -------------------------------------------------------------------------------- Update Information: rebase to v2.6.0 to fix CVE-2026-54371 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 9 2026 Lukáš Zaoral - 2.6.0-1 - rebase to v2.6.0 to fix the following CVEs: - CVE-2026-54371 - Symlink Traversal Privilege Escalation via getfattr (rhbz#2494172) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494172 - CVE-2026-54371 attr: Symlink Traversal Privilege Escalation via getfattr [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494172 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b85570f8e4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update for Fedora 43 to fixCVE-2026-54371 affecting attr utility to prevent privilege escalation.. Fedora update, attr utility, privilege escalation, symlink traversal, system security. . LinuxSecurity.com Team
rebase to v2.4.0 to fix CVE-2026-54369 and CVE-2026-54370 Resolves: CVE-2026-54369 Resolves: CVE-2026-54370. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-67504c329b 2026-07-13 01:03:16.984286+00:00 -------------------------------------------------------------------------------- Name : acl Product : Fedora 43 Version : 2.4.0 Release : 1.fc43 URL : https://savannah.nongnu.org/projects/acl Summary : Access control list utilities Description : This package contains the getfacl and setfacl utilities needed for manipulating access control lists. -------------------------------------------------------------------------------- Update Information: rebase to v2.4.0 to fix CVE-2026-54369 and CVE-2026-54370 Resolves: CVE-2026-54369 Resolves: CVE-2026-54370 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 9 2026 Lukáš Zaoral - 2.4.0-1 - rebase to v2.4.0 to fix the following CVEs: - CVE-2026-54369 - Symlink traversal privilege escalation via libacl functions - CVE-2026-54370 - TOCTOU Symlink Traversal via getfacl/setfacl -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494173 - CVE-2026-54370 acl: TOCTOU Symlink Traversal via getfacl/setfacl [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494173 [ 2 ] Bug #2494174 - CVE-2026-54369 acl: Symlink traversal privilege escalation via libacl functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494174 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-67504c329b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key.More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . This advisory reports critical updates for ACL on Fedora 43, addressing symlink traversal risks with CVE-2026-54369 and CVE-2026-54370.. Access Control List, Fedora security, Symlink Escalation, Critical updates. . LinuxSecurity.com Team
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for perl-CGI-Session ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0240-1 Rating: moderate References: #1269983 Cross-References: CVE-2026-56016 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl-CGI-Session fixes the following issues: - updated to 4.490.0 (4.49) see /usr/share/doc/packages/perl-CGI-Session/Changelog.ini * SECURITY: Strengthen cryptographic randomness of MD5 driver, CVE-2026-56016 (boo#1269983) - Normalize CPAN version See https://github.com/openSUSE/cpanspec/issues/47 for details Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-240=1 Package List: - openSUSE Backports SLE-15-SP7 (noarch): perl-CGI-Session-4.490.0-bp157.2.3.1 References: https://www.suse.com/security/cve/CVE-2026-56016.html https://bugzilla.suse.com/1269983 . Moderate CVE-2026-56016 security fix available for perl-CGI-Session in openSUSE to strengthen cryptographic randomness.. openSUSE Security,CVE-2026-56016,perl-CGI-Session,security update,cryptographic enhancement. . LinuxSecurity.com Team
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for python-social-auth-app-django ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0241-1 Rating: moderate References: #1251851 Cross-References: CVE-2025-61783 CVSS scores: CVE-2025-61783 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-social-auth-app-django fixes the following issues: - CVE-2025-61783: unsafe account association could lead to account compromise (boo#1251851). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-241=1 Package List: - openSUSE Backports SLE-15-SP7 (noarch): python311-social-auth-app-django-5.4.0-bp157.2.3.1 References: https://www.suse.com/security/cve/CVE-2025-61783.html https://bugzilla.suse.com/1251851 . An update for openSUSE addresses a moderate risk in python-social-auth-app-django. Install promptly for account security.. opensuse python-social-auth-app-django account security update moderate risk. . LinuxSecurity.com Team
A series of heap overflows in bitmap/PCF parser code could be used by authenticated attackers to execute code in the X server context. CVE-2026-56001 A heap buffer overflow in BitmapScaleBitmaps in due to an overflowing 32-bit size.. Debian LTS Advisory DLA-4678-1
An update that solves 2 vulnerabilities can now be installed.. # traefik2-2.11.52-1.1 on GA media Announcement ID: openSUSE-SU-2026:11243-1 Rating: moderate Cross-References: * CVE-2026-54763 * CVE-2026-54764 CVSS scores: * CVE-2026-54763 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-54763 ( SUSE ): 7.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N * CVE-2026-54764 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-54764 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the traefik2-2.11.52-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * traefik2 2.11.52-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-54763.html * https://www.suse.com/security/cve/CVE-2026-54764.html . OpenSUSE 2026:11243-1 addresses moderate vulnerabilities in traefik2-2.11.52-1.1 requiring attention for system security.. openSUSE, traefik2, CVE-2026-54763, CVE-2026-54764. . LinuxSecurity.com Team
An update that solves 2 vulnerabilities can now be installed.. # xorg-x11-server-21.1.21-8.1 on GA media Announcement ID: openSUSE-SU-2026:11244-1 Rating: moderate Cross-References: * CVE-2026-55999 * CVE-2026-56000 CVSS scores: * CVE-2026-55999 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-55999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-56000 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-56000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the xorg-x11-server-21.1.21-8.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * xorg-x11-server 21.1.21-8.1 * xorg-x11-server-Xvfb 21.1.21-8.1 * xorg-x11-server-extra 21.1.21-8.1 * xorg-x11-server-sdk 21.1.21-8.1 * xorg-x11-server-source 21.1.21-8.1 * xorg-x11-server-wrapper 21.1.21-8.1 ## References: * https://www.suse.com/security/cve/CVE-2026-55999.html * https://www.suse.com/security/cve/CVE-2026-56000.html . Two vulnerabilities fixed in xorg-x11-server 21.1.21-8.1 on openSUSE Tumbleweed. Updates are now available for installation.. openSUSE Tumbleweed, xorg-x11-server, security fixes. . LinuxSecurity.com Team
An update that solves 28 vulnerabilities can now be installed.. # spectre-meltdown-checker-26.36.0602723-1.1 on GA media Announcement ID: openSUSE-SU-2026:11242-1 Rating: moderate Cross-References: * CVE-2017-5715 * CVE-2017-5753 * CVE-2018-3615 * CVE-2018-3620 * CVE-2018-3640 * CVE-2019-11157 * CVE-2020-0543 * CVE-2020-12965 * CVE-2020-8694 * CVE-2021-26318 * CVE-2022-21123 * CVE-2022-29900 * CVE-2022-29901 * CVE-2023-20569 * CVE-2023-20588 * CVE-2023-23583 * CVE-2023-28746 * CVE-2023-31315 * CVE-2024-28956 * CVE-2024-36350 * CVE-2024-45332 * CVE-2024-56161 * CVE-2024-7881 * CVE-2025-20623 * CVE-2025-24495 * CVE-2025-29943 * CVE-2025-40300 * CVE-2025-54505 CVSS scores: * CVE-2017-5715 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2018-3620 ( SUSE ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2018-3640 ( SUSE ): 4.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2020-0543 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2020-12965 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2020-8694 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-26318 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-21123 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N * CVE-2022-29900 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-29901 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( SUSE ): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-23583 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-31315 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2024-28956 ( SUSE ): 5.6CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2024-28956 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-36350 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2024-45332 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2024-45332 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-56161 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2025-20623 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2025-20623 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-24495 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2025-24495 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2025-40300 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2025-40300 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2025-54505 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-54505 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 28 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the spectre-meltdown-checker-26.36.0602723-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * spectre-meltdown-checker 26.36.0602723-1.1 ## References: * https://www.suse.com/security/cve/CVE-2017-5715.html * https://www.suse.com/security/cve/CVE-2017-5753.html * https://www.suse.com/security/cve/CVE-2018-3615.html * https://www.suse.com/security/cve/CVE-2018-3620.html *https://www.suse.com/security/cve/CVE-2018-3640.html * https://www.suse.com/security/cve/CVE-2019-11157.html * https://www.suse.com/security/cve/CVE-2020-0543.html * https://www.suse.com/security/cve/CVE-2020-12965.html * https://www.suse.com/security/cve/CVE-2020-8694.html * https://www.suse.com/security/cve/CVE-2021-26318.html * https://www.suse.com/security/cve/CVE-2022-21123.html * https://www.suse.com/security/cve/CVE-2022-29900.html * https://www.suse.com/security/cve/CVE-2022-29901.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-23583.html * https://www.suse.com/security/cve/CVE-2023-28746.html * https://www.suse.com/security/cve/CVE-2023-31315.html * https://www.suse.com/security/cve/CVE-2024-28956.html * https://www.suse.com/security/cve/CVE-2024-36350.html * https://www.suse.com/security/cve/CVE-2024-45332.html * https://www.suse.com/security/cve/CVE-2024-56161.html * https://www.suse.com/security/cve/CVE-2024-7881.html * https://www.suse.com/security/cve/CVE-2025-20623.html * https://www.suse.com/security/cve/CVE-2025-24495.html * https://www.suse.com/security/cve/CVE-2025-29943.html * https://www.suse.com/security/cve/CVE-2025-40300.html * https://www.suse.com/security/cve/CVE-2025-54505.html . An update for openSUSE addresses multiple vulnerabilities in spectre-meltdown-checker, enhancing system protection.. openSUSE, spectre meltdown checker, security issues, threats, vulnerabilities. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.