Explore top 10 tips to secure your open-source projects now. Read More
×
Update to 3.28.0 It fixes CVE-2026-57156, CVE-2026-57157 and CVE-2026-57158.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-931f893f1b 2026-07-15 01:03:58.675206+00:00 -------------------------------------------------------------------------------- Name : freerdp Product : Fedora 44 Version : 3.28.0 Release : 1.fc44 URL : http://www.freerdp.com/ Summary : Free implementation of the Remote Desktop Protocol (RDP) Description : The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox. -------------------------------------------------------------------------------- Update Information: Update to 3.28.0 It fixes CVE-2026-57156, CVE-2026-57157 and CVE-2026-57158. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 13 2026 Ondrej Holy - 2:3.28.0-1 - Update to 3.28.0 (CVE-2026-57156, CVE-2026-57157, CVE-2026-57158) Resolves: rhbz#2497324 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2499199 - CVE-2026-57158 freerdp: FreeRDP: Information disclosure via truncated RDPGFX planar payload [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2499199 [ 2 ] Bug #2499200 - CVE-2026-57157 freerdp: FreeRDP: Out-of-bounds read leads to information disclosure and denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2499200 [ 3 ] Bug #2499226 - CVE-2026-57156 freerdp: FreeRDP: Arbitrary code execution or denial of service via integer overflow in RDP message processing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2499226 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnfupgrade --advisory FEDORA-2026-931f893f1b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Kate Deplaix reported that .install file directives were insufficiently restricted in OPAM, a package manager for OCaml. Installing files through .install files did not check symlinks resolution on the target path, which could result in directory traversal out of the package area. For Debian 12 bookworm, this problem has been fixed in version. Debian LTS Advisory DLA-4684-1
Multiple vulnerabilities were discovered in wolfSSL, a lightweight, portable, C-language-based SSL/TLS library, which could result in signature forgery, authentication bypass, information disclosure, or denial of service. CVE-2026-5194. Debian LTS Advisory DLA-4683-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta July 15, 2026 https://wiki.debian.org/LTS Package : wolfssl Version : 5.5.4-2+deb12u3 CVE ID : CVE-2026-5194 CVE-2026-6092 CVE-2026-6094 CVE-2026-6325 CVE-2026-6329 CVE-2026-6331 CVE-2026-6450 CVE-2026-6678 CVE-2026-6681 CVE-2026-6731 CVE-2026-7511 CVE-2026-55961 CVE-2026-55962 CVE-2026-55967 Multiple vulnerabilities were discovered in wolfSSL, a lightweight, portable, C-language-based SSL/TLS library, which could result in signature forgery, authentication bypass, information disclosure, or denial of service. CVE-2026-5194 Missing hash/digest size and OID checks allowed digests smaller than appropriate for the relevant key type to be accepted during ECDSA certificate signature verification, weakening ECDSA certificate-based authentication when EdDSA or ML-DSA support was also enabled. CVE-2026-6092 When configured with HAVE_ENCRYPT_THEN_MAC, the TLS resumption path could fall back to MAC-then-Encrypt instead of enforcing Encrypt-then-MAC. CVE-2026-6094 A heap buffer over-read in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS#7 EnvelopedData could be triggered by attacker-supplied data delivered via S/MIME or CMS. CVE-2026-6325 An out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list allowed a write past the bounds of the destination buffer. CVE-2026-6329 PKCS#12 MAC verification compared the computed HMAC against the stored MAC using an attacker-controlled length, allowing a truncated or zero-length MACto be accepted and defeating the integrity protection of the MAC. CVE-2026-6331 An HMAC zero-length tag forgery in EVP_DigestVerifyFinal allowed a truncated or empty tag to be accepted as a valid signature, because the supplied length was only checked not to exceed the MAC length. CVE-2026-6450 A CRL critical extension bypass in ParseCRL_Extensions allowed a crafted CRL carrying an unhandled critical extension to be accepted. This only affects builds with CRL support enabled. CVE-2026-6678 An integer underflow in wc_PKCS7_DecryptOri when handling crafted OtherRecipientInfo led to incorrect length handling during decryption. CVE-2026-6681 The PKCS#7 decode path ignored the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. CVE-2026-6731 An X.509 name constraint bypass allowed a certificate whose Subject Common Name violated an issuing CA's DNS name constraints to be accepted when the CN was treated as a DNS-type name. CVE-2026-7511 A PKCS7_verify signer confusion issue meant the signer associated with a signature was not correctly bound, permitting a forged signature to be accepted. CVE-2026-55961 wolfSSL_PKCS7_verify() returned success for a degenerate (certs-only) PKCS#7 object containing no signer, so a bundle carrying no valid signature could be reported as verified. This only affects OpenSSL compatibility builds. CVE-2026-55962 A TLS 1.3 post-handshake authentication issue allowed a server to accept a client's Finished message without the client having sent a Certificate and CertificateVerify. This only affects TLS 1.3 servers configured with and actively using post-handshake authentication. CVE-2026-55967 AES-GCM encryption/decryption with extremely large cumulative single message sizes (> 64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse andconsequent plaintext recovery. For Debian 12 bookworm, these problems have been fixed in version 5.5.4-2+deb12u3. We recommend that you upgrade your wolfssl packages. For the detailed security status of wolfssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wolfssl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Multiple vulnerabilities in wolfSSL could lead to serious security risks, including authentication bypass and denial of service.. wolfSSL vulnerabilities, Debian security updates, SSL/TLS library fixes, lightweight security solutions. . LinuxSecurity.com Team
Update to 3.28.0 It fixes CVE-2026-57156, CVE-2026-57157 and CVE-2026-57158.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e2afc3151d 2026-07-15 00:40:37.238800+00:00 -------------------------------------------------------------------------------- Name : freerdp Product : Fedora 43 Version : 3.28.0 Release : 1.fc43 URL : http://www.freerdp.com/ Summary : Free implementation of the Remote Desktop Protocol (RDP) Description : The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox. -------------------------------------------------------------------------------- Update Information: Update to 3.28.0 It fixes CVE-2026-57156, CVE-2026-57157 and CVE-2026-57158. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 13 2026 Ondrej Holy - 2:3.28.0-1 - Update to 3.28.0 (CVE-2026-57156, CVE-2026-57157, CVE-2026-57158) Resolves: rhbz#2497324 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2499199 - CVE-2026-57158 freerdp: FreeRDP: Information disclosure via truncated RDPGFX planar payload [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2499199 [ 2 ] Bug #2499200 - CVE-2026-57157 freerdp: FreeRDP: Out-of-bounds read leads to information disclosure and denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2499200 [ 3 ] Bug #2499226 - CVE-2026-57156 freerdp: FreeRDP: Arbitrary code execution or denial of service via integer overflow in RDP message processing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2499226 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnfupgrade --advisory FEDORA-2026-e2afc3151d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that solves one vulnerability can now be installed.. # Security update for python3-dulwich Announcement ID: SUSE-SU-2026:2984-1 Release Date: 2026-07-14T13:21:03Z Rating: moderate References: * bsc#1268138 Cross-References: * CVE-2026-47734 CVSS scores: * CVE-2026-47734 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-47734 ( NVD ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python3-dulwich fixes the following issues: * CVE-2026-47734: Do not honour receive.maxInputSize to bound received packs (bsc#1268138) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2984=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2984=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python3-dulwich-debugsource-0.20.24-150400.8.1 * python3-dulwich-debuginfo-0.20.24-150400.8.1 * python3-dulwich-0.20.24-150400.8.1 * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * python3-dulwich-debugsource-0.20.24-150400.8.1 * python3-dulwich-debuginfo-0.20.24-150400.8.1 * python3-dulwich-0.20.24-150400.8.1 ## References: * https://www.suse.com/security/cve/CVE-2026-47734.html * https://bugzilla.suse.com/show_bug.cgi?id=1268138 . This advisory details a moderate severity update for python3-dulwich on openSUSE to address a critical security issue.. SUSE update, openSUSE security,python3-dulwich patch, moderate security advisory, CVE-2026-47734. . LinuxSecurity.com Team
An update that solves 11 vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 40 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:2989-1 Release Date: 2026-07-14T15:46:16Z Rating: important References: * bsc#1264094 * bsc#1265117 * bsc#1265197 * bsc#1266015 * bsc#1266265 * bsc#1267206 * bsc#1267698 * bsc#1267723 * bsc#1267893 * bsc#1268662 * bsc#1269023 Cross-References: * CVE-2026-31758 * CVE-2026-43037 * CVE-2026-43366 * CVE-2026-43501 * CVE-2026-45970 * CVE-2026-46120 * CVE-2026-46173 * CVE-2026-46227 * CVE-2026-46243 * CVE-2026-52909 * CVE-2026-52943 CVSS scores: * CVE-2026-31758 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43037 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43366 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43366 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43366 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43501 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-45970 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-45970 ( SUSE ): 7.0CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46173 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46227 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46243 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52909 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52943 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 *SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.166 fixes various security issues The following security issues were fixed: * CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release (bsc#1264094). * CVE-2026-43037: ip6_tunnel: clear skb2-> cb[] in ip4ip6_err() (bsc#1265197). * CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy on recycle (bsc#1265117). * CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (bsc#1266015). * CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down (bsc#1267206). * CVE-2026-46120: ip6_gre: Use cached t-> net in ip6erspan_changelink() (bsc#1267893). * CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task (bsc#1267723). * CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL (bsc#1267698). * CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions (CIFSwitch) (bsc#1266265). * CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device (bsc#1268662). * CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve helpers (bsc#1269023). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-2989=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-2989=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_166-default-2-150500.2.2 *kernel-livepatch-5_14_21-150500_55_166-default-debuginfo-2-150500.2.2 * kernel-livepatch-SLE15-SP5_Update_40-debugsource-2-150500.2.2 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_166-default-2-150500.2.2 * kernel-livepatch-5_14_21-150500_55_166-default-debuginfo-2-150500.2.2 * kernel-livepatch-SLE15-SP5_Update_40-debugsource-2-150500.2.2 ## References: * https://www.suse.com/security/cve/CVE-2026-31758.html * https://www.suse.com/security/cve/CVE-2026-43037.html * https://www.suse.com/security/cve/CVE-2026-43366.html * https://www.suse.com/security/cve/CVE-2026-43501.html * https://www.suse.com/security/cve/CVE-2026-45970.html * https://www.suse.com/security/cve/CVE-2026-46120.html * https://www.suse.com/security/cve/CVE-2026-46173.html * https://www.suse.com/security/cve/CVE-2026-46227.html * https://www.suse.com/security/cve/CVE-2026-46243.html * https://www.suse.com/security/cve/CVE-2026-52909.html * https://www.suse.com/security/cve/CVE-2026-52943.html * https://bugzilla.suse.com/show_bug.cgi?id=1264094 * https://bugzilla.suse.com/show_bug.cgi?id=1265117 * https://bugzilla.suse.com/show_bug.cgi?id=1265197 * https://bugzilla.suse.com/show_bug.cgi?id=1266015 * https://bugzilla.suse.com/show_bug.cgi?id=1266265 * https://bugzilla.suse.com/show_bug.cgi?id=1267206 * https://bugzilla.suse.com/show_bug.cgi?id=1267698 * https://bugzilla.suse.com/show_bug.cgi?id=1267723 * https://bugzilla.suse.com/show_bug.cgi?id=1267893 * https://bugzilla.suse.com/show_bug.cgi?id=1268662 * https://bugzilla.suse.com/show_bug.cgi?id=1269023 . Update now available for openSUSE addressing multiple vulnerabilities in kernel, critical for system security. Install promptly.. openSUSE kernel patch vulnerabilities security update. . LinuxSecurity.com Team
An update that solves 10 vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 54 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:2991-1 Release Date: 2026-07-14T16:05:09Z Rating: important References: * bsc#1264094 * bsc#1265197 * bsc#1266015 * bsc#1266265 * bsc#1267206 * bsc#1267698 * bsc#1267723 * bsc#1267893 * bsc#1268662 * bsc#1269023 Cross-References: * CVE-2026-31758 * CVE-2026-43037 * CVE-2026-43501 * CVE-2026-45970 * CVE-2026-46120 * CVE-2026-46173 * CVE-2026-46227 * CVE-2026-46243 * CVE-2026-52909 * CVE-2026-52943 CVSS scores: * CVE-2026-31758 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43037 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43501 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-45970 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46173 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46227 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46243 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52909 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52943 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for theSUSE Linux Enterprise Kernel 5.14.21-150400.24.219 fixes various security issues The following security issues were fixed: * CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release (bsc#1264094). * CVE-2026-43037: ip6_tunnel: clear skb2-> cb[] in ip4ip6_err() (bsc#1265197). * CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (bsc#1266015). * CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down (bsc#1267206). * CVE-2026-46120: ip6_gre: Use cached t-> net in ip6erspan_changelink() (bsc#1267893). * CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task (bsc#1267723). * CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL (bsc#1267698). * CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions (CIFSwitch) (bsc#1266265). * CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device (bsc#1268662). * CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve helpers (bsc#1269023). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2991=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2991=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_219-default-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_54-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_219-default-debuginfo-2-150400.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_219-default-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_54-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_219-default-debuginfo-2-150400.2.1 ##References: * https://www.suse.com/security/cve/CVE-2026-31758.html * https://www.suse.com/security/cve/CVE-2026-43037.html * https://www.suse.com/security/cve/CVE-2026-43501.html * https://www.suse.com/security/cve/CVE-2026-45970.html * https://www.suse.com/security/cve/CVE-2026-46120.html * https://www.suse.com/security/cve/CVE-2026-46173.html * https://www.suse.com/security/cve/CVE-2026-46227.html * https://www.suse.com/security/cve/CVE-2026-46243.html * https://www.suse.com/security/cve/CVE-2026-52909.html * https://www.suse.com/security/cve/CVE-2026-52943.html * https://bugzilla.suse.com/show_bug.cgi?id=1264094 * https://bugzilla.suse.com/show_bug.cgi?id=1265197 * https://bugzilla.suse.com/show_bug.cgi?id=1266015 * https://bugzilla.suse.com/show_bug.cgi?id=1266265 * https://bugzilla.suse.com/show_bug.cgi?id=1267206 * https://bugzilla.suse.com/show_bug.cgi?id=1267698 * https://bugzilla.suse.com/show_bug.cgi?id=1267723 * https://bugzilla.suse.com/show_bug.cgi?id=1267893 * https://bugzilla.suse.com/show_bug.cgi?id=1268662 * https://bugzilla.suse.com/show_bug.cgi?id=1269023 . Addressing ten security issues in the SUSE Linux Kernel including a critical update that needs immediate attention.. SUSE Linux Kernel, security update, Linux vulnerabilities, important patch, kernel update. . LinuxSecurity.com Team
Several security issues were fixed in Wget.. ========================================================================== Ubuntu Security Notice USN-8543-1 July 14, 2026 wget vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Wget. Software Description: - wget: retrieves files from the web Details: It was discovered that Wget mishandled semicolons in the userinfo subcomponent of a URL. A remote attacker could possibly use this issue to trick a user into connecting to a different host than intended. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-38428) It was discovered that Wget incorrectly handled Metalink documents containing a whitespace-only URL. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-58469) It was discovered that Wget incorrectly handled Content-Range header values, leading to an integer overflow. A remote attacker could possibly use this issue to cause download desynchronization. (CVE-2026-58470) It was discovered that Wget incorrectly handled character set conversion of server-supplied filenames. A remote attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-58471) It was discovered that Wget incorrectly handled HTML attributes requiring entity encoding. A remote attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2026-58472) Update instructions: The problem can be corrected by updating your system tothe following package versions: Ubuntu 26.04 LTS wget 1.25.0-2ubuntu4.2 Ubuntu 24.04 LTS wget 1.21.4-1ubuntu4.3 Ubuntu 22.04 LTS wget 1.21.2-2ubuntu1.3 Ubuntu 20.04 LTS wget 1.20.3-1ubuntu2.1+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS wget 1.19.4-1ubuntu2.2+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS wget 1.17.1-1ubuntu1.5+esm3 Available with Ubuntu Pro Ubuntu 14.04 LTS wget 1.15-1ubuntu1.14.04.5+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8543-1 CVE-2024-38428, CVE-2026-58469, CVE-2026-58470, CVE-2026-58471, CVE-2026-58472 Package Information: https://launchpad.net/ubuntu/+source/wget/1.25.0-2ubuntu4.2 https://launchpad.net/ubuntu/+source/wget/1.21.4-1ubuntu4.3 https://launchpad.net/ubuntu/+source/wget/1.21.2-2ubuntu1.3 . Several security issues were fixed in Wget affecting multiple Ubuntu versions, including critical flaws that may allow remote code execution.. Wget Updates, Ubuntu Security, Remote Attacks, Code Execution, Denial of Service. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.