Explore top 10 tips to secure your open-source projects now. Read More
×Important: python3.12 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:39893", "synopsis": "Important: python3.12 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for python3.12.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations (CVE-2026-15308)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2498608", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2498608", "description": ""}], "cves": [{"name": "CVE-2026-15308", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-15308", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-835"}], "references": [], "publishedAt": "2026-07-16T00:01:09.519027Z", "rpms": {"Rocky Linux 8": {"nvras": ["python3.12-0:3.12.13-3.el8_10.aarch64.rpm", "python3.12-0:3.12.13-3.el8_10.i686.rpm", "python3.12-0:3.12.13-3.el8_10.src.rpm", "python3.12-0:3.12.13-3.el8_10.x86_64.rpm", "python3.12-debug-0:3.12.13-3.el8_10.aarch64.rpm", "python3.12-debug-0:3.12.13-3.el8_10.i686.rpm", "python3.12-debug-0:3.12.13-3.el8_10.x86_64.rpm", "python3.12-debuginfo-0:3.12.13-3.el8_10.aarch64.rpm","python3.12-debuginfo-0:3.12.13-3.el8_10.i686.rpm", "python3.12-debuginfo-0:3.12.13-3.el8_10.x86_64.rpm", "python3.12-debugsource-0:3.12.13-3.el8_10.aarch64.rpm", "python3.12-debugsource-0:3.12.13-3.el8_10.i686.rpm", "python3.12-debugsource-0:3.12.13-3.el8_10.x86_64.rpm", "python3.12-devel-0:3.12.13-3.el8_10.aarch64.rpm", "python3.12-devel-0:3.12.13-3.el8_10.i686.rpm", "python3.12-devel-0:3.12.13-3.el8_10.x86_64.rpm", "python3.12-idle-0:3.12.13-3.el8_10.aarch64.rpm", "python3.12-idle-0:3.12.13-3.el8_10.i686.rpm", "python3.12-idle-0:3.12.13-3.el8_10.x86_64.rpm", "python3.12-libs-0:3.12.13-3.el8_10.aarch64.rpm", "python3.12-libs-0:3.12.13-3.el8_10.i686.rpm", "python3.12-libs-0:3.12.13-3.el8_10.x86_64.rpm", "python3.12-rpm-macros-0:3.12.13-3.el8_10.noarch.rpm", "python3.12-test-0:3.12.13-3.el8_10.aarch64.rpm", "python3.12-test-0:3.12.13-3.el8_10.i686.rpm", "python3.12-test-0:3.12.13-3.el8_10.x86_64.rpm", "python3.12-tkinter-0:3.12.13-3.el8_10.aarch64.rpm", "python3.12-tkinter-0:3.12.13-3.el8_10.i686.rpm", "python3.12-tkinter-0:3.12.13-3.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. An important security update for python3.12 in Rocky Linux addresses a denial of service issue. Update recommended.. Rocky Linux, python3.12, Denial Of Service, Important Security, Update. . Severity: Important. LinuxSecurity.com Team
Important: nodejs:24 security, bug fix, and enhancement update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:39868", "synopsis": "Important: nodejs:24 security, bug fix, and enhancement update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for nodejs, module.nodejs, nodejs-packaging, nodejs-nodemon, module.nodejs-packaging, module.nodejs-nodemon.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (CVE-2026-42338)\n\n* undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames (CVE-2026-12151)\n\n* undici: Undici: Information disclosure due to improper cache-control header parsing (CVE-2026-9678)\n\n* undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery. (CVE-2026-6733)\n\n* undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header (CVE-2026-11525)\n\n* undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy (CVE-2026-9697)\n\n* undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing (CVE-2026-6734)\n\n* nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames (CVE-2026-48619)\n\n* nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling (CVE-2026-48930)\n\n* nodejs: Node.js: Unauthorized file metadata modification (CVE-2026-48935)\n\n* nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt() (CVE-2026-48933)\n\n* nodejs: Node.js: Certification validation bypass in TLS host verification(CVE-2026-48934)\n\n* Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency (CVE-2026-48928)\n\n* nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling (CVE-2026-48615)\n\n* nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch (CVE-2026-48618)\n\nBug Fix(es) and Enhancement(s):\n\n* nodejs:24/nodejs: Rebase to the latest Node.js 24 release [rhel-8] (JIRA:Rocky Linux-168744)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2476810", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810", "description": ""}, {"ticket": "2489980", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980", "description": ""}, {"ticket": "2490000", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000", "description": ""}, {"ticket": "2490006", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2490006", "description": ""}, {"ticket": "2490008", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2490008", "description": ""}, {"ticket": "2490018", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018", "description": ""}, {"ticket": "2490024", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2490024", "description": ""}, {"ticket": "2493325", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325", "description": ""}, {"ticket": "2493326", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326", "description": ""}, {"ticket": "2493329", "sourceBy": "Red Hat", "sourceLink":"https://bugzilla.redhat.com/show_bug.cgi?id=2493329", "description": ""}, {"ticket": "2493331", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331", "description": ""}, {"ticket": "2493332", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332", "description": ""}, {"ticket": "2493333", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333", "description": ""}, {"ticket": "2493335", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335", "description": ""}, {"ticket": "2493337", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337", "description": ""}], "cves": [{"name": "CVE-2026-11525", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11525", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss3BaseScore": "3.7", "cwe": "CWE-1286"}, {"name": "CVE-2026-12151", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12151", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}, {"name": "CVE-2026-42338", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42338", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss3BaseScore": "8.1", "cwe": "CWE-79"}, {"name": "CVE-2026-48615", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48615", "cvss3ScoringVector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3BaseScore": "5.9", "cwe": "CWE-209"}, {"name": "CVE-2026-48618", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48618", "cvss3ScoringVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "cvss3BaseScore": "7.7", "cwe": "CWE-289"}, {"name": "CVE-2026-48619", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48619", "cvss3ScoringVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss3BaseScore": "5.3", "cwe": "CWE-770"}, {"name": "CVE-2026-48928", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48928", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "cvss3BaseScore": "4.2", "cwe": "CWE-289"}, {"name": "CVE-2026-48930", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48930", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss3BaseScore": "5.6", "cwe": "CWE-170"}, {"name": "CVE-2026-48933", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48933", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}, {"name": "CVE-2026-48934", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48934", "cvss3ScoringVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss3BaseScore": "4.3", "cwe": "CWE-295"}, {"name": "CVE-2026-48935", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48935", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss3BaseScore": "3.3", "cwe": "CWE-279"}, {"name": "CVE-2026-6733", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6733", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss3BaseScore": "3.7", "cwe": "CWE-940"}, {"name": "CVE-2026-6734", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6734", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-940"}, {"name": "CVE-2026-9678", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9678", "cvss3ScoringVector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3BaseScore": "5.9", "cwe": "CWE-1286"}, {"name": "CVE-2026-9697", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9697", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss3BaseScore": "7.4", "cwe": "CWE-295"}], "references": [], "publishedAt": "2026-07-16T00:01:09.519027Z", "rpms": {"Rocky Linux 8": {"nvras": ["nodejs-1:24.18.0-1.module+el8.10.0+40252+a58646bc.aarch64.rpm", "nodejs-1:24.18.0-1.module+el8.10.0+40252+a58646bc.src.rpm", "nodejs-1:24.18.0-1.module+el8.10.0+40252+a58646bc.x86_64.rpm", "nodejs-debuginfo-1:24.18.0-1.module+el8.10.0+40252+a58646bc.aarch64.rpm", "nodejs-debuginfo-1:24.18.0-1.module+el8.10.0+40252+a58646bc.x86_64.rpm", "nodejs-debugsource-1:24.18.0-1.module+el8.10.0+40252+a58646bc.aarch64.rpm", "nodejs-debugsource-1:24.18.0-1.module+el8.10.0+40252+a58646bc.x86_64.rpm", "nodejs-devel-1:24.18.0-1.module+el8.10.0+40252+a58646bc.aarch64.rpm", "nodejs-devel-1:24.18.0-1.module+el8.10.0+40252+a58646bc.x86_64.rpm", "nodejs-docs-1:24.18.0-1.module+el8.10.0+40252+a58646bc.noarch.rpm", "nodejs-full-i18n-1:24.18.0-1.module+el8.10.0+40252+a58646bc.aarch64.rpm", "nodejs-full-i18n-1:24.18.0-1.module+el8.10.0+40252+a58646bc.x86_64.rpm", "nodejs-libs-1:24.18.0-1.module+el8.10.0+40252+a58646bc.aarch64.rpm", "nodejs-libs-1:24.18.0-1.module+el8.10.0+40252+a58646bc.x86_64.rpm", "nodejs-libs-debuginfo-1:24.18.0-1.module+el8.10.0+40252+a58646bc.aarch64.rpm", "nodejs-libs-debuginfo-1:24.18.0-1.module+el8.10.0+40252+a58646bc.x86_64.rpm", "nodejs-nodemon-0:3.0.3-1.module+el8.10.0+2084+ab509703.noarch.rpm", "nodejs-nodemon-0:3.0.3-1.module+el8.10.0+2084+ab509703.src.rpm", "nodejs-packaging-0:2021.06-6.module+el8.10.0+40172+38f6fdd1.noarch.rpm", "nodejs-packaging-0:2021.06-6.module+el8.10.0+40048+6d99f608.noarch.rpm", "nodejs-packaging-0:2021.06-6.module+el8.10.0+40171+8fa9c325.noarch.rpm", "nodejs-packaging-0:2021.06-6.module+el8.10.0+40171+8fa9c325.src.rpm","nodejs-packaging-0:2021.06-6.module+el8.10.0+40172+38f6fdd1.src.rpm", "nodejs-packaging-0:2021.06-6.module+el8.10.0+40048+6d99f608.src.rpm", "nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+40171+8fa9c325.noarch.rpm", "nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+40048+6d99f608.noarch.rpm", "nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+40172+38f6fdd1.noarch.rpm", "npm-1:11.16.0-1.24.18.0.1.module+el8.10.0+40252+a58646bc.noarch.rpm", "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el8.10.0+40252+a58646bc.aarch64.rpm", "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el8.10.0+40252+a58646bc.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Critical security updates for nodejs on Rocky Linux 8 resolve multiple issues including Denial of Service and XSS vulnerabilities. Prompt action recommended.. Rocky Linux nodejs security update, security advisories nodejs, nodejs vulnerabilities details, Rockylinux security fixes. . Severity: Important. LinuxSecurity.com Team
Important: perl-XML-LibXML security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:39878", "synopsis": "Important: perl-XML-LibXML security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for perl-XML-LibXML.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "This module implements a Perl interface to the GNOME libxml2 library which provides interfaces for parsing and manipulating XML files. This module allows Perl programmers to make use of the highly capable validating XML parser and the high performance DOM implementation.\n\nSecurity Fix(es):\n\n* perl-XML-LibXML: XML::LibXML: Denial of Service via truncated UTF-8 in XML node names (CVE-2026-8177)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2468684", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468684", "description": ""}], "cves": [{"name": "CVE-2026-8177", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8177", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-125"}], "references": [], "publishedAt": "2026-07-16T00:01:09.519027Z", "rpms": {"Rocky Linux 8": {"nvras": ["perl-XML-LibXML-1:2.0132-3.el8_10.aarch64.rpm", "perl-XML-LibXML-1:2.0132-3.el8_10.src.rpm", "perl-XML-LibXML-1:2.0132-3.el8_10.x86_64.rpm", "perl-XML-LibXML-debuginfo-1:2.0132-3.el8_10.aarch64.rpm", "perl-XML-LibXML-debuginfo-1:2.0132-3.el8_10.x86_64.rpm", "perl-XML-LibXML-debugsource-1:2.0132-3.el8_10.aarch64.rpm", "perl-XML-LibXML-debugsource-1:2.0132-3.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}.A crucial security update is released for perl-XML-LibXML on Rocky Linux addressing denial of service issues.. Rocky Linux perl-XML-LibXML security Denial of Service. . Severity: Important. LinuxSecurity.com Team
Several security issues were fixed in .NET.. ========================================================================== Ubuntu Security Notice USN-8553-1 July 15, 2026 dotnet8, dotnet10 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in .NET. Software Description: - dotnet10: .NET CLI tools and runtime - dotnet8: .NET CLI tools and runtime Details: Artur Stetsko discovered that the .NET did not properly validate authentication data. An attacker could possibly use this issue to elevate privileges. (CVE-2026-47300) Levi Broderick discovered that .NET did not properly handle XML encryption during parsing. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. (CVE-2026-47302) Pham Quang Minh discovered that .NET did not properly parse authentication data. An attacker could possibly use this issue to bypass authentication and elevate privileges. (CVE-2026-47303) Levi Broderick discovered that .NET did not properly verify cryptographic signatures during XML encryption. An attacker could possibly use this issue to bypass security features over a network and access encrypted data. (CVE-2026-47304) It was discovered that .NET did not properly validate input during TLS handshakes. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. (CVE-2026-50524) Levi Broderick discovered that .NET did not properly handle resource allocation during XML encryption. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. (CVE-2026-50525) Siwei Li discovered that .NET did not properly handle link resolution before file access during the container image build process. A local attacker could possibly use this issue to inject resources that could be incorporatedinto container images built by other users on the same machine. (CVE-2026-50526) Levi Broderick discovered that .NET did not properly handle memory while performing XML encryption. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. (CVE-2026-50527) Henrique Pereira discovered that .NET did not properly handle authorization checks during TLS/SSL connections. An attacker could possibly use this issue to bypass authorization checks during secure communications. (CVE-2026-50528) It was discovered that .NET did not properly handle resource allocation during XML encryption. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. (CVE-2026-50648) Miha Zupan discovered that .NET did not properly limit resource allocation when handling HTTP/2 requests. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. (CVE-2026-50651) It was discovered that the .NET SMTP client did not properly handle the encoding or escaping of output. An attacker could possibly use this issue to spoof messages during message routing. (CVE-2026-50659) It was discovered that .NET did not properly validate resource types when parsing X.509 certificates. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. (CVE-2026-57108) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS aspnetcore-runtime-10.0 10.0.10-0ubuntu1~26.04.1 dotnet-host-10.0 10.0.10-0ubuntu1~26.04.1 dotnet-hostfxr-10.0 10.0.10-0ubuntu1~26.04.1 dotnet-runtime-10.0 10.0.10-0ubuntu1~26.04.1 dotnet-sdk-10.0 10.0.110-0ubuntu1~26.04.1 dotnet-sdk-aot-10.0 10.0.110-0ubuntu1~26.04.1 dotnet10 10.0.110-10.0.10-0ubuntu1~26.04.1 Ubuntu 24.04 LTS aspnetcore-runtime-10.0 10.0.10-0ubuntu1~24.04.1 aspnetcore-runtime-8.0 8.0.29-0ubuntu1~24.04.1 dotnet-host-10.0 10.0.10-0ubuntu1~24.04.1 dotnet-host-8.0 8.0.29-0ubuntu1~24.04.1 dotnet-hostfxr-10.0 10.0.10-0ubuntu1~24.04.1 dotnet-hostfxr-8.0 8.0.29-0ubuntu1~24.04.1 dotnet-runtime-10.0 10.0.10-0ubuntu1~24.04.1 dotnet-runtime-8.0 8.0.29-0ubuntu1~24.04.1 dotnet-sdk-10.0 10.0.110-0ubuntu1~24.04.1 dotnet-sdk-8.0 8.0.129-0ubuntu1~24.04.1 dotnet-sdk-aot-10.0 10.0.110-0ubuntu1~24.04.1 dotnet10 10.0.110-10.0.10-0ubuntu1~24.04.1 dotnet8 8.0.129-8.0.29-0ubuntu1~24.04.1 Ubuntu 22.04 LTS aspnetcore-runtime-8.0 8.0.29-0ubuntu1~22.04.1 dotnet-host-8.0 8.0.29-0ubuntu1~22.04.1 dotnet-hostfxr-8.0 8.0.29-0ubuntu1~22.04.1 dotnet-runtime-8.0 8.0.29-0ubuntu1~22.04.1 dotnet-sdk-8.0 8.0.129-0ubuntu1~22.04.1 dotnet8 8.0.129-8.0.29-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8553-1 CVE-2026-47300, CVE-2026-47302, CVE-2026-47303, CVE-2026-47304, CVE-2026-50524, CVE-2026-50525, CVE-2026-50526, CVE-2026-50527, CVE-2026-50528, CVE-2026-50648, CVE-2026-50651, CVE-2026-50659, CVE-2026-57108 Package Information: https://launchpad.net/ubuntu/+source/dotnet10/10.0.110-10.0.10-0ubuntu1~26.04.1 https://launchpad.net/ubuntu/+source/dotnet10/10.0.110-10.0.10-0ubuntu1~24.04.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.129-8.0.29-0ubuntu1~24.04.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.129-8.0.29-0ubuntu1~22.04.1 . Multiple security issues addressed in .NET affecting Ubuntu distributions. Immediate updates recommended for safety.. Ubuntu Security, .NET Update, Privilege Escalation, Denial of Service, Security Fixes. . Severity: Important. LinuxSecurity.com Team
Release notes for xrdp v0.10.6.1 (2026/07/06) General announcements This release fixes 10 vulnerabilities and 1 regression introduced by a vulnerability fix in the previous release. If you like xrdp, please consider sponsoring or donating to the project. We. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-bd0a75766f 2026-07-16 01:28:35.510767+00:00 -------------------------------------------------------------------------------- Name : xrdp Product : Fedora 43 Version : 0.10.6.1 Release : 1.fc43 URL : http://www.xrdp.org/ Summary : Open source remote desktop protocol (RDP) server Description : xrdp provides a fully functional RDP server compatible with a wide range of RDP clients, including FreeRDP and Microsoft RDP client. -------------------------------------------------------------------------------- Update Information: Release notes for xrdp v0.10.6.1 (2026/07/06) General announcements This release fixes 10 vulnerabilities and 1 regression introduced by a vulnerability fix in the previous release. If you like xrdp, please consider sponsoring or donating to the project. We accept financial contributions through Open Collective, and direct donations to individual developers via GitHub Sponsors are also welcome. Security fixes CVE-2026-41252 CVE-2026-41521 CVE-2026-44178 CVE-2026-42218 CVE-2026-44978 CVE-2026-54538 CVE-2026-55238 CVE-2026-55626 CVE-2026-55639 CVE-2026-55645 New features None Bug fixes regression: Fix SEGV in xrdp when running over TLS (#3793) -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 7 2026 Bojan Smojver - 1:0.10.6.1-1 - Update to 0.10.6.1 - CVE-2026-41252, CVE-2026-41521, CVE-2026-44178, CVE-2026-42218 - CVE-2026-44978, CVE-2026-54538, CVE-2026-55238, CVE-2026-55626 - CVE-2026-55639, CVE-2026-55645 * Sat Jun 13 2026 Yaakov Selkowitz - 1:0.10.6-3 - Rebuilt for openssl4.0 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-bd0a75766f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
1.033 - CVE-2026-14454: Fix mishandling of large EXIF IFD entry count values — treated as negative numbers, could lead to allocation failure and program exit - JPEG: depend on Imager 1.033 for the EXIF fix - Fix thread context object reference count leak in bumpmap and bumpmap_complex. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-38f958d25a 2026-07-16 01:28:35.510772+00:00 -------------------------------------------------------------------------------- Name : perl-Imager Product : Fedora 43 Version : 1.033 Release : 1.fc43 URL : https://metacpan.org/release/Imager Summary : Perl extension for Generating 24 bit Images Description : Imager is a module for creating and altering images. It can read and write various image formats, draw primitive shapes like lines,and polygons, blend multiple images together in various ways, scale, crop, render text and more. -------------------------------------------------------------------------------- Update Information: 1.033 - CVE-2026-14454: Fix mishandling of large EXIF IFD entry count values — treated as negative numbers, could lead to allocation failure and program exit - JPEG: depend on Imager 1.033 for the EXIF fix - Fix thread context object reference count leak in bumpmap and bumpmap_complex filters - TIFF: fix a leak from processing the TIFF warnings buffer (introduced in Imager 1.021) -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 7 2026 Jitka Plesnikova - 1.033-1 - 1.033 bump (rhbz#2497664) - Fix CVE-2026-14454 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2497664 - perl-Imager-1.033 is available https://bugzilla.redhat.com/show_bug.cgi?id=2497664 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2026-38f958d25a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Critical fix for perl-Imager on Fedora addressing EXIF mishandling, memory leaks and allocation issues. Install promptly.. perl Imager, Fedora security fix, image processing module, EXIF handling issue. . Severity: Critical. LinuxSecurity.com Team
Update PyO3 to 0.29; addresses RUSTSEC-2026-0176 and RUSTSEC-2026-0177. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-31ec71cf0b 2026-07-16 01:28:35.510742+00:00 -------------------------------------------------------------------------------- Name : python-bcrypt Product : Fedora 43 Version : 4.3.0 Release : 14.fc43 URL : https://pypi.python.org/pypi/bcrypt Summary : Modern password hashing for your software and your servers Description : Modern password hashing for your software and your servers. -------------------------------------------------------------------------------- Update Information: Update PyO3 to 0.29; addresses RUSTSEC-2026-0176 and RUSTSEC-2026-0177 -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 7 2026 Benjamin A. Beasley - 4.3.0-14 - Update PyO3 to 0.29; addresses RUSTSEC-2026-0176 and RUSTSEC-2026-0177 * Tue Jul 7 2026 Benjamin A. Beasley - 4.3.0-13 - Replace BuildRequires: rust-packaging with cargo-rpm-macros * Tue Jul 7 2026 Benjamin A. Beasley - 4.3.0-12 - Drop manual BuildRequires on python3-devel * Tue Jul 7 2026 Benjamin A. Beasley - 4.3.0-10 - Switch URL from HTTP to HTTPS * Wed Jun 3 2026 Python Maint - 4.3.0-8 - Rebuilt for Python 3.15 * Sat Jan 17 2026 Fedora Release Engineering - 4.3.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-31ec71cf0b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to upstream release 0.13.0; update PyO3 to 0.29, fixing RUSTSEC-2026-0176 and RUSTSEC-2026-0177.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-8abedbcc4f 2026-07-16 01:28:35.510726+00:00 -------------------------------------------------------------------------------- Name : python-tiktoken Product : Fedora 43 Version : 0.13.0 Release : 2.fc43 URL : https://pypi.org/project/tiktoken/ Summary : tiktoken is a fast BPE tokeniser for use with OpenAI's models Description : tiktoken is a fast BPE tokeniser for use with OpenAI's models. -------------------------------------------------------------------------------- Update Information: Update to upstream release 0.13.0; update PyO3 to 0.29, fixing RUSTSEC-2026-0176 and RUSTSEC-2026-0177. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 6 2026 Benjamin A. Beasley - 0.13.0-2 - Update PyO3 to 0.29 - Fixes RUSTSEC-2026-0176 and RUSTSEC-2026-0177 * Mon Jul 6 2026 Benjamin A. Beasley - 0.13.0-1 - Update to 0.13.0 (close RHBZ#2477785) * Mon Jul 6 2026 Benjamin A. Beasley - 0.12.0-6 - Add a comment to justify not running the tests * Mon Jul 6 2026 Benjamin A. Beasley - 0.12.0-5 - Avoid installing duplicate license files * Mon Jul 6 2026 Benjamin A. Beasley - 0.12.0-4 - Improve/simplify handling of Rust dependency licenses * Wed Jun 3 2026 Python Maint - 0.12.0-3 - Rebuilt for Python 3.15 * Sat Jan 17 2026 Fedora Release Engineering - 0.12.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Tue Oct 7 2025 Lumir Balhar - 0.12.0-1 - Update to 0.12.0 (rhbz#2402015) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2477785 - python-tiktoken-0.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2477785 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-8abedbcc4f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.