Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 1,035 articles for you...
202

openSUSE Tomcat11 Moderate Script and Access Issues Vuln 2026-3087-1

An update that solves six vulnerabilities and has one security fix can now be installed.. # Security update for tomcat11 Announcement ID: SUSE-SU-2026:3087-1 Release Date: 2026-07-16T17:56:56Z Rating: moderate References: * bsc#1232390 * bsc#1269791 * bsc#1269824 * bsc#1269907 * bsc#1269908 * bsc#1269909 * bsc#1269910 Cross-References: * CVE-2026-50229 * CVE-2026-53404 * CVE-2026-53434 * CVE-2026-55276 * CVE-2026-55955 * CVE-2026-55956 CVSS scores: * CVE-2026-50229 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-50229 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-50229 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-53404 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-53404 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-53404 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-53434 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-53434 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-53434 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-55276 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-55276 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-55276 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-55955 ( SUSE ): 2.3 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-55955 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-55955 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-55956 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-55956 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-55956 ( NVD ): 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * Web and Scripting Module 15-SP7 An update that solves six vulnerabilities and has one security fix can now be installed. ## Description: This update for tomcat11 fixes the following issues Update to Tomcat 11.0.23. Security issues fixed: * CVE-2026-50229: improper neutralization of script-related HTML tags in the number guess example (bsc#1269791). * CVE-2026-53404: always-incorrect control flow implementation in the rewrite valve caused non-OR conditions to be skipped if the first condition in an OR chain matched (bsc#1269910). * CVE-2026-53434: error condition not handled when configuring CRLs for a FFM based connector (bsc#1269824). * CVE-2026-55276: always-incorrect control flow implementation caused special roles and empty authorization constraints to not be included when the effective web.xml was logged (bsc#1269909). * CVE-2026-55955: improper authentication allows a replay attack against the EncryptionInterceptor in the cluster component (bsc#1269908). * CVE-2026-55956: improper authorization leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint (bsc#1269907). Other updates and bugfixes: * Upgrade libtcnative to v2 (bsc#1232390). * Tomcat 11.0.23: * Catalina * Add: Add support for literal '%' characters in access log output. Based on pull request #1002 by Fabian Hahn. (markt) * Fix: Lower the log level to debug when OpenSSL initialization fails in OpenSSLLifecycleListener to avoid stack traces when libssl.so is not present and to align the behavior of the isAvailable() check with the AprLifecycleListener and gracefully fail when natives are not present. (csutherl) * Fix: 70038: Cookie.clone() should also clone the internal attribute map. (markt) * Code: Remove unnecessary code from the SSI processing engine that was duplicating some of the normalisation checks. (markt) * Fix: Cleaner handling of invalid SPNEGO tokens. (remm) * Fix: Avoid some NPEs in the Connector class on an uninitialize protocol. (remm) * Fix: Incorrect session average life calculation. (remm) * Fix: Improve robustness on using Pipeline.setBasic on a running pipeline. (remm) * Fix: Avoid any init parameter updates when conflicts are found for filters, similar to what is done for servlets, as required by the servlet specification. (remm) * Fix: Fix container event cleanups in some edge cases. (remm) * Fix: Check for last-modified header in ExpiresFilter when a servlet uses addDateHeader to avoid wrongly considering it has been set. (remm) * Fix: Fix hour unit used by ExpiresFilter. (remm) * Fix: Remove exception swallowing in DataSourceStore to align it with FileStore and avoid session loss on errors. (remm) * Fix: Add support for single-quote escaped literal as well as quoted literals in DateFormatCache. (schultz) * Fix: On JAAS logout, clear out role principals on the subject that were added on commit, as recommended by the JAAS specification. (remm) * Fix: MemoryRealm should not add a dummy role when none is specified in the configuration. (remm) * Fix: DataSourceUserDatabase should return a null principal on a non existing user. (remm) * Fix: Fix shared lock expiration in WebDAV. (remm) * Fix: Inaccurate session exipration statistics when using the persistent manager. (remm) * Fix: Skip BOM when serving files with UTF-32 encoding. (remm) * Fix: Mixup of WrapperListener and WrapperLifecycle elements in storeconfig. (remm) * Fix: Incorrect processing of modified users in DataSourceUserDatabase. (remm) * Update: Clarify behavior in the UserDatabase for user, role and group creation that it does not immediately override existing elements. Removal (or update) needs to be used instead. (remm) * Fix: 70049:Align the web application class loader with parent class loaders and swallow any errors caused by invalid paths when looking up resources and behave as if the resources were not found in that case. (markt) * Fix: Improve validation of Range and Content-Range parsers so invalid ranges trigger a 4xx response rather than a 500 response. Pull request #1012 provided by Sahana Surendra Bogar. (markt) * Fix: Fix connection leak in ProxyErrorReportValve. (remm) * Fix: When using the RewriteValve, %{SSL:HTTPS} now returns on or off rather than true or false to align with httpd. (markt) * Fix: Reset the encoding used for query string parameters between requests in case an application changed the encoding in a previous request. (markt) * Fix: When encoding URLs with the CsrfPreventionFilter, don't add the nonce to URLs that are known not to require it. (markt) * Fix: Fix SSO cookie partitioned configuration. (remm) * Fix: Fix CombinedRealm isAvailable, it allows authentication if at least one sub realm is available. (remm) * Fix: 70048: Correctly handle asynchronous requests in PersistentValve. (markt) * Fix: Improve the detection of cross-context dispatches when using a RequestDispatcher. (markt) * Fix: Fix various instances of double decoding of URL patterns configured either programmatically or in web.xml. (remm/markt) * Fix: Align the rewrite conditions ornext flag processing with mod_rewrite, which follows a purely sequential evaluation strategy. (remm) * Fix: Update default web.xml version to match supported Servlet specification version. (markt) * Fix: Change the default for the useRedirect attribute of the ProxyErrorReportValve from true to false. (markt) * Add: Add support for the showReport attribute in JsonErrorReportValve and ProxyErrorReportValve. When set to false, detailed error information (message, description, stack trace) is suppressed from error responses. (dsoumis) * Fix: Avoid a NoClassDefFoundError at startup when catalina-tribes.jar isremoved but catalina-ha.jar is present and the Cluster element is enabled in server.xml. Cluster digester rules are now fully conditional on both JARs being available. (dsoumis) * Fix: Fix a potential deadlock when copying resources using WebDAV. (markt) * Fix: Add jakarta., org.apache.catalina. and org.apache.tomcat.to the list of reserved prefixes for SSI variables and request attributes. (markt) * Fix: Missing URL decoding when processing addMapping on a Servlet registration. (remm) * Fix: The Timeout WebDAV header allows comma separated values (according to the examples in the RFC). Use the first acceptable value. (remm) * Fix: Fix various issues when logging the effective web.xml for a web application. Empty sections are no longer logged. Special roles and empty authorisation constraints are included. All session cookie attributes are included. (markt) * Fix: Expand the write lock for the save process in the MemoryUserDatabase to avoid concurrency issues with the file save operations. (markt) * Fix: Ensure atomic session persistence in FileStore. Based on pull request #1016 by sahvx655-wq. (markt) * Fix: Do not ignore methods configured on security constraints that map to the default servlet. (markt) * Cluster * Fix: Expand wording and increase visibility of log message when cloud membership is configured without a trust store as all certificates will be trusted in this configuration. (markt) * Fix: Ensure listeners are correctly added and removed when configuring the channel coordinator. (markt) * Fix: Fix some concurrency issues in FragmentationInterceptor. (markt) * Fix: Fix some concurrency issues in OrderInterceptor. (markt) * Fix: Fix some concurrency issues in TwoPhaseCommitInterceptor. (markt) * Fix: Fix concurrency issues generating MD5 digests in the CloudMembershipProvider implementations. (markt) * Add: Add replay protection to the EncryptInterceptor. This us a breaking change for the EncryptInterceptor.(markt) * Coyote * Add:Log a suitable warning if an encrypted PEM file is detected using an insecure form for encryption. (markt) * Fix: If TLS groups have been configured, use the configured groups rather than using OpenSSL's default TLS groups when using Tomcat Native with OpenSSL based connectors. (markt) * Fix: For HTTP/2, ensure that any in progress request body reads are cancelled if the container resets the associated stream. This prevents delays waiting for reads to time out when it is known that no more data will be received. (markt) * Fix: Ensure that malformed HTTP/2 messages that should trigger a stream reset do so, rather than triggered a connection close. (markt) * Fix: Improve enforcement of header trailer allow list for HTTP/2. (remm) * Fix: 70050: Avoid NPE when no header frame is processed in HTTP/2, following refactor clean-up of header buffer. (remm) * Fix: Properly use pollerThreadPriority for the NIO poller thread. (remm) * Fix: Fix MessageByte.equals if called on a null MB. (remm) * Fix: Call the delegate key manager in JSSE to retrieve the server key. (remm) * Fix: Avoid overflow scenarios in Asn1Parser. (remm) * Fix: 70091: Add a new attribute, allowSchemeMismatch to Http2Protocol that allows the consistency check for the scheme provided by the user agent to be bypassed. (markt) * Fix: isTrailerFieldsReady was always returning true. (remm) * Fix: Align OpenSSL/Panama TLS implementation with other implementations and throw an exception if there is an error loading the provided CRL(s). (markt) * Fix: Parsing of OpenSSL format cipher expressions incorrectly stopped if @STRENGTH was encountered, ignoring any subsequent expressions. (markt) * Fix: Handle the case where the HTTP/2 payload length is insufficient for the mandatory data required by the flags set in the header. (markt) * Fix: 70102: Correct expected size of ticket keys when calling setSessionTicketKeys with an FFM connector. (markt) * Fix: 69988: Fix post handshake authentication for TLS1.3. It was broken by a breaking change in OpenSSL between 1.1.1 and 3.0.0. (markt) * Fix: When processing an OpenSSL cipher specification, fully align the order of the resulting ciphers with the order produced by OpenSSL. (markt) * Add: Add support for Brainpool TLS groups. Patch provided by YStankov. (schultz) * Update: Update both the minimum and recommended version for Tomcat Native 2.x to 2.0.15. (markt) * Update: Update the minimum version for Tomcat Native 1.x to 1.3.8. (markt) * Jasper * Fix: Fix possible EL argument mismatch when it was set to null. (remm) * Fix: Fix thread safety of TagPluginManager. (remm) * Fix: Correctly use flush on JSP include. (remm) * Web applications * Add: Manager: Add checks to ensure that any uploaded files are uploaded to the expected location. (markt) * Add: Manager: Add checks to ensure that the requested context path for a deployed WAR, directory or descriptor file is valid. (markt) * Add: Documentation: Expand the description of some of the attributes of the CrawlerSessionManagerValve. (markt) * Fix: Documentation: Clearer description and correct documented default for ocspSoftFail. (markt) * Fix: Fix double escaping in the context names for the JSON mode of the manager servlet. (remm) * Fix: Manager: Ensure automatic deployment does not trigger an undeployment during a Manager triggered web application reload. (markt) * Fix: Documentation: Provide better documentation for the scheme and secure attributes of a Connector. (markt) * Websocket * Fix: Incorrect Future.isDone() return by AsyncChannelWrapperSecure. (remm) * Fix: Trigger standard WebSocket error handling if a call to Endpoint.onOpen() fails for a programmatic endpoint. (markt) * Fix: 70110: Fix memory leak if a call to Endpoint.onOpen() fails for a programmatic endpoint. Test case provided by uabdur. (markt) * Fix: If a client presents invalid parameters when negotiating a WebSocket extension, decline the negotiation offer thatincludes the invalid parameters rather than failing the connection. Pull request #1019 provided by sahvx655-wq. (markt) * Other * Fix: Use per connection authenticator when executing an Ant task. (remm/markt) * Update: Update Commons Daemon to 1.6.1. (markt) * Fix: Prevent duplicate log messages when clustering JARs are not present on startup. (csutherl) * Update: Improvements to French translations. (remm) * Update: Improvements to Japanese translations provided by tak7iji. (markt) * Update: Update the packaged version of the Tomcat Migration Tool for Jakarta EE to 1.0.12. (markt) * Update: Update Tomcat Native to 2.0.15. (markt) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-3087=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-3087=1 ## Package List: * Web and Scripting Module 15-SP7 (noarch) * tomcat11-11.0.23-150600.13.24.1 * tomcat11-el-6_0-api-11.0.23-150600.13.24.1 * tomcat11-servlet-6_1-api-11.0.23-150600.13.24.1 * tomcat11-lib-11.0.23-150600.13.24.1 * tomcat11-admin-webapps-11.0.23-150600.13.24.1 * tomcat11-jsp-4_0-api-11.0.23-150600.13.24.1 * tomcat11-webapps-11.0.23-150600.13.24.1 * openSUSE Leap 15.6 (noarch) * tomcat11-jsvc-11.0.23-150600.13.24.1 * tomcat11-docs-webapp-11.0.23-150600.13.24.1 * tomcat11-11.0.23-150600.13.24.1 * tomcat11-el-6_0-api-11.0.23-150600.13.24.1 * tomcat11-servlet-6_1-api-11.0.23-150600.13.24.1 * tomcat11-lib-11.0.23-150600.13.24.1 * tomcat11-admin-webapps-11.0.23-150600.13.24.1 * tomcat11-jsp-4_0-api-11.0.23-150600.13.24.1 * tomcat11-webapps-11.0.23-150600.13.24.1 * tomcat11-embed-11.0.23-150600.13.24.1 * tomcat11-doc-11.0.23-150600.13.24.1 ## References: *https://www.suse.com/security/cve/CVE-2026-50229.html * https://www.suse.com/security/cve/CVE-2026-53404.html * https://www.suse.com/security/cve/CVE-2026-53434.html * https://www.suse.com/security/cve/CVE-2026-55276.html * https://www.suse.com/security/cve/CVE-2026-55955.html * https://www.suse.com/security/cve/CVE-2026-55956.html * https://bugzilla.suse.com/show_bug.cgi?id=1232390 * https://bugzilla.suse.com/show_bug.cgi?id=1269791 * https://bugzilla.suse.com/show_bug.cgi?id=1269824 * https://bugzilla.suse.com/show_bug.cgi?id=1269907 * https://bugzilla.suse.com/show_bug.cgi?id=1269908 * https://bugzilla.suse.com/show_bug.cgi?id=1269909 * https://bugzilla.suse.com/show_bug.cgi?id=1269910 . This update fixes six vulnerabilities in Tomcat 11 and includes one security patch. Get the details and patch instructions.. opensuse tomcat11 moderate update security patch. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 17, 2026 moderate OpenSUSE
202

openSUSE Tumbleweed perl-Mojolicious Moderate Security Update 2026-11282-1

An update that solves one vulnerability can now be installed.. # perl-Mojolicious-9.480.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:11282-1 Rating: moderate Cross-References: * CVE-2026-15747 CVSS scores: * CVE-2026-15747 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-15747 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the perl-Mojolicious-9.480.0-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * perl-Mojolicious 9.480.0-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-15747.html . This advisory informs about a moderate security update for perl-Mojolicious in openSUSE to address a known vulnerability.. perl-Mojolicious update, openSUSE security, CVE-2026-15747. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 16, 2026 moderate OpenSUSE
202

openSUSE libopenbabel8 Moderate Access Control Issue 2026-11259-1

An update that solves one vulnerability can now be installed.. # libopenbabel8-3.2.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:11259-1 Rating: moderate Cross-References: * CVE-2025-10994 CVSS scores: * CVE-2025-10994 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the libopenbabel8-3.2.1-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * libopenbabel8 3.2.1-1.1 * openbabel 3.2.1-1.1 * openbabel-devel 3.2.1-1.1 * openbabel-gui 3.2.1-1.1 * python3-openbabel 3.2.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-10994.html . An update for openSUSE addressing a moderate security issue in libopenbabel, involving CVE-2025-10994, is available now.. openSUSE, libopenbabel, CVE-2025-10994, security update, access control. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 14, 2026 moderate OpenSUSE
89

Fedora 43 ACL Critical Symlink Escalation Fix CVE-2026-54369 CVE-2026-54370

rebase to v2.4.0 to fix CVE-2026-54369 and CVE-2026-54370 Resolves: CVE-2026-54369 Resolves: CVE-2026-54370. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-67504c329b 2026-07-13 01:03:16.984286+00:00 -------------------------------------------------------------------------------- Name : acl Product : Fedora 43 Version : 2.4.0 Release : 1.fc43 URL : https://savannah.nongnu.org/projects/acl Summary : Access control list utilities Description : This package contains the getfacl and setfacl utilities needed for manipulating access control lists. -------------------------------------------------------------------------------- Update Information: rebase to v2.4.0 to fix CVE-2026-54369 and CVE-2026-54370 Resolves: CVE-2026-54369 Resolves: CVE-2026-54370 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 9 2026 Lukáš Zaoral - 2.4.0-1 - rebase to v2.4.0 to fix the following CVEs: - CVE-2026-54369 - Symlink traversal privilege escalation via libacl functions - CVE-2026-54370 - TOCTOU Symlink Traversal via getfacl/setfacl -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494173 - CVE-2026-54370 acl: TOCTOU Symlink Traversal via getfacl/setfacl [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494173 [ 2 ] Bug #2494174 - CVE-2026-54369 acl: Symlink traversal privilege escalation via libacl functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494174 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-67504c329b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key.More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . This advisory reports critical updates for ACL on Fedora 43, addressing symlink traversal risks with CVE-2026-54369 and CVE-2026-54370.. Access Control List, Fedora security, Symlink Escalation, Critical updates. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 12, 2026 Critical Fedora
202

openSUSE Tumbleweed xorg-x11-server Moderate Threats Advisory 2026-11244-1

An update that solves 2 vulnerabilities can now be installed.. # xorg-x11-server-21.1.21-8.1 on GA media Announcement ID: openSUSE-SU-2026:11244-1 Rating: moderate Cross-References: * CVE-2026-55999 * CVE-2026-56000 CVSS scores: * CVE-2026-55999 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-55999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-56000 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-56000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the xorg-x11-server-21.1.21-8.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * xorg-x11-server 21.1.21-8.1 * xorg-x11-server-Xvfb 21.1.21-8.1 * xorg-x11-server-extra 21.1.21-8.1 * xorg-x11-server-sdk 21.1.21-8.1 * xorg-x11-server-source 21.1.21-8.1 * xorg-x11-server-wrapper 21.1.21-8.1 ## References: * https://www.suse.com/security/cve/CVE-2026-55999.html * https://www.suse.com/security/cve/CVE-2026-56000.html . Two vulnerabilities fixed in xorg-x11-server 21.1.21-8.1 on openSUSE Tumbleweed. Updates are now available for installation.. openSUSE Tumbleweed, xorg-x11-server, security fixes. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 12, 2026 moderate OpenSUSE
202

openSUSE python313-openapi-spec-validator Moderate CVE-2017-18342 Advisory

An update that solves one vulnerability can now be installed.. # python313-openapi-spec-validator-0.9.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:11192-1 Rating: moderate Cross-References: * CVE-2017-18342 CVSS scores: * CVE-2017-18342 ( SUSE ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the python313-openapi-spec-validator-0.9.0-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * python313-openapi-spec-validator 0.9.0-1.1 * python314-openapi-spec-validator 0.9.0-1.1 ## References: * https://www.suse.com/security/cve/CVE-2017-18342.html . An update for openSUSE Tumbleweed addresses a moderate severity issue in python313-openapi-spec-validator. Learn more!. openSUSE Update, Python Spec Validator, CVE-2017-18342, Security Fixes, Linux Updates. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 07, 2026 moderate OpenSUSE
89

Fedora 44 python-streamlink Important Local File Read Fix CVE-2026-44353

streamlink 8.4.0 (2026-05-06) SECURITY: fixed arbitrary local file read via file:// URI in HLS and DASH (CVE-2026-44353 / GHSA-hgqw-6m45-hw5f) Added: --stream-passthrough-encrypted for passing through encrypted HLS/DASH segments to the output stream without any checks (#6896). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b9232006bb 2026-07-05 01:07:02.694144+00:00 -------------------------------------------------------------------------------- Name : python-streamlink Product : Fedora 44 Version : 8.4.0 Release : 1.fc44 URL : https://streamlink.github.io Summary : Python library for extracting streams from various websites Description : Streamlink is a command-line utility that pipes video streams from various services into a video player, such as VLC. The main purpose of Streamlink is to allow the user to avoid buggy and CPU heavy flash plugins but still be able to enjoy various streamed content. There is also an API available for developers who want access to the video stream data. This project was forked from Livestreamer, which is no longer maintained. -------------------------------------------------------------------------------- Update Information: streamlink 8.4.0 (2026-05-06) SECURITY: fixed arbitrary local file read via file:// URI in HLS and DASH (CVE-2026-44353 / GHSA-hgqw-6m45-hw5f) Added: --stream-passthrough-encrypted for passing through encrypted HLS/DASH segments to the output stream without any checks (#6896) Fixed: --interface selection by name on macOS (#6908) Fixed: --interface not being applied to adapters mounted after session init (#6915) Updated plugins: goltelevision: rewritten and fixed plugin (#6916) twitcasting: improved ad segment filtering (#6910) Full changelog streamlink 8.3.0 (2026-04-10) Added: support for choosing the --interface by name on non-Windows systems, with optional prefixes, similar to curl (#6862) Added: support foralso checking stream segments in HLSStream.parse_variant_playlist() by setting check_streams="segments" (#6878) Fixed: stdout/stderr streams in ProcessOutput not being fully line-buffered (#6868) Updated plugins: cdnbg: rewritten and fixed plugin (#6890) nicolive: added websocket reconnect attempts on HLS decryption key retrieval failure (#6871) soop: migrated to sooplive.com (#6876) telefe: rewritten and fixed plugin (#6891) Full changelog -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 25 2026 Mohamed El Morabity - 8.4.0-1 - Update to 8.4.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2457332 - python-streamlink-8.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2457332 [ 2 ] Bug #2458672 - python-streamlink fails to build with Python 3.15: test_help_color: TypeError: TestPrint._color. . () got an unexpected keyword argument 'file' https://bugzilla.redhat.com/show_bug.cgi?id=2458672 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b9232006bb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Streamlink 8.4.0 update addresses a critical local file read issue. Upgrade now for enhanced security and functionality.. ssstreamlink security patch, arbitrary file access fix, python-streamlink vulnerability, fedora package update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 04, 2026 Important Fedora
100

SUSE Firewalld-Legacy Moderate Local Access Management Patch 2026-2745-1

An update that solves one vulnerability can now be installed.. # Security update for firewalld-legacy Announcement ID: SUSE-SU-2026:2745-1 Release Date: 2026-07-03T11:34:34Z Rating: moderate References: * bsc#1260903 Cross-References: * CVE-2026-4948 CVSS scores: * CVE-2026-4948 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-4948 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for firewalld-legacy fixes the following issue * CVE-2026-4948: local unprivileged users can modify firewall state due to D-Bus setter mis-authorizations (bsc#1260903). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2745=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-2745=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2745=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-2745=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2745=1 ## Package List: * openSUSE Leap 15.6 (noarch) * firewall-applet-1.3.4-150600.13.6.1 * firewalld-1.3.4-150600.13.6.1 *firewalld-lang-1.3.4-150600.13.6.1 * firewall-macros-1.3.4-150600.13.6.1 * python311-firewall-1.3.4-150600.13.6.1 * firewall-config-1.3.4-150600.13.6.1 * firewalld-test-1.3.4-150600.13.6.1 * python3-firewall-1.3.4-150600.13.6.1 * firewalld-zsh-completion-1.3.4-150600.13.6.1 * firewalld-bash-completion-1.3.4-150600.13.6.1 * Basesystem Module 15-SP7 (noarch) * firewalld-1.3.4-150600.13.6.1 * firewalld-lang-1.3.4-150600.13.6.1 * python3-firewall-1.3.4-150600.13.6.1 * firewalld-zsh-completion-1.3.4-150600.13.6.1 * firewalld-bash-completion-1.3.4-150600.13.6.1 * Desktop Applications Module 15-SP7 (noarch) * firewall-applet-1.3.4-150600.13.6.1 * firewall-config-1.3.4-150600.13.6.1 * Python 3 Module 15-SP7 (noarch) * python311-firewall-1.3.4-150600.13.6.1 * Development Tools Module 15-SP7 (noarch) * firewall-macros-1.3.4-150600.13.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4948.html * https://bugzilla.suse.com/show_bug.cgi?id=1260903 . SUSE security update fixes a moderate issue in firewalld-legacy affecting local user access control.. SUSE firewalld security update, access control issue, local privilege escalation, security patch, SUSE advisories. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 03, 2026 moderate SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200