Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
219
security advisoryimportantexecutionPeak OS 4.01 OpenAL Notable Unauthorized Command Execution RLSA-2027-15891
Important: openexr security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:15887", "synopsis": "Important: openexr security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for openexr.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR.\n\nSecurity Fix(es):\n\n* OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file (CVE-2026-34588)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2455408", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2455408", "description": ""}], "cves": [{"name": "CVE-2026-34588", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34588", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-190"}], "references": [], "publishedAt": "2026-05-13T12:03:42.485295Z", "rpms": {"Rocky Linux 9": {"nvras": ["openexr-0:3.1.1-3.el9_7.2.aarch64.rpm", "openexr-0:3.1.1-3.el9_7.2.ppc64le.rpm", "openexr-0:3.1.1-3.el9_7.2.s390x.rpm", "openexr-0:3.1.1-3.el9_7.2.src.rpm", "openexr-0:3.1.1-3.el9_7.2.x86_64.rpm", "openexr-debuginfo-0:3.1.1-3.el9_7.2.aarch64.rpm", "openexr-debuginfo-0:3.1.1-3.el9_7.2.i686.rpm", "openexr-debuginfo-0:3.1.1-3.el9_7.2.ppc64le.rpm", "openexr-debuginfo-0:3.1.1-3.el9_7.2.s390x.rpm","openexr-debuginfo-0:3.1.1-3.el9_7.2.x86_64.rpm", "openexr-debugsource-0:3.1.1-3.el9_7.2.aarch64.rpm", "openexr-debugsource-0:3.1.1-3.el9_7.2.i686.rpm", "openexr-debugsource-0:3.1.1-3.el9_7.2.ppc64le.rpm", "openexr-debugsource-0:3.1.1-3.el9_7.2.s390x.rpm", "openexr-debugsource-0:3.1.1-3.el9_7.2.x86_64.rpm", "openexr-devel-0:3.1.1-3.el9_7.2.aarch64.rpm", "openexr-devel-0:3.1.1-3.el9_7.2.i686.rpm", "openexr-devel-0:3.1.1-3.el9_7.2.ppc64le.rpm", "openexr-devel-0:3.1.1-3.el9_7.2.s390x.rpm", "openexr-devel-0:3.1.1-3.el9_7.2.x86_64.rpm", "openexr-libs-0:3.1.1-3.el9_7.2.aarch64.rpm", "openexr-libs-0:3.1.1-3.el9_7.2.i686.rpm", "openexr-libs-0:3.1.1-3.el9_7.2.ppc64le.rpm", "openexr-libs-0:3.1.1-3.el9_7.2.s390x.rpm", "openexr-libs-0:3.1.1-3.el9_7.2.x86_64.rpm", "openexr-libs-debuginfo-0:3.1.1-3.el9_7.2.aarch64.rpm", "openexr-libs-debuginfo-0:3.1.1-3.el9_7.2.i686.rpm", "openexr-libs-debuginfo-0:3.1.1-3.el9_7.2.ppc64le.rpm", "openexr-libs-debuginfo-0:3.1.1-3.el9_7.2.s390x.rpm", "openexr-libs-debuginfo-0:3.1.1-3.el9_7.2.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. OpenEXR security update for Rocky Linux 9 addresses arbitrary code execution vulnerabilities. Update recommended for users.. OpenEXR update, Rocky Linux security, arbitrary code execution, security advisory, vulnerability management. . Severity: Important. LinuxSecurity.com Team
May 13, 2026
•Important
Rocky Linux
219
security advisoryimportantpackage installationRocky Linux 8 PackageKit Critical Security Patch RLSA-2026-11635 Updates
Important: PackageKit security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:11635", "synopsis": "Important: PackageKit security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for PackageKit.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API.\n\nSecurity Fix(es):\n\n* PackageKit: race condition vulnerability leads to arbitrary package installation as root (CVE-2026-41651)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2460604", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460604", "description": ""}], "cves": [{"name": "CVE-2026-41651", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41651", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-367"}], "references": [], "publishedAt": "2026-04-30T18:01:05.380956Z", "rpms": {"Rocky Linux 8": {"nvras": ["PackageKit-0:1.1.12-8.el8_10.aarch64.rpm", "PackageKit-0:1.1.12-8.el8_10.i686.rpm", "PackageKit-0:1.1.12-8.el8_10.src.rpm", "PackageKit-0:1.1.12-8.el8_10.x86_64.rpm", "PackageKit-command-not-found-0:1.1.12-8.el8_10.aarch64.rpm", "PackageKit-command-not-found-0:1.1.12-8.el8_10.x86_64.rpm", "PackageKit-command-not-found-debuginfo-0:1.1.12-8.el8_10.aarch64.rpm", "PackageKit-command-not-found-debuginfo-0:1.1.12-8.el8_10.x86_64.rpm", "PackageKit-cron-0:1.1.12-8.el8_10.aarch64.rpm", "PackageKit-cron-0:1.1.12-8.el8_10.x86_64.rpm","PackageKit-debuginfo-0:1.1.12-8.el8_10.aarch64.rpm", "PackageKit-debuginfo-0:1.1.12-8.el8_10.i686.rpm", "PackageKit-debuginfo-0:1.1.12-8.el8_10.x86_64.rpm", "PackageKit-debugsource-0:1.1.12-8.el8_10.aarch64.rpm", "PackageKit-debugsource-0:1.1.12-8.el8_10.i686.rpm", "PackageKit-debugsource-0:1.1.12-8.el8_10.x86_64.rpm", "PackageKit-glib-0:1.1.12-8.el8_10.aarch64.rpm", "PackageKit-glib-0:1.1.12-8.el8_10.i686.rpm", "PackageKit-glib-0:1.1.12-8.el8_10.x86_64.rpm", "PackageKit-glib-debuginfo-0:1.1.12-8.el8_10.aarch64.rpm", "PackageKit-glib-debuginfo-0:1.1.12-8.el8_10.i686.rpm", "PackageKit-glib-debuginfo-0:1.1.12-8.el8_10.x86_64.rpm", "PackageKit-glib-devel-0:1.1.12-8.el8_10.aarch64.rpm", "PackageKit-glib-devel-0:1.1.12-8.el8_10.i686.rpm", "PackageKit-glib-devel-0:1.1.12-8.el8_10.x86_64.rpm", "PackageKit-gstreamer-plugin-0:1.1.12-8.el8_10.aarch64.rpm", "PackageKit-gstreamer-plugin-0:1.1.12-8.el8_10.x86_64.rpm", "PackageKit-gstreamer-plugin-debuginfo-0:1.1.12-8.el8_10.aarch64.rpm", "PackageKit-gstreamer-plugin-debuginfo-0:1.1.12-8.el8_10.x86_64.rpm", "PackageKit-gtk3-module-0:1.1.12-8.el8_10.aarch64.rpm", "PackageKit-gtk3-module-0:1.1.12-8.el8_10.i686.rpm", "PackageKit-gtk3-module-0:1.1.12-8.el8_10.x86_64.rpm", "PackageKit-gtk3-module-debuginfo-0:1.1.12-8.el8_10.aarch64.rpm", "PackageKit-gtk3-module-debuginfo-0:1.1.12-8.el8_10.i686.rpm", "PackageKit-gtk3-module-debuginfo-0:1.1.12-8.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important security update for PackageKit resolves an arbitrary installation threat in Rocky Linux 8. A must-read advisory.. PackageKit security update, Rocky Linux 8, CVSS score, security threat. . Severity: Important. LinuxSecurity.com Team
Apr 30, 2026
•Important
Rocky Linux
219
security advisorycommand executionimportantRocky Linux 8 RLSA-2026-11513 Nano Important File Update Improvement
Important: vim security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:11509", "synopsis": "Important: vim security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for vim.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Vim (Vi IMproved) is an updated and improved version of the vi editor.\n\nSecurity Fix(es):\n\n* vim: arbitrary command execution via modeline sandbox bypass (CVE-2026-34982)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2455400", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2455400", "description": ""}], "cves": [{"name": "CVE-2026-34982", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34982", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "cvss3BaseScore": "8.2", "cwe": "CWE-78"}], "references": [], "publishedAt": "2026-04-30T18:00:45.302131Z", "rpms": {"Rocky Linux 8": {"nvras": ["vim-2:8.0.1763-22.el8_10.3.src.rpm", "vim-common-2:8.0.1763-22.el8_10.3.aarch64.rpm", "vim-common-2:8.0.1763-22.el8_10.3.x86_64.rpm", "vim-common-debuginfo-2:8.0.1763-22.el8_10.3.aarch64.rpm", "vim-common-debuginfo-2:8.0.1763-22.el8_10.3.x86_64.rpm", "vim-debuginfo-2:8.0.1763-22.el8_10.3.aarch64.rpm", "vim-debuginfo-2:8.0.1763-22.el8_10.3.x86_64.rpm", "vim-debugsource-2:8.0.1763-22.el8_10.3.aarch64.rpm", "vim-debugsource-2:8.0.1763-22.el8_10.3.x86_64.rpm", "vim-enhanced-2:8.0.1763-22.el8_10.3.aarch64.rpm", "vim-enhanced-2:8.0.1763-22.el8_10.3.x86_64.rpm", "vim-enhanced-debuginfo-2:8.0.1763-22.el8_10.3.aarch64.rpm", "vim-enhanced-debuginfo-2:8.0.1763-22.el8_10.3.x86_64.rpm","vim-filesystem-2:8.0.1763-22.el8_10.3.noarch.rpm", "vim-minimal-2:8.0.1763-22.el8_10.3.aarch64.rpm", "vim-minimal-2:8.0.1763-22.el8_10.3.x86_64.rpm", "vim-minimal-debuginfo-2:8.0.1763-22.el8_10.3.aarch64.rpm", "vim-minimal-debuginfo-2:8.0.1763-22.el8_10.3.x86_64.rpm", "vim-X11-2:8.0.1763-22.el8_10.3.aarch64.rpm", "vim-X11-2:8.0.1763-22.el8_10.3.x86_64.rpm", "vim-X11-debuginfo-2:8.0.1763-22.el8_10.3.aarch64.rpm", "vim-X11-debuginfo-2:8.0.1763-22.el8_10.3.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important vim security update available for Rocky Linux 8 addressing a command execution issue. Update recommended for safety.. vim security update, Rocky Linux advisory, command execution threat. . Severity: Important. LinuxSecurity.com Team
Apr 30, 2026
•Important
Rocky Linux
219
security advisorycommand executionimportantRocky Linux 9 RLSA-2026-11514 Emacs Essential Security Update Issued
Important: vim security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:11510", "synopsis": "Important: vim security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for vim.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Vim (Vi IMproved) is an updated and improved version of the vi editor.\n\nSecurity Fix(es):\n\n* vim: arbitrary command execution via modeline sandbox bypass (CVE-2026-34982)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2455400", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2455400", "description": ""}], "cves": [{"name": "CVE-2026-34982", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34982", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "cvss3BaseScore": "8.2", "cwe": "CWE-78"}], "references": [], "publishedAt": "2026-04-30T12:03:33.126838Z", "rpms": {"Rocky Linux 9": {"nvras": ["vim-2:8.2.2637-23.el9_7.3.src.rpm", "vim-common-2:8.2.2637-23.el9_7.3.aarch64.rpm", "vim-common-2:8.2.2637-23.el9_7.3.ppc64le.rpm", "vim-common-2:8.2.2637-23.el9_7.3.s390x.rpm", "vim-common-2:8.2.2637-23.el9_7.3.x86_64.rpm", "vim-common-debuginfo-2:8.2.2637-23.el9_7.3.aarch64.rpm", "vim-common-debuginfo-2:8.2.2637-23.el9_7.3.ppc64le.rpm", "vim-common-debuginfo-2:8.2.2637-23.el9_7.3.s390x.rpm", "vim-common-debuginfo-2:8.2.2637-23.el9_7.3.x86_64.rpm", "vim-debuginfo-2:8.2.2637-23.el9_7.3.aarch64.rpm", "vim-debuginfo-2:8.2.2637-23.el9_7.3.ppc64le.rpm", "vim-debuginfo-2:8.2.2637-23.el9_7.3.s390x.rpm", "vim-debuginfo-2:8.2.2637-23.el9_7.3.x86_64.rpm","vim-debugsource-2:8.2.2637-23.el9_7.3.aarch64.rpm", "vim-debugsource-2:8.2.2637-23.el9_7.3.ppc64le.rpm", "vim-debugsource-2:8.2.2637-23.el9_7.3.s390x.rpm", "vim-debugsource-2:8.2.2637-23.el9_7.3.x86_64.rpm", "vim-enhanced-2:8.2.2637-23.el9_7.3.aarch64.rpm", "vim-enhanced-2:8.2.2637-23.el9_7.3.ppc64le.rpm", "vim-enhanced-2:8.2.2637-23.el9_7.3.s390x.rpm", "vim-enhanced-2:8.2.2637-23.el9_7.3.x86_64.rpm", "vim-enhanced-debuginfo-2:8.2.2637-23.el9_7.3.aarch64.rpm", "vim-enhanced-debuginfo-2:8.2.2637-23.el9_7.3.ppc64le.rpm", "vim-enhanced-debuginfo-2:8.2.2637-23.el9_7.3.s390x.rpm", "vim-enhanced-debuginfo-2:8.2.2637-23.el9_7.3.x86_64.rpm", "vim-filesystem-2:8.2.2637-23.el9_7.3.noarch.rpm", "vim-minimal-2:8.2.2637-23.el9_7.3.aarch64.rpm", "vim-minimal-2:8.2.2637-23.el9_7.3.ppc64le.rpm", "vim-minimal-2:8.2.2637-23.el9_7.3.s390x.rpm", "vim-minimal-2:8.2.2637-23.el9_7.3.x86_64.rpm", "vim-minimal-debuginfo-2:8.2.2637-23.el9_7.3.aarch64.rpm", "vim-minimal-debuginfo-2:8.2.2637-23.el9_7.3.ppc64le.rpm", "vim-minimal-debuginfo-2:8.2.2637-23.el9_7.3.s390x.rpm", "vim-minimal-debuginfo-2:8.2.2637-23.el9_7.3.x86_64.rpm", "vim-X11-2:8.2.2637-23.el9_7.3.aarch64.rpm", "vim-X11-2:8.2.2637-23.el9_7.3.ppc64le.rpm", "vim-X11-2:8.2.2637-23.el9_7.3.s390x.rpm", "vim-X11-2:8.2.2637-23.el9_7.3.x86_64.rpm", "vim-X11-debuginfo-2:8.2.2637-23.el9_7.3.aarch64.rpm", "vim-X11-debuginfo-2:8.2.2637-23.el9_7.3.ppc64le.rpm", "vim-X11-debuginfo-2:8.2.2637-23.el9_7.3.s390x.rpm", "vim-X11-debuginfo-2:8.2.2637-23.el9_7.3.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Vim security update for Rocky Linux 9 addressing significant command execution risks. Ensure your systems are protected!. Rocky Linux 9,Vim security update,command execution risk. . Severity: Important. LinuxSecurity.com Team
Apr 30, 2026
•Important
Rocky Linux
89
security advisorymoderatefedoraFedora 44 Goose Moderate Tar Permissions Fix 2026-6ff3ef2d32
Update goose to fix fedora#2449678. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-6ff3ef2d32 2026-04-25 01:21:36.171379+00:00 -------------------------------------------------------------------------------- Name : goose Product : Fedora 44 Version : 1.23.2 Release : 8.fc44 URL : https://github.com/block/goose Summary : Extensible AI agent client Description : Goose is your on-machine AI agent, capable of automating complex development tasks from start to finish. More than just code suggestions, goose can build entire projects from scratch, write and execute code, debug failures, orchestrate workflows, and interact with external APIs - autonomously. Whether you're prototyping an idea, refining existing code, or managing intricate engineering pipelines, goose adapts to your workflow and executes tasks with precision. Designed for maximum flexibility, goose works with any LLM and supports multi-model configuration to optimize performance and cost, seamlessly integrates with MCP servers, and is available as both a desktop app as well as CLI - making it the ultimate AI assistant for developers who want to move faster and focus on innovation. -------------------------------------------------------------------------------- Update Information: Update goose to fix fedora#2449678 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 27 2026 Manuel Moran - 1.23.2-8 - [skip changelog] Fix gating * Fri Mar 27 2026 Martin Litwora - 1.23.2-7 - Change the test plan URL to point directly to centos-stream test repository * Thu Mar 26 2026 Sam Doran - 1.23.2-6 - Fix CVE-2026-33056 for tar dependency * Wed Mar 25 2026 Sam Doran - 1.23.2-5 - Raise recursion limit on server_test.rs * Tue Mar 24 2026 Sam Doran - 1.23.2-4 - Add basic goose config * Mon Mar 23 2026 Manuel Moran - 1.23.2-3 - Addgating -------------------------------------------------------------------------------- References: [ 1 ] Bug #2449678 - CVE-2026-33056 goose: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449678 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6ff3ef2d32' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 25, 2026
Fedora
89
security advisoryfedoraupdateFedora 43 Goose Update Fixes CVE-2026-33056 Permission Modifications
Update goose to fix fedora#2449678. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a45f438402 2026-04-08 00:52:24.173289+00:00 -------------------------------------------------------------------------------- Name : goose Product : Fedora 43 Version : 1.23.2 Release : 7.fc43 URL : https://github.com/aaif-goose/goose Summary : Extensible AI agent client Description : Goose is your on-machine AI agent, capable of automating complex development tasks from start to finish. More than just code suggestions, goose can build entire projects from scratch, write and execute code, debug failures, orchestrate workflows, and interact with external APIs - autonomously. Whether you're prototyping an idea, refining existing code, or managing intricate engineering pipelines, goose adapts to your workflow and executes tasks with precision. Designed for maximum flexibility, goose works with any LLM and supports multi-model configuration to optimize performance and cost, seamlessly integrates with MCP servers, and is available as both a desktop app as well as CLI - making it the ultimate AI assistant for developers who want to move faster and focus on innovation. -------------------------------------------------------------------------------- Update Information: Update goose to fix fedora#2449678 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 27 2026 Manuel Moran - 1.23.2-7 - [skip changelog] Fix gating * Fri Mar 27 2026 Martin Litwora - 1.23.2-6 - Change the test plan URL to point directly to centos-stream test repository * Fri Mar 27 2026 Sam Doran - 1.23.2-5 - Fix CVE-2026-33056 for tar dependency * Thu Mar 26 2026 Sam Doran - 1.23.2-4 - Raise recursion limit on server_test.rs * Mon Mar 23 2026 Manuel Moran - 1.23.2-3 - Addgating -------------------------------------------------------------------------------- References: [ 1 ] Bug #2449678 - CVE-2026-33056 goose: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449678 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a45f438402' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 08, 2026
•Critical
Fedora
219
security advisorymoderatecode executionCentOS 8 LSB-2030-8145 abc Expert Exploit Case CVE-2030-89124
Moderate: vim security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:4715", "synopsis": "Moderate: vim security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for vim.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Vim (Vi IMproved) is an updated and improved version of the vi editor.\n\nSecurity Fix(es):\n\n* vim: Vim: Arbitrary code execution via 'helpfile' option processing (CVE-2026-25749)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2437843", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2437843", "description": ""}], "cves": [{"name": "CVE-2026-25749", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-25749", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.3", "cwe": "CWE-120"}], "references": [], "publishedAt": "2026-03-27T12:07:50.770013Z", "rpms": {"Rocky Linux 10": {"nvras": ["xxd-debuginfo-2:9.1.083-6.el10_1.1.x86_64.rpm", "vim-debugsource-2:9.1.083-6.el10_1.1.x86_64.rpm", "xxd-2:9.1.083-6.el10_1.1.x86_64.rpm", "vim-X11-debuginfo-2:9.1.083-6.el10_1.1.s390x.rpm", "vim-X11-debuginfo-2:9.1.083-6.el10_1.1.aarch64.rpm", "vim-debuginfo-2:9.1.083-6.el10_1.1.s390x.rpm", "vim-enhanced-debuginfo-2:9.1.083-6.el10_1.1.aarch64.rpm", "vim-enhanced-debuginfo-2:9.1.083-6.el10_1.1.s390x.rpm", "xxd-2:9.1.083-6.el10_1.1.ppc64le.rpm", "vim-debuginfo-2:9.1.083-6.el10_1.1.x86_64.rpm", "vim-enhanced-debuginfo-2:9.1.083-6.el10_1.1.x86_64.rpm", "vim-debugsource-2:9.1.083-6.el10_1.1.ppc64le.rpm", "xxd-2:9.1.083-6.el10_1.1.s390x.rpm", "vim-X11-2:9.1.083-6.el10_1.1.ppc64le.rpm","vim-minimal-debuginfo-2:9.1.083-6.el10_1.1.x86_64.rpm", "xxd-2:9.1.083-6.el10_1.1.aarch64.rpm", "vim-X11-2:9.1.083-6.el10_1.1.aarch64.rpm", "vim-common-2:9.1.083-6.el10_1.1.aarch64.rpm", "vim-X11-debuginfo-2:9.1.083-6.el10_1.1.ppc64le.rpm", "vim-minimal-debuginfo-2:9.1.083-6.el10_1.1.aarch64.rpm", "xxd-debuginfo-2:9.1.083-6.el10_1.1.ppc64le.rpm", "vim-data-2:9.1.083-6.el10_1.1.noarch.rpm", "vim-enhanced-debuginfo-2:9.1.083-6.el10_1.1.ppc64le.rpm", "vim-2:9.1.083-6.el10_1.1.src.rpm", "vim-filesystem-2:9.1.083-6.el10_1.1.noarch.rpm", "vim-debuginfo-2:9.1.083-6.el10_1.1.aarch64.rpm", "vim-enhanced-2:9.1.083-6.el10_1.1.s390x.rpm", "vim-minimal-debuginfo-2:9.1.083-6.el10_1.1.ppc64le.rpm", "vim-enhanced-2:9.1.083-6.el10_1.1.x86_64.rpm", "xxd-debuginfo-2:9.1.083-6.el10_1.1.aarch64.rpm", "vim-X11-2:9.1.083-6.el10_1.1.x86_64.rpm", "vim-minimal-2:9.1.083-6.el10_1.1.x86_64.rpm", "vim-debugsource-2:9.1.083-6.el10_1.1.aarch64.rpm", "xxd-debuginfo-2:9.1.083-6.el10_1.1.s390x.rpm", "vim-debuginfo-2:9.1.083-6.el10_1.1.ppc64le.rpm", "vim-enhanced-2:9.1.083-6.el10_1.1.aarch64.rpm", "vim-common-2:9.1.083-6.el10_1.1.s390x.rpm", "vim-X11-debuginfo-2:9.1.083-6.el10_1.1.x86_64.rpm", "vim-minimal-debuginfo-2:9.1.083-6.el10_1.1.s390x.rpm", "vim-common-2:9.1.083-6.el10_1.1.x86_64.rpm", "vim-enhanced-2:9.1.083-6.el10_1.1.ppc64le.rpm", "vim-debugsource-2:9.1.083-6.el10_1.1.s390x.rpm", "vim-minimal-2:9.1.083-6.el10_1.1.aarch64.rpm", "vim-minimal-2:9.1.083-6.el10_1.1.s390x.rpm", "vim-common-2:9.1.083-6.el10_1.1.ppc64le.rpm", "vim-X11-2:9.1.083-6.el10_1.1.s390x.rpm", "vim-minimal-2:9.1.083-6.el10_1.1.ppc64le.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Moderate security update for vim on Rocky Linux 10 fixes arbitrary code execution issue with CVE-2026-25749. Protect your system!. Rocky Linux, security update, vim, arbitrary code execution. . LinuxSecurity.com Team
Mar 27, 2026
Rocky Linux
219
security advisorycode executionimportantRocky Linux 8 Significant PostgreSQL Security Notice RLSA-2026-5070
Important: postgresql:12 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:4064", "synopsis": "Important: postgresql:12 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for pg_repack, pgaudit, module.postgres-decoderbufs, module.pgaudit, module.pg_repack, postgres-decoderbufs.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nSecurity Fix(es):\n\n* postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n\n* postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n\n* postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2439324", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2439324", "description": ""}, {"ticket": "2439325", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2439325", "description": ""}, {"ticket": "2439326", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2439326", "description": ""}], "cves": [{"name": "CVE-2026-2004", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-2004", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-1287"}, {"name": "CVE-2026-2005", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-2005", "cvss3ScoringVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"}, {"name": "CVE-2026-2006", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-2006", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-1285"}], "references": [], "publishedAt": "2026-03-09T18:01:13.830662Z", "rpms": {"Rocky Linux 8": {"nvras": ["pgaudit-0:1.4.0-7.module+el8.9.0+1735+a332307b.aarch64.rpm", "pgaudit-0:1.4.0-7.module+el8.9.0+1735+a332307b.src.rpm", "pgaudit-0:1.4.0-7.module+el8.9.0+1735+a332307b.x86_64.rpm", "pgaudit-debuginfo-0:1.4.0-7.module+el8.9.0+1735+a332307b.aarch64.rpm", "pgaudit-debuginfo-0:1.4.0-7.module+el8.9.0+1735+a332307b.x86_64.rpm", "pgaudit-debugsource-0:1.4.0-7.module+el8.9.0+1735+a332307b.aarch64.rpm", "pgaudit-debugsource-0:1.4.0-7.module+el8.9.0+1735+a332307b.x86_64.rpm", "pg_repack-0:1.4.6-3.module+el8.9.0+1594+4a6adae9.aarch64.rpm", "pg_repack-0:1.4.6-3.module+el8.9.0+1603+444d1b54.aarch64.rpm", "pg_repack-0:1.4.6-3.module+el8.10.0+1862+29bef648.aarch64.rpm", "pg_repack-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "pg_repack-0:1.4.6-3.module+el8.9.0+1603+444d1b54.src.rpm", "pg_repack-0:1.4.6-3.module+el8.10.0+1862+29bef648.src.rpm", "pg_repack-0:1.4.6-3.module+el8.9.0+1594+4a6adae9.src.rpm", "pg_repack-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.src.rpm", "pg_repack-0:1.4.6-3.module+el8.9.0+1603+444d1b54.x86_64.rpm", "pg_repack-0:1.4.6-3.module+el8.9.0+1594+4a6adae9.x86_64.rpm", "pg_repack-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "pg_repack-0:1.4.6-3.module+el8.10.0+1862+29bef648.x86_64.rpm", "pg_repack-debuginfo-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "pg_repack-debuginfo-0:1.4.6-3.module+el8.10.0+1862+29bef648.aarch64.rpm", "pg_repack-debuginfo-0:1.4.6-3.module+el8.9.0+1603+444d1b54.aarch64.rpm", "pg_repack-debuginfo-0:1.4.6-3.module+el8.9.0+1594+4a6adae9.aarch64.rpm", "pg_repack-debuginfo-0:1.4.6-3.module+el8.9.0+1603+444d1b54.x86_64.rpm","pg_repack-debuginfo-0:1.4.6-3.module+el8.9.0+1594+4a6adae9.x86_64.rpm", "pg_repack-debuginfo-0:1.4.6-3.module+el8.10.0+1862+29bef648.x86_64.rpm", "pg_repack-debuginfo-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "pg_repack-debugsource-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "pg_repack-debugsource-0:1.4.6-3.module+el8.10.0+1862+29bef648.aarch64.rpm", "pg_repack-debugsource-0:1.4.6-3.module+el8.9.0+1594+4a6adae9.aarch64.rpm", "pg_repack-debugsource-0:1.4.6-3.module+el8.9.0+1603+444d1b54.aarch64.rpm", "pg_repack-debugsource-0:1.4.6-3.module+el8.9.0+1603+444d1b54.x86_64.rpm", "pg_repack-debugsource-0:1.4.6-3.module+el8.9.0+1594+4a6adae9.x86_64.rpm", "pg_repack-debugsource-0:1.4.6-3.module+el8.10.0+1862+29bef648.x86_64.rpm", "pg_repack-debugsource-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.9.0+1594+4a6adae9.aarch64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+1862+29bef648.aarch64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.9.0+1603+444d1b54.aarch64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.9.0+1594+4a6adae9.src.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+1862+29bef648.src.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.src.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.9.0+1603+444d1b54.src.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.9.0+1594+4a6adae9.x86_64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+1862+29bef648.x86_64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.9.0+1603+444d1b54.x86_64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.10.0+1862+29bef648.aarch64.rpm", "postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.9.0+1594+4a6adae9.aarch64.rpm", "postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.9.0+1603+444d1b54.aarch64.rpm","postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.9.0+1603+444d1b54.x86_64.rpm", "postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.10.0+1862+29bef648.x86_64.rpm", "postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.9.0+1594+4a6adae9.x86_64.rpm", "postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.9.0+1603+444d1b54.aarch64.rpm", "postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.9.0+1594+4a6adae9.aarch64.rpm", "postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.10.0+1862+29bef648.aarch64.rpm", "postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.9.0+1594+4a6adae9.x86_64.rpm", "postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.9.0+1603+444d1b54.x86_64.rpm", "postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.10.0+1862+29bef648.x86_64.rpm", "postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Critical PostgreSQL updates for Rocky Linux address multiple security concerns with important risks. Immediate action advised.. PostgreSQL security update Rock Linux vulnerabilities code execution. . Severity: Important. LinuxSecurity.com Team
Mar 09, 2026
•Important
Rocky Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!