Explore top 10 tips to secure your open-source projects now. Read More
×Moderate: ctags security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:2863", "synopsis": "Moderate: ctags security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for ctags.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Ctags is a C programming language indexing and cross-reference tool.\n\nSecurity Fix(es):\n\n* ctags: arbitrary command execution via a tag file with a crafted filename (CVE-2022-4515)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2153519", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2153519", "description": ""}], "cves": [{"name": "CVE-2022-4515", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4515", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-78"}], "references": [], "publishedAt": "2026-06-25T12:01:05.792943Z", "rpms": {"Rocky Linux 8": {"nvras": ["ctags-0:5.8-23.el8.aarch64.rpm", "ctags-0:5.8-23.el8.src.rpm", "ctags-0:5.8-23.el8.x86_64.rpm", "ctags-debuginfo-0:5.8-23.el8.aarch64.rpm", "ctags-debuginfo-0:5.8-23.el8.x86_64.rpm", "ctags-debugsource-0:5.8-23.el8.aarch64.rpm", "ctags-debugsource-0:5.8-23.el8.x86_64.rpm", "ctags-etags-0:5.8-23.el8.aarch64.rpm", "ctags-etags-0:5.8-23.el8.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Ctags security update for Rocky Linux 8 addresses moderate flaws, includes CVE-2022-4515 affecting command execution..ctags security update,Rocky Linux security,command execution flaw,security advisory,moderate vulnerability. . Severity: moderate. LinuxSecurity.com Team
A flaw was discovered in libhttp-daemon-perl, a simple http server class for Perl, which may result in the execution of arbitrary shell commands or file overwrite when processing specially crafted input. For Debian 11 bullseye, this problem has been fixed in version 6.12-1+deb11u2.. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4639-1
A flaw was discovered in libgd-perl, a Perl module wrapper for libgd, which may result in the execution of arbitrary shell commands or file overwrite when processing specially crafted file names. For the stable distribution (trixie), this problem has been fixed in version 2.78-1+deb13u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6345-1
Update to 2.94.0 Update to 2.93.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f07b3548d4 2026-06-15 00:48:35.285184+00:00 -------------------------------------------------------------------------------- Name : gh Product : Fedora 44 Version : 2.94.0 Release : 1.fc44 URL : https://github.com/cli/cli Summary : GitHub's official command line tool Description : A command-line interface to GitHub for use in your terminal or your scripts. gh is a tool designed to enhance your workflow when working with GitHub. It provides a seamless way to interact with GitHub repositories and perform various actions right from the command line, eliminating the need to switch between your terminal and the GitHub website. -------------------------------------------------------------------------------- Update Information: Update to 2.94.0 Update to 2.93.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Packit - 2.94.0-1 - Update to 2.94.0 upstream release - Resolves: rhbz#2487830 * Thu May 28 2026 Maxwell G - 2.93.0-1 - Update to 2.93.0. Fixes rhbz#2482337. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2483739 - CVE-2026-45803 gh: GitHub CLI: Arbitrary command execution via terminal escape sequence injection in workflow logs [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2483739 [ 2 ] Bug #2486218 - CVE-2026-45287 gh: OpenTelemetry-Go: Denial of Service due to file descriptor leak [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486218 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f07b3548d4' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Automatic update for cockpit-362-1.fc43. Changelog for cockpit * Wed May 20 2026 Packit - 362-1 - Bug fixes and translation updates - Fix arbitrary code execution via specially crafted logs page link. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-58cee40a55 2026-06-05 04:07:33.979887+00:00 -------------------------------------------------------------------------------- Name : cockpit Product : Fedora 43 Version : 362 Release : 1.fc43 URL : https://cockpit-project.org/ Summary : Web Console for Linux servers Description : The Cockpit Web Console enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. -------------------------------------------------------------------------------- Update Information: Automatic update for cockpit-362-1.fc43. Changelog for cockpit * Wed May 20 2026 Packit - 362-1 - Bug fixes and translation updates - Fix arbitrary code execution via specially crafted logs page link (CVE-2026-4802) -------------------------------------------------------------------------------- ChangeLog: * Wed May 20 2026 Packit - 362-1 - Bug fixes and translation updates - Fix arbitrary code execution via specially crafted logs page link (CVE-2026-4802) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2480095 - [Exploits (KEV)] CVE-2026-4802 cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480095 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-58cee40a55' at the command line. For more information, refer to the dnfdocumentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that solves one vulnerability can now be installed.. # Security update for vim Announcement ID: SUSE-SU-2026:21464-1 Release Date: 2026-04-29T11:29:57Z Rating: moderate References: * bsc#1261833 Cross-References: * CVE-2026-39881 CVSS scores: * CVE-2026-39881 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39881 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2026-39881 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-39881 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 * SUSE Linux Micro Extras 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for vim fixes the following issue: Update to version 9.2.0398. Security issues fixed: * CVE-2026-39881: missing sanitization in `defineAnnoType` and `specialKeys` can lead to arbitrary Ex command injection via a malicious NetBeans server (bsc#1261833). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.1 zypper in -t patch SUSE-SLE-Micro-Extras-6.1-515=1 ## Package List: * SUSE Linux Micro Extras 6.1 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.2.0398-slfo.1.1_1.1 * vim-debuginfo-9.2.0398-slfo.1.1_1.1 * vim-9.2.0398-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-39881.html * https://bugzilla.suse.com/show_bug.cgi?id=1261833 . An update for vim on SUSE fixes a moderate vulnerability allowing potential arbitrary command execution via NetBeans.. SUSE Linux,vim security,patch installation. . LinuxSecurity.com Team
Important: vim security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:11389", "synopsis": "Important: vim security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for vim.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Vim (Vi IMproved) is an updated and improved version of the vi editor.\n\nSecurity Fix(es):\n\n* vim: arbitrary command execution via modeline sandbox bypass (CVE-2026-34982)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2455400", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2455400", "description": ""}], "cves": [{"name": "CVE-2026-34982", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34982", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "cvss3BaseScore": "8.2", "cwe": "CWE-78"}], "references": [], "publishedAt": "2026-05-01T12:06:42.394267Z", "rpms": {"Rocky Linux 10": {"nvras": ["vim-debuginfo-2:9.1.083-6.el10_1.4.x86_64.rpm", "vim-debuginfo-2:9.1.083-6.el10_1.4.s390x.rpm", "vim-enhanced-debuginfo-2:9.1.083-6.el10_1.4.s390x.rpm", "vim-enhanced-2:9.1.083-6.el10_1.4.s390x.rpm", "vim-X11-debuginfo-2:9.1.083-6.el10_1.4.ppc64le.rpm", "vim-2:9.1.083-6.el10_1.4.src.rpm", "vim-X11-debuginfo-2:9.1.083-6.el10_1.4.aarch64.rpm", "vim-X11-2:9.1.083-6.el10_1.4.s390x.rpm", "vim-enhanced-2:9.1.083-6.el10_1.4.aarch64.rpm", "vim-filesystem-2:9.1.083-6.el10_1.4.noarch.rpm", "xxd-2:9.1.083-6.el10_1.4.ppc64le.rpm", "xxd-debuginfo-2:9.1.083-6.el10_1.4.ppc64le.rpm", "vim-minimal-2:9.1.083-6.el10_1.4.ppc64le.rpm", "vim-minimal-debuginfo-2:9.1.083-6.el10_1.4.aarch64.rpm","vim-X11-2:9.1.083-6.el10_1.4.x86_64.rpm", "vim-X11-2:9.1.083-6.el10_1.4.aarch64.rpm", "vim-common-2:9.1.083-6.el10_1.4.x86_64.rpm", "vim-enhanced-debuginfo-2:9.1.083-6.el10_1.4.ppc64le.rpm", "vim-enhanced-debuginfo-2:9.1.083-6.el10_1.4.aarch64.rpm", "xxd-debuginfo-2:9.1.083-6.el10_1.4.s390x.rpm", "vim-X11-2:9.1.083-6.el10_1.4.ppc64le.rpm", "vim-data-2:9.1.083-6.el10_1.4.noarch.rpm", "vim-debugsource-2:9.1.083-6.el10_1.4.x86_64.rpm", "vim-enhanced-debuginfo-2:9.1.083-6.el10_1.4.x86_64.rpm", "vim-debugsource-2:9.1.083-6.el10_1.4.s390x.rpm", "vim-X11-debuginfo-2:9.1.083-6.el10_1.4.x86_64.rpm", "xxd-2:9.1.083-6.el10_1.4.s390x.rpm", "vim-debugsource-2:9.1.083-6.el10_1.4.aarch64.rpm", "xxd-debuginfo-2:9.1.083-6.el10_1.4.aarch64.rpm", "vim-X11-debuginfo-2:9.1.083-6.el10_1.4.s390x.rpm", "xxd-debuginfo-2:9.1.083-6.el10_1.4.x86_64.rpm", "vim-minimal-2:9.1.083-6.el10_1.4.aarch64.rpm", "vim-minimal-debuginfo-2:9.1.083-6.el10_1.4.s390x.rpm", "vim-common-2:9.1.083-6.el10_1.4.aarch64.rpm", "xxd-2:9.1.083-6.el10_1.4.x86_64.rpm", "vim-minimal-debuginfo-2:9.1.083-6.el10_1.4.x86_64.rpm", "vim-enhanced-2:9.1.083-6.el10_1.4.ppc64le.rpm", "vim-debugsource-2:9.1.083-6.el10_1.4.ppc64le.rpm", "vim-common-2:9.1.083-6.el10_1.4.s390x.rpm", "vim-enhanced-2:9.1.083-6.el10_1.4.x86_64.rpm", "vim-minimal-debuginfo-2:9.1.083-6.el10_1.4.ppc64le.rpm", "vim-debuginfo-2:9.1.083-6.el10_1.4.aarch64.rpm", "vim-common-2:9.1.083-6.el10_1.4.ppc64le.rpm", "xxd-2:9.1.083-6.el10_1.4.aarch64.rpm", "vim-debuginfo-2:9.1.083-6.el10_1.4.ppc64le.rpm", "vim-minimal-2:9.1.083-6.el10_1.4.s390x.rpm", "vim-minimal-2:9.1.083-6.el10_1.4.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Arbitrary command execution in vim with Important security update for Rocky Linux 10. Immediate action recommended.. Rocky Linux vim security update, arbitrary command execution fix, server security update. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-11510 http://linux.oracle.com/errata/ELSA-2026-11510.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: vim-X11-8.2.2637-23.0.1.el9_7.3.x86_64.rpm vim-common-8.2.2637-23.0.1.el9_7.3.x86_64.rpm vim-enhanced-8.2.2637-23.0.1.el9_7.3.x86_64.rpm vim-filesystem-8.2.2637-23.0.1.el9_7.3.noarch.rpm vim-minimal-8.2.2637-23.0.1.el9_7.3.x86_64.rpm aarch64: vim-X11-8.2.2637-23.0.1.el9_7.3.aarch64.rpm vim-common-8.2.2637-23.0.1.el9_7.3.aarch64.rpm vim-enhanced-8.2.2637-23.0.1.el9_7.3.aarch64.rpm vim-filesystem-8.2.2637-23.0.1.el9_7.3.noarch.rpm vim-minimal-8.2.2637-23.0.1.el9_7.3.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/vim-8.2.2637-23.0.1.el9_7.3.src.rpm Related CVEs: CVE-2026-34982 Description of changes: [8.2.2637-23.0.1.el9_7.3] - Remove upstream references [Orabug: 31197557] [2:8.2.2637-23.3] - Resolves: RHEL-164965 vim: arbitrary command execution via modeline sandbox bypass [2:8.2.2637-23.2] - RHEL-155437 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin - RHEL-155422 CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap file - RHEL-159629 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob() function [2:8.2.2637-23.1] - RHEL-147940 CVE-2026-25749 vim: Heap Overflow in Vim _______________________________________________ El-errata mailing list
Get the latest Linux and open source security news straight to your inbox.