Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
203
security advisoryimportantsandbox escapeMageia 9 Flatpak Critical Sandbox Escape Vulnerability File Deletion Risk
MGASA-2026-0133 - Updated flatpak packages fix security vulnerabilities. MGASA-2026-0133 - Updated flatpak packages fix security vulnerabilities Publication date: 14 May 2026 URL: https://advisories.mageia.org/MGASA-2026-0133.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-34078, CVE-2026-34079 Description: Complete sandbox escape leading to host file access and code execution in the host context. (CVE-2026-34078) Arbitrary file deletion on the host filesystem. (CVE-2026-34079) References: - https://bugs.mageia.org/show_bug.cgi?id=35336 - https://www.openwall.com/lists/oss-security/2026/04/09/3 - https://github.com/flatpak/flatpak/security/advisories/GHSA-cc2q-qc34-jprg - https://github.com/flatpak/flatpak/security/advisories/GHSA-p29x-r292-46pp - https://github.com/flatpak/flatpak/security/advisories/GHSA-2fxp-43j9-pwvc - https://github.com/flatpak/flatpak/security/advisories/GHSA-89xm-3m96-w3jg - https://lists.debian.org/debian-security-announce/2026/msg00133.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34078 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34079 SRPMS: - 9/core/flatpak-1.14.10-1.1.mga9 . Updated flatpak packages for Mageia address critical sandbox escape and arbitrary file access issues.. Mageia flatpak security update sandbox escape arbitrary file deletion. . Severity: Important. LinuxSecurity.com Team
May 14, 2026
•Important
Mageia
202
security advisoryarbitrary code executionimportantopenSUSE Leap 15.6 flatpak Important Code Execution Issues 2026-1600-1
An update that solves two vulnerabilities can now be installed.. # Security update for flatpak Announcement ID: SUSE-SU-2026:1600-1 Release Date: 2026-04-24T11:46:10Z Rating: important References: * bsc#1261769 * bsc#1261770 Cross-References: * CVE-2026-34078 * CVE-2026-34079 CVSS scores: * CVE-2026-34078 ( SUSE ): 6.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2026-34078 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34078 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N * CVE-2026-34079 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L * CVE-2026-34079 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for flatpak fixes the following issues: * CVE-2026-34078: Arbitrary code execution via crafted symlinks in sandbox- expose options (bsc#1261769). * CVE-2026-34079: Arbitrary file deletion on host via improper cache file path validation (bsc#1261770). ##Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1600=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1600=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1600=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1600=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * flatpak-1.16.0-150600.3.9.1 * typelib-1_0-Flatpak-1_0-1.16.0-150600.3.9.1 * libflatpak0-1.16.0-150600.3.9.1 * flatpak-debuginfo-1.16.0-150600.3.9.1 * libflatpak0-debuginfo-1.16.0-150600.3.9.1 * flatpak-devel-1.16.0-150600.3.9.1 * flatpak-debugsource-1.16.0-150600.3.9.1 * openSUSE Leap 15.6 (noarch) * flatpak-zsh-completion-1.16.0-150600.3.9.1 * system-user-flatpak-1.16.0-150600.3.9.1 * flatpak-remote-flathub-1.16.0-150600.3.9.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * flatpak-1.16.0-150600.3.9.1 * typelib-1_0-Flatpak-1_0-1.16.0-150600.3.9.1 * libflatpak0-1.16.0-150600.3.9.1 * flatpak-debuginfo-1.16.0-150600.3.9.1 * libflatpak0-debuginfo-1.16.0-150600.3.9.1 * flatpak-devel-1.16.0-150600.3.9.1 * flatpak-debugsource-1.16.0-150600.3.9.1 * Desktop Applications Module 15-SP7 (noarch) * flatpak-zsh-completion-1.16.0-150600.3.9.1 * system-user-flatpak-1.16.0-150600.3.9.1 * flatpak-remote-flathub-1.16.0-150600.3.9.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * flatpak-1.16.0-150600.3.9.1 * typelib-1_0-Flatpak-1_0-1.16.0-150600.3.9.1 * libflatpak0-1.16.0-150600.3.9.1 * flatpak-debuginfo-1.16.0-150600.3.9.1 * libflatpak0-debuginfo-1.16.0-150600.3.9.1 * flatpak-devel-1.16.0-150600.3.9.1 * flatpak-debugsource-1.16.0-150600.3.9.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * flatpak-zsh-completion-1.16.0-150600.3.9.1 * system-user-flatpak-1.16.0-150600.3.9.1 * flatpak-remote-flathub-1.16.0-150600.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * flatpak-1.16.0-150600.3.9.1 * typelib-1_0-Flatpak-1_0-1.16.0-150600.3.9.1 * libflatpak0-1.16.0-150600.3.9.1 * flatpak-debuginfo-1.16.0-150600.3.9.1 * libflatpak0-debuginfo-1.16.0-150600.3.9.1 * flatpak-devel-1.16.0-150600.3.9.1 * flatpak-debugsource-1.16.0-150600.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * flatpak-zsh-completion-1.16.0-150600.3.9.1 * system-user-flatpak-1.16.0-150600.3.9.1 * flatpak-remote-flathub-1.16.0-150600.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34078.html * https://www.suse.com/security/cve/CVE-2026-34079.html * https://bugzilla.suse.com/show_bug.cgi?id=1261769 * https://bugzilla.suse.com/show_bug.cgi?id=1261770 . Install the latest important security update for openSUSE flatpak correcting code execution and file deletion issues.. openSUSE updates, flatpak issues, security advisory, SUSE vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Apr 24, 2026
•Important
OpenSUSE
100
security advisorySuSEarbitrary code executionSUSE Flatpak Critical Code Execution Vulnerability Resolution 2026-1600-1
An update that solves two vulnerabilities can now be installed.. # Security update for flatpak Announcement ID: SUSE-SU-2026:1600-1 Release Date: 2026-04-24T11:46:10Z Rating: important References: * bsc#1261769 * bsc#1261770 Cross-References: * CVE-2026-34078 * CVE-2026-34079 CVSS scores: * CVE-2026-34078 ( SUSE ): 6.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2026-34078 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34078 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N * CVE-2026-34079 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L * CVE-2026-34079 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for flatpak fixes the following issues: * CVE-2026-34078: Arbitrary code execution via crafted symlinks in sandbox- expose options (bsc#1261769). * CVE-2026-34079: Arbitrary file deletion on host via improper cache file path validation (bsc#1261770). ##Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1600=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1600=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1600=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1600=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * flatpak-1.16.0-150600.3.9.1 * typelib-1_0-Flatpak-1_0-1.16.0-150600.3.9.1 * libflatpak0-1.16.0-150600.3.9.1 * flatpak-debuginfo-1.16.0-150600.3.9.1 * libflatpak0-debuginfo-1.16.0-150600.3.9.1 * flatpak-devel-1.16.0-150600.3.9.1 * flatpak-debugsource-1.16.0-150600.3.9.1 * openSUSE Leap 15.6 (noarch) * flatpak-zsh-completion-1.16.0-150600.3.9.1 * system-user-flatpak-1.16.0-150600.3.9.1 * flatpak-remote-flathub-1.16.0-150600.3.9.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * flatpak-1.16.0-150600.3.9.1 * typelib-1_0-Flatpak-1_0-1.16.0-150600.3.9.1 * libflatpak0-1.16.0-150600.3.9.1 * flatpak-debuginfo-1.16.0-150600.3.9.1 * libflatpak0-debuginfo-1.16.0-150600.3.9.1 * flatpak-devel-1.16.0-150600.3.9.1 * flatpak-debugsource-1.16.0-150600.3.9.1 * Desktop Applications Module 15-SP7 (noarch) * flatpak-zsh-completion-1.16.0-150600.3.9.1 * system-user-flatpak-1.16.0-150600.3.9.1 * flatpak-remote-flathub-1.16.0-150600.3.9.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * flatpak-1.16.0-150600.3.9.1 * typelib-1_0-Flatpak-1_0-1.16.0-150600.3.9.1 * libflatpak0-1.16.0-150600.3.9.1 * flatpak-debuginfo-1.16.0-150600.3.9.1 * libflatpak0-debuginfo-1.16.0-150600.3.9.1 * flatpak-devel-1.16.0-150600.3.9.1 * flatpak-debugsource-1.16.0-150600.3.9.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * flatpak-zsh-completion-1.16.0-150600.3.9.1 * system-user-flatpak-1.16.0-150600.3.9.1 * flatpak-remote-flathub-1.16.0-150600.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * flatpak-1.16.0-150600.3.9.1 * typelib-1_0-Flatpak-1_0-1.16.0-150600.3.9.1 * libflatpak0-1.16.0-150600.3.9.1 * flatpak-debuginfo-1.16.0-150600.3.9.1 * libflatpak0-debuginfo-1.16.0-150600.3.9.1 * flatpak-devel-1.16.0-150600.3.9.1 * flatpak-debugsource-1.16.0-150600.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * flatpak-zsh-completion-1.16.0-150600.3.9.1 * system-user-flatpak-1.16.0-150600.3.9.1 * flatpak-remote-flathub-1.16.0-150600.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34078.html * https://www.suse.com/security/cve/CVE-2026-34079.html * https://bugzilla.suse.com/show_bug.cgi?id=1261769 * https://bugzilla.suse.com/show_bug.cgi?id=1261770 . Update for flatpak addresses important issues including arbitrary file deletion and code execution exploits.. flatpak security update, SUSE vulnerabilities, application patching security, Linux application security. . Severity: Important. LinuxSecurity.com Team
Apr 24, 2026
•Important
SuSE
202
security advisorymoderateevolution-data-serveropenSUSE Leap 15.6 SUSE-SU-2026-0890-3 CVE-2026-2652 Moderate Security Flaw
An update that solves one vulnerability can now be installed.. # Security update for evolution-data-server Announcement ID: SUSE-SU-2026:0775-1 Release Date: 2026-03-03T13:19:22Z Rating: moderate References: * bsc#1258307 Cross-References: * CVE-2026-2604 CVSS scores: * CVE-2026-2604 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-2604 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for evolution-data-server fixes the following issue: * CVE-2026-2604: arbitrary file deletion via inconsistent URI handling (bsc#1258307). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-775=1 SUSE-2026-775=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-775=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-775=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * typelib-1_0-EBook-1_2-3.50.3-150600.3.9.1 * typelib-1_0-EDataServerUI4-1_0-3.50.3-150600.3.9.1 * libedataserverui4-1_0-0-3.50.3-150600.3.9.1 * libedataserverui-1_2-4-3.50.3-150600.3.9.1 * typelib-1_0-EDataBook-1_2-3.50.3-150600.3.9.1 * typelib-1_0-EDataServerUI-1_2-3.50.3-150600.3.9.1 * typelib-1_0-ECal-2_0-3.50.3-150600.3.9.1 *libebook-1_2-21-debuginfo-3.50.3-150600.3.9.1 * evolution-data-server-debuginfo-3.50.3-150600.3.9.1 * libedata-book-1_2-27-3.50.3-150600.3.9.1 * libcamel-1_2-64-3.50.3-150600.3.9.1 * libedata-cal-2_0-2-debuginfo-3.50.3-150600.3.9.1 * evolution-data-server-devel-3.50.3-150600.3.9.1 * libebook-contacts-1_2-4-3.50.3-150600.3.9.1 * typelib-1_0-Camel-1_2-3.50.3-150600.3.9.1 * libecal-2_0-2-debuginfo-3.50.3-150600.3.9.1 * libebook-contacts-1_2-4-debuginfo-3.50.3-150600.3.9.1 * libebackend-1_2-11-3.50.3-150600.3.9.1 * typelib-1_0-EDataServer-1_2-3.50.3-150600.3.9.1 * libebackend-1_2-11-debuginfo-3.50.3-150600.3.9.1 * libedataserverui-1_2-4-debuginfo-3.50.3-150600.3.9.1 * evolution-data-server-3.50.3-150600.3.9.1 * libedataserver-1_2-27-debuginfo-3.50.3-150600.3.9.1 * libedataserverui4-1_0-0-debuginfo-3.50.3-150600.3.9.1 * libcamel-1_2-64-debuginfo-3.50.3-150600.3.9.1 * libedata-cal-2_0-2-3.50.3-150600.3.9.1 * typelib-1_0-EBackend-1_2-3.50.3-150600.3.9.1 * libecal-2_0-2-3.50.3-150600.3.9.1 * libedata-book-1_2-27-debuginfo-3.50.3-150600.3.9.1 * evolution-data-server-debugsource-3.50.3-150600.3.9.1 * libedataserver-1_2-27-3.50.3-150600.3.9.1 * typelib-1_0-EBookContacts-1_2-3.50.3-150600.3.9.1 * typelib-1_0-EDataCal-2_0-3.50.3-150600.3.9.1 * libebook-1_2-21-3.50.3-150600.3.9.1 * openSUSE Leap 15.6 (noarch) * evolution-data-server-lang-3.50.3-150600.3.9.1 * SUSE Package Hub 15 15-SP7 (aarch64 s390x) * evolution-data-server-3.50.3-150600.3.9.1 * evolution-data-server-devel-3.50.3-150600.3.9.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * typelib-1_0-EBook-1_2-3.50.3-150600.3.9.1 * libedataserverui-1_2-4-3.50.3-150600.3.9.1 * typelib-1_0-EDataBook-1_2-3.50.3-150600.3.9.1 * typelib-1_0-EDataServerUI-1_2-3.50.3-150600.3.9.1 * typelib-1_0-ECal-2_0-3.50.3-150600.3.9.1 * libebook-1_2-21-debuginfo-3.50.3-150600.3.9.1 * evolution-data-server-debuginfo-3.50.3-150600.3.9.1 *libedata-book-1_2-27-3.50.3-150600.3.9.1 * libcamel-1_2-64-3.50.3-150600.3.9.1 * libedata-cal-2_0-2-debuginfo-3.50.3-150600.3.9.1 * libebook-contacts-1_2-4-3.50.3-150600.3.9.1 * typelib-1_0-Camel-1_2-3.50.3-150600.3.9.1 * libecal-2_0-2-debuginfo-3.50.3-150600.3.9.1 * libebook-contacts-1_2-4-debuginfo-3.50.3-150600.3.9.1 * libebackend-1_2-11-3.50.3-150600.3.9.1 * typelib-1_0-EDataServer-1_2-3.50.3-150600.3.9.1 * libebackend-1_2-11-debuginfo-3.50.3-150600.3.9.1 * libedataserverui-1_2-4-debuginfo-3.50.3-150600.3.9.1 * libedataserver-1_2-27-debuginfo-3.50.3-150600.3.9.1 * libcamel-1_2-64-debuginfo-3.50.3-150600.3.9.1 * libedata-cal-2_0-2-3.50.3-150600.3.9.1 * typelib-1_0-EBackend-1_2-3.50.3-150600.3.9.1 * libecal-2_0-2-3.50.3-150600.3.9.1 * libedata-book-1_2-27-debuginfo-3.50.3-150600.3.9.1 * evolution-data-server-debugsource-3.50.3-150600.3.9.1 * libedataserver-1_2-27-3.50.3-150600.3.9.1 * typelib-1_0-EBookContacts-1_2-3.50.3-150600.3.9.1 * typelib-1_0-EDataCal-2_0-3.50.3-150600.3.9.1 * libebook-1_2-21-3.50.3-150600.3.9.1 * SUSE Package Hub 15 15-SP7 (noarch) * evolution-data-server-lang-3.50.3-150600.3.9.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * typelib-1_0-EBook-1_2-3.50.3-150600.3.9.1 * typelib-1_0-EDataServerUI4-1_0-3.50.3-150600.3.9.1 * libedataserverui4-1_0-0-3.50.3-150600.3.9.1 * libedataserverui-1_2-4-3.50.3-150600.3.9.1 * typelib-1_0-EDataServerUI-1_2-3.50.3-150600.3.9.1 * typelib-1_0-ECal-2_0-3.50.3-150600.3.9.1 * libebook-1_2-21-debuginfo-3.50.3-150600.3.9.1 * evolution-data-server-debuginfo-3.50.3-150600.3.9.1 * libedata-book-1_2-27-3.50.3-150600.3.9.1 * libcamel-1_2-64-3.50.3-150600.3.9.1 * libedata-cal-2_0-2-debuginfo-3.50.3-150600.3.9.1 * evolution-data-server-devel-3.50.3-150600.3.9.1 * libebook-contacts-1_2-4-3.50.3-150600.3.9.1 * typelib-1_0-Camel-1_2-3.50.3-150600.3.9.1 * libecal-2_0-2-debuginfo-3.50.3-150600.3.9.1 *libebook-contacts-1_2-4-debuginfo-3.50.3-150600.3.9.1 * libebackend-1_2-11-3.50.3-150600.3.9.1 * typelib-1_0-EDataServer-1_2-3.50.3-150600.3.9.1 * libebackend-1_2-11-debuginfo-3.50.3-150600.3.9.1 * libedataserverui-1_2-4-debuginfo-3.50.3-150600.3.9.1 * evolution-data-server-3.50.3-150600.3.9.1 * libedataserver-1_2-27-debuginfo-3.50.3-150600.3.9.1 * libedataserverui4-1_0-0-debuginfo-3.50.3-150600.3.9.1 * libcamel-1_2-64-debuginfo-3.50.3-150600.3.9.1 * libedata-cal-2_0-2-3.50.3-150600.3.9.1 * libecal-2_0-2-3.50.3-150600.3.9.1 * libedata-book-1_2-27-debuginfo-3.50.3-150600.3.9.1 * evolution-data-server-debugsource-3.50.3-150600.3.9.1 * libedataserver-1_2-27-3.50.3-150600.3.9.1 * typelib-1_0-EBookContacts-1_2-3.50.3-150600.3.9.1 * libebook-1_2-21-3.50.3-150600.3.9.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * evolution-data-server-lang-3.50.3-150600.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2604.html * https://bugzilla.suse.com/show_bug.cgi?id=1258307 . Fix for arbitrary file deletion in evolution-data-server for openSUSE users with a moderate security advisory. Stay secure!. openSUSE update,evolution-data-server patch,security recommendation,openSUSE vulnerability. . LinuxSecurity.com Team
Mar 03, 2026
OpenSUSE
89
security advisoryfedorapath traversalFedora 34: 2022-5aeda24c24 Critical: Thefuck Path Traversal Issue
Security fix for CVE-2021-34363. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-5aeda24c24 2022-01-19 01:53:29.295618 --------------------------------------------------------------------------------Name : thefuck Product : Fedora 34 Version : 3.32 Release : 1.fc34 URL : https://github.com/nvbn/thefuck Summary : App that corrects your previous console command Description : This application corrects your previous console command. If you use BASH, you should add these lines to your .bashrc: alias fuck='eval $(thefuck $(fc -ln -1)); history -r' alias FUCK='fuck' For other shells please check /usr/share/doc/thefuck/README.md --------------------------------------------------------------------------------Update Information: Security fix for CVE-2021-34363 --------------------------------------------------------------------------------ChangeLog: * Mon Jan 10 2022 Arthur Bols - 3.32-1 - Upstream release 3.32 - Updated spec to comply with updated guidelines * Fri Jul 23 2021 Fedora Release Engineering - 3.15-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Fri Jun 4 2021 Python Maint - 3.15-14 - Rebuilt for Python 3.10 --------------------------------------------------------------------------------References: [ 1 ] Bug #1970598 - CVE-2021-34363 thefuck: arbitrary file deletion via path traversal https://bugzilla.redhat.com/show_bug.cgi?id=1970598 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5aeda24c24' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jan 18, 2022
•Critical
Fedora
98
security advisoryred hatauthentication bypassRed Hat Data Grid 8.2 Critical: RHSA-2021:2139-01 Authentication Bypass
A security update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: Red Hat Data Grid 8.2.0 security update Advisory ID: RHSA-2021:2139-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2021:2139 Issue date: 2021-05-26 CVE Names: CVE-2020-10771 CVE-2020-26258 CVE-2020-26259 CVE-2021-21290 CVE-2021-21295 CVE-2021-21341 CVE-2021-21342 CVE-2021-21343 CVE-2021-21344 CVE-2021-21345 CVE-2021-21346 CVE-2021-21347 CVE-2021-21348 CVE-2021-21349 CVE-2021-21350 CVE-2021-21351 CVE-2021-21409 CVE-2021-31917 ==================================================================== 1. Summary: A security update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Data Grid is a distributed, in-memory data store. This release of Red Hat Data Grid 8.2.0 serves as a replacement for Red Hat Data Grid 8.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * Infinispan: Authentication bypass on REST endpoints when using DIGEST authentication mechanism (CVE-2021-31917) * XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet (CVE-2021-21344) * XStream: Unsafe deserizaliationof com.sun.corba.se.impl.activation.ServerTableEntry (CVE-2021-21345) * XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue (CVE-2021-21346) * XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator (CVE-2021-21347) * XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader (CVE-2021-21350) * Infinispan: Actions with effects should not be permitted via GET requests using REST API (CVE-2020-10771) * XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling (CVE-2020-26258) * XStream: arbitrary file deletion on the local host when unmarshalling (CVE-2020-26259) * netty: Information disclosure via the local system temporary directory (CVE-2021-21290) * netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295) * XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream (CVE-2021-21341) * XStream: SSRF via crafted input stream (CVE-2021-21342) * XStream: arbitrary file deletion on the local host via crafted input stream (CVE-2021-21343) * XStream: ReDoS vulnerability (CVE-2021-21348) * XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host (CVE-2021-21349) * XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21351) * netty: Request smuggling via content-length header (CVE-2021-21409) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Refer to the Data Grid 8.2 Upgrade Guide for instructions on upgrading to this version. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed(https://bugzilla.redhat.com/): 1846293 - CVE-2020-10771 Infinispan: Actions with effects should not be permitted via GET requests using REST API 1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling 1908837 - CVE-2020-26259 XStream: arbitrary file deletion on the local host when unmarshalling 1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1942539 - CVE-2021-21341 XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream 1942545 - CVE-2021-21342 XStream: SSRF via crafted input stream 1942550 - CVE-2021-21343 XStream: arbitrary file deletion on the local host via crafted input stream 1942554 - CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet 1942558 - CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry 1942578 - CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue 1942629 - CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator 1942633 - CVE-2021-21348 XStream: ReDoS vulnerability 1942635 - CVE-2021-21349 XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host 1942637 - CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader 1942642 - CVE-2021-21351 XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1955113 - CVE-2021-31917 Infinispan: Authentication bypass on REST endpoints when using DIGEST authentication mechanism 5.References: https://access.redhat.com/security/cve/CVE-2020-10771 https://access.redhat.com/security/cve/CVE-2020-26258 https://access.redhat.com/security/cve/CVE-2020-26259 https://access.redhat.com/security/cve/CVE-2021-21290 https://access.redhat.com/security/cve/CVE-2021-21295 https://access.redhat.com/security/cve/CVE-2021-21341 https://access.redhat.com/security/cve/CVE-2021-21342 https://access.redhat.com/security/cve/CVE-2021-21343 https://access.redhat.com/security/cve/CVE-2021-21344 https://access.redhat.com/security/cve/CVE-2021-21345 https://access.redhat.com/security/cve/CVE-2021-21346 https://access.redhat.com/security/cve/CVE-2021-21347 https://access.redhat.com/security/cve/CVE-2021-21348 https://access.redhat.com/security/cve/CVE-2021-21349 https://access.redhat.com/security/cve/CVE-2021-21350 https://access.redhat.com/security/cve/CVE-2021-21351 https://access.redhat.com/security/cve/CVE-2021-21409 https://access.redhat.com/security/cve/CVE-2021-31917 https://access.redhat.com/security/updates/classification#critical https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=data.grid&version=8.2 https://docs.redhat.com/en/documentation/red_hat_data_grid/8.2/html/upgrading_data_grid/index 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYK7C1tzjgjWX9erEAQiWPg/9HusdDg2N/WJPUeZSoFsYXgm5XgNzleJH 5999VYyebIKZSEAkgPKZOoIAQGoZtVRdqdtGONYMMJfQbNq+5xLiR6jNjF5BSkzN cOAX1R9RtDekdeedVWR1dNf/lX9/Y2h5buNrwEoRimwva7z7lDlC6w9aNhtYgNk4 NIt5WeeNaXirq+lPi2KhMIoQTr+RSrPIcYyOXTtpV1N9ocx20VIXU71OCkoouA7h UzyVojxMpLzT+H93sgqnGDgrMcxraJdGhdl7zVKiCIN1KHVq8rduB78bjQTDMiVN f2cvHUMMIY52ZMmbsMzz9ExEWKurclyiQpWsJcAzq4/n1DL+ojr+a9Ir57Rar19y a86/mnroUPc4M6nNH0HeA6StZgt6+WVHZ/wlTTKRB9C1l40kZOahj/Te0jrgiDj2 g2G9S7gkF167IcmFpXFgqjxRH40FI33fX3uM1sdbZefW86EyDIc/VD5GAI9KKY4x 6oodgPg5XeLvc+Esl9UN14rtaSkY26PQriunwEluYzybmp1ZWJO18Ow8UqTavpPk Y2ubqvXOFhPCBSQCCdxXMpM83fymqhyh1xoZn0LWlVDX5UcEsfYRtANNtkYIsFTn YZF2CNYjSaTwiy9/eOB18+tnPjIBHWlkOZngUuP1QzHceAiUEWix+pHiqDZnrCMm WjIkSEGjy/g=vmHt -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 26, 2021
•Critical
Red Hat
172
security advisorydenial of servicecriticalUbuntu 21.04: 4943-1 Severe: libxstream-java Remote Code Risks
Several security issues were fixed in XStream library.. =========================================================================Ubuntu Security Notice USN-4943-1 May 11, 2021 libxstream-java vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in XStream library. Software Description: - libxstream-java: Java library to serialize objects to XML and back again Details: Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. This issue affected only affected Ubuntu 20.10. (CVE-2020-26217) It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. This issue only affected Ubuntu 20.10. (CVE-2020-26258) It was discovered that XStream was vulnerable to arbitrary file deletion on the local host. A remote attacker could use this to delete arbitrary known files on the host as long as the executing process had sufficient rights only by manipulating the processed input stream. This issue only affected Ubuntu 20.10. (CVE-2020-26259) It was discovered that XStream was vulnerable to denial of service, arbitrary code execution, arbitrary file deletion and server-side forgery attacks. A remote attacker could cause any of those issues by manipulating the processed input stream. (CVE-2021-21341, CVE-2021-21342, CVE-2021-21343 CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: libxstream-java 1.4.15-1ubuntu0.1 Ubuntu 20.10: libxstream-java 1.4.11.1-2ubuntu0.1 Ubuntu 20.04 LTS: libxstream-java 1.4.11.1-1ubuntu0.2 Ubuntu 18.04 LTS: libxstream-java 1.4.11.1-1~18.04.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4943-1 CVE-2020-26217, CVE-2020-26258, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351 Package Information: https://launchpad.net/ubuntu/+source/libxstream-java/1.4.15-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libxstream-java/1.4.11.1-2ubuntu0.1 https://launchpad.net/ubuntu/+source/libxstream-java/1.4.11.1-1ubuntu0.2 https://launchpad.net/ubuntu/+source/libxstream-java/1.4.11.1-1~18.04.2 . Numerous security issues within the libxstream-java library for Ubuntu have been addressed, significantly reducing critical threats.. Ubuntu Security Advisory, Java Library Issues, Remote Code Risks. . Severity: Critical. LinuxSecurity.com Team
May 11, 2021
•Critical
Ubuntu
172
security advisorymoderateremote code executionUbuntu 20.04 & 18.04 LTS USN-4714-1 Moderate: XStream Security Issues
Several security issues were fixed in libxstream-java.. =========================================================================Ubuntu Security Notice USN-4714-1 January 28, 2021 libxstream-java vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in libxstream-java. Software Description: - libxstream-java: Java library to serialize objects to XML and back again Details: Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. (CVE-2020-26217) It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. (CVE-2020-26258) It was discovered that XStream was vulnerable to arbitrary file deletion on the local host. A remote attacker could use this to delete arbitrary known files on the host as long as the executing process had sufficient rights only by manipulating the processed input stream. (CVE-2020-26259) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libxstream-java 1.4.11.1-1ubuntu0.1 Ubuntu 18.04 LTS: libxstream-java 1.4.11.1-1~18.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4714-1 CVE-2020-26217, CVE-2020-26258, CVE-2020-26259 Package Information: https://launchpad.net/ubuntu/+source/libxstream-java/1.4.11.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libxstream-java/1.4.11.1-1~18.04.1 . Multiple security weaknesses in libxstream-java have been addressed through recent Ubuntu updates. Make certain your system issafeguarded and current.. libxstream-java vulnerabilities, Ubuntu security advisory, remote execution issues. . Severity: Important. LinuxSecurity.com Team
Jan 28, 2021
•Important
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!