Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves two vulnerabilities can now be installed.. # Security update for sssd Announcement ID: SUSE-SU-2026:3025-1 Release Date: 2026-07-15T09:49:27Z Rating: important References: * bsc#1270708 * bsc#1270709 Cross-References: * CVE-2026-14474 * CVE-2026-14476 CVSS scores: * CVE-2026-14474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-14474 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-14476 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-14476 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for sssd fixes the following issues * CVE-2026-14474: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation (bsc#1270709). * CVE-2026-14476: GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication bypass (bsc#1270708). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3025=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3025=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-3025=1 ## Package List: * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * sssd-dbus-2.10.2-150600.3.53.1 * libsss_simpleifp0-debuginfo-2.10.2-150600.3.53.1 * sssd-ipa-debuginfo-2.10.2-150600.3.53.1 * sssd-tools-debuginfo-2.10.2-150600.3.53.1 *python3-sss_nss_idmap-2.10.2-150600.3.53.1 * sssd-krb5-2.10.2-150600.3.53.1 * libsss_certmap0-debuginfo-2.10.2-150600.3.53.1 * libsss_simpleifp-devel-2.10.2-150600.3.53.1 * libnfsidmap-sss-debuginfo-2.10.2-150600.3.53.1 * python3-sss_nss_idmap-debuginfo-2.10.2-150600.3.53.1 * python3-sssd-config-2.10.2-150600.3.53.1 * sssd-krb5-common-debuginfo-2.10.2-150600.3.53.1 * python3-sssd-config-debuginfo-2.10.2-150600.3.53.1 * sssd-debugsource-2.10.2-150600.3.53.1 * sssd-proxy-2.10.2-150600.3.53.1 * sssd-ad-2.10.2-150600.3.53.1 * python3-ipa_hbac-debuginfo-2.10.2-150600.3.53.1 * sssd-ldap-debuginfo-2.10.2-150600.3.53.1 * libsss_idmap0-2.10.2-150600.3.53.1 * python3-ipa_hbac-2.10.2-150600.3.53.1 * libsss_nss_idmap0-2.10.2-150600.3.53.1 * sssd-ad-debuginfo-2.10.2-150600.3.53.1 * sssd-winbind-idmap-debuginfo-2.10.2-150600.3.53.1 * sssd-krb5-debuginfo-2.10.2-150600.3.53.1 * libipa_hbac0-debuginfo-2.10.2-150600.3.53.1 * libsss_nss_idmap0-debuginfo-2.10.2-150600.3.53.1 * libsss_nss_idmap-devel-2.10.2-150600.3.53.1 * sssd-winbind-idmap-2.10.2-150600.3.53.1 * sssd-proxy-debuginfo-2.10.2-150600.3.53.1 * sssd-tools-2.10.2-150600.3.53.1 * sssd-2.10.2-150600.3.53.1 * libsss_idmap0-debuginfo-2.10.2-150600.3.53.1 * sssd-debuginfo-2.10.2-150600.3.53.1 * libnfsidmap-sss-2.10.2-150600.3.53.1 * sssd-ldap-2.10.2-150600.3.53.1 * sssd-kcm-debuginfo-2.10.2-150600.3.53.1 * sssd-kcm-2.10.2-150600.3.53.1 * libsss_simpleifp0-2.10.2-150600.3.53.1 * sssd-krb5-common-2.10.2-150600.3.53.1 * libipa_hbac0-2.10.2-150600.3.53.1 * python3-sss-murmur-debuginfo-2.10.2-150600.3.53.1 * libsss_certmap0-2.10.2-150600.3.53.1 * libsss_certmap-devel-2.10.2-150600.3.53.1 * sssd-dbus-debuginfo-2.10.2-150600.3.53.1 * sssd-ipa-2.10.2-150600.3.53.1 * python3-sss-murmur-2.10.2-150600.3.53.1 * libipa_hbac-devel-2.10.2-150600.3.53.1 * libsss_idmap-devel-2.10.2-150600.3.53.1 * openSUSE Leap 15.6(x86_64) * sssd-32bit-2.10.2-150600.3.53.1 * sssd-32bit-debuginfo-2.10.2-150600.3.53.1 * openSUSE Leap 15.6 (aarch64_ilp32) * sssd-64bit-2.10.2-150600.3.53.1 * sssd-64bit-debuginfo-2.10.2-150600.3.53.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * sssd-dbus-2.10.2-150600.3.53.1 * libsss_certmap0-debuginfo-2.10.2-150600.3.53.1 * sssd-ipa-debuginfo-2.10.2-150600.3.53.1 * sssd-tools-debuginfo-2.10.2-150600.3.53.1 * libsss_simpleifp0-debuginfo-2.10.2-150600.3.53.1 * sssd-krb5-2.10.2-150600.3.53.1 * libsss_simpleifp-devel-2.10.2-150600.3.53.1 * python3-sssd-config-2.10.2-150600.3.53.1 * sssd-krb5-common-debuginfo-2.10.2-150600.3.53.1 * python3-sssd-config-debuginfo-2.10.2-150600.3.53.1 * sssd-debugsource-2.10.2-150600.3.53.1 * sssd-proxy-2.10.2-150600.3.53.1 * sssd-ad-2.10.2-150600.3.53.1 * sssd-ldap-debuginfo-2.10.2-150600.3.53.1 * libsss_idmap0-2.10.2-150600.3.53.1 * libsss_nss_idmap0-2.10.2-150600.3.53.1 * sssd-ad-debuginfo-2.10.2-150600.3.53.1 * sssd-winbind-idmap-debuginfo-2.10.2-150600.3.53.1 * sssd-krb5-debuginfo-2.10.2-150600.3.53.1 * libipa_hbac0-debuginfo-2.10.2-150600.3.53.1 * libsss_nss_idmap0-debuginfo-2.10.2-150600.3.53.1 * libsss_nss_idmap-devel-2.10.2-150600.3.53.1 * sssd-winbind-idmap-2.10.2-150600.3.53.1 * sssd-proxy-debuginfo-2.10.2-150600.3.53.1 * sssd-tools-2.10.2-150600.3.53.1 * sssd-2.10.2-150600.3.53.1 * libsss_idmap0-debuginfo-2.10.2-150600.3.53.1 * sssd-debuginfo-2.10.2-150600.3.53.1 * sssd-kcm-debuginfo-2.10.2-150600.3.53.1 * sssd-ldap-2.10.2-150600.3.53.1 * libipa_hbac0-2.10.2-150600.3.53.1 * libsss_simpleifp0-2.10.2-150600.3.53.1 * sssd-kcm-2.10.2-150600.3.53.1 * sssd-krb5-common-2.10.2-150600.3.53.1 * libsss_certmap0-2.10.2-150600.3.53.1 * libsss_certmap-devel-2.10.2-150600.3.53.1 * sssd-dbus-debuginfo-2.10.2-150600.3.53.1 * sssd-ipa-2.10.2-150600.3.53.1 *libipa_hbac-devel-2.10.2-150600.3.53.1 * libsss_idmap-devel-2.10.2-150600.3.53.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * sssd-32bit-2.10.2-150600.3.53.1 * sssd-32bit-debuginfo-2.10.2-150600.3.53.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * sssd-dbus-2.10.2-150600.3.53.1 * libsss_certmap0-debuginfo-2.10.2-150600.3.53.1 * sssd-ipa-debuginfo-2.10.2-150600.3.53.1 * sssd-tools-debuginfo-2.10.2-150600.3.53.1 * libsss_simpleifp0-debuginfo-2.10.2-150600.3.53.1 * sssd-krb5-2.10.2-150600.3.53.1 * libsss_simpleifp-devel-2.10.2-150600.3.53.1 * python3-sssd-config-2.10.2-150600.3.53.1 * sssd-krb5-common-debuginfo-2.10.2-150600.3.53.1 * python3-sssd-config-debuginfo-2.10.2-150600.3.53.1 * sssd-debugsource-2.10.2-150600.3.53.1 * sssd-proxy-2.10.2-150600.3.53.1 * sssd-ad-2.10.2-150600.3.53.1 * sssd-ldap-debuginfo-2.10.2-150600.3.53.1 * libsss_idmap0-2.10.2-150600.3.53.1 * libsss_nss_idmap0-2.10.2-150600.3.53.1 * sssd-ad-debuginfo-2.10.2-150600.3.53.1 * sssd-winbind-idmap-debuginfo-2.10.2-150600.3.53.1 * sssd-krb5-debuginfo-2.10.2-150600.3.53.1 * libipa_hbac0-debuginfo-2.10.2-150600.3.53.1 * libsss_nss_idmap0-debuginfo-2.10.2-150600.3.53.1 * libsss_nss_idmap-devel-2.10.2-150600.3.53.1 * sssd-winbind-idmap-2.10.2-150600.3.53.1 * sssd-proxy-debuginfo-2.10.2-150600.3.53.1 * sssd-tools-2.10.2-150600.3.53.1 * sssd-2.10.2-150600.3.53.1 * libsss_idmap0-debuginfo-2.10.2-150600.3.53.1 * sssd-krb5-common-2.10.2-150600.3.53.1 * sssd-kcm-debuginfo-2.10.2-150600.3.53.1 * sssd-ldap-2.10.2-150600.3.53.1 * libipa_hbac0-2.10.2-150600.3.53.1 * sssd-debuginfo-2.10.2-150600.3.53.1 * sssd-kcm-2.10.2-150600.3.53.1 * libsss_simpleifp0-2.10.2-150600.3.53.1 * libsss_certmap0-2.10.2-150600.3.53.1 * libsss_certmap-devel-2.10.2-150600.3.53.1 * sssd-dbus-debuginfo-2.10.2-150600.3.53.1 * sssd-ipa-2.10.2-150600.3.53.1 *libipa_hbac-devel-2.10.2-150600.3.53.1 * libsss_idmap-devel-2.10.2-150600.3.53.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * sssd-32bit-2.10.2-150600.3.53.1 * sssd-32bit-debuginfo-2.10.2-150600.3.53.1 ## References: * https://www.suse.com/security/cve/CVE-2026-14474.html * https://www.suse.com/security/cve/CVE-2026-14476.html * https://bugzilla.suse.com/show_bug.cgi?id=1270708 * https://bugzilla.suse.com/show_bug.cgi?id=1270709 . Two important vulnerabilities in sssd resolved by the latest openSUSE update are crucial for maintaining system security.. openSUSE updates, sssd vulnerabilities, security patches. . Severity: Important. LinuxSecurity.com Team
Multiple vulnerabilities were discovered in wolfSSL, a lightweight, portable, C-language-based SSL/TLS library, which could result in signature forgery, authentication bypass, information disclosure, or denial of service. CVE-2026-5194. Debian LTS Advisory DLA-4683-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta July 15, 2026 https://wiki.debian.org/LTS Package : wolfssl Version : 5.5.4-2+deb12u3 CVE ID : CVE-2026-5194 CVE-2026-6092 CVE-2026-6094 CVE-2026-6325 CVE-2026-6329 CVE-2026-6331 CVE-2026-6450 CVE-2026-6678 CVE-2026-6681 CVE-2026-6731 CVE-2026-7511 CVE-2026-55961 CVE-2026-55962 CVE-2026-55967 Multiple vulnerabilities were discovered in wolfSSL, a lightweight, portable, C-language-based SSL/TLS library, which could result in signature forgery, authentication bypass, information disclosure, or denial of service. CVE-2026-5194 Missing hash/digest size and OID checks allowed digests smaller than appropriate for the relevant key type to be accepted during ECDSA certificate signature verification, weakening ECDSA certificate-based authentication when EdDSA or ML-DSA support was also enabled. CVE-2026-6092 When configured with HAVE_ENCRYPT_THEN_MAC, the TLS resumption path could fall back to MAC-then-Encrypt instead of enforcing Encrypt-then-MAC. CVE-2026-6094 A heap buffer over-read in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS#7 EnvelopedData could be triggered by attacker-supplied data delivered via S/MIME or CMS. CVE-2026-6325 An out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list allowed a write past the bounds of the destination buffer. CVE-2026-6329 PKCS#12 MAC verification compared the computed HMAC against the stored MAC using an attacker-controlled length, allowing a truncated or zero-length MACto be accepted and defeating the integrity protection of the MAC. CVE-2026-6331 An HMAC zero-length tag forgery in EVP_DigestVerifyFinal allowed a truncated or empty tag to be accepted as a valid signature, because the supplied length was only checked not to exceed the MAC length. CVE-2026-6450 A CRL critical extension bypass in ParseCRL_Extensions allowed a crafted CRL carrying an unhandled critical extension to be accepted. This only affects builds with CRL support enabled. CVE-2026-6678 An integer underflow in wc_PKCS7_DecryptOri when handling crafted OtherRecipientInfo led to incorrect length handling during decryption. CVE-2026-6681 The PKCS#7 decode path ignored the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. CVE-2026-6731 An X.509 name constraint bypass allowed a certificate whose Subject Common Name violated an issuing CA's DNS name constraints to be accepted when the CN was treated as a DNS-type name. CVE-2026-7511 A PKCS7_verify signer confusion issue meant the signer associated with a signature was not correctly bound, permitting a forged signature to be accepted. CVE-2026-55961 wolfSSL_PKCS7_verify() returned success for a degenerate (certs-only) PKCS#7 object containing no signer, so a bundle carrying no valid signature could be reported as verified. This only affects OpenSSL compatibility builds. CVE-2026-55962 A TLS 1.3 post-handshake authentication issue allowed a server to accept a client's Finished message without the client having sent a Certificate and CertificateVerify. This only affects TLS 1.3 servers configured with and actively using post-handshake authentication. CVE-2026-55967 AES-GCM encryption/decryption with extremely large cumulative single message sizes (> 64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse andconsequent plaintext recovery. For Debian 12 bookworm, these problems have been fixed in version 5.5.4-2+deb12u3. We recommend that you upgrade your wolfssl packages. For the detailed security status of wolfssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wolfssl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Multiple vulnerabilities in wolfSSL could lead to serious security risks, including authentication bypass and denial of service.. wolfSSL vulnerabilities, Debian security updates, SSL/TLS library fixes, lightweight security solutions. . Severity: Critical. LinuxSecurity.com Team
A flaw was found in Sympa’s web interface, a modern mailing list manager. An attacker may bypass authentication by using an arbitrary e-mail address when the generic SSO loging feature was enabled. For Debian 12 bookworm, this problem has been fixed in version 6.2.70~dfsg-2+deb12u1.. Debian LTS Advisory DLA-4668-1
An update that solves 15 vulnerabilities and has 12 bug fixes can now be installed.. openSUSE security update: security update for mbedtls ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21144-1 Rating: critical References: * bsc#1231708 * bsc#1240051 * bsc#1240052 * bsc#1245808 * bsc#1245809 * bsc#1245810 * bsc#1245811 * bsc#1246783 * bsc#1246784 * bsc#1246973 * bsc#1252341 * bsc#1252454 Cross-References: * CVE-2024-49195 * CVE-2025-27809 * CVE-2025-27810 * CVE-2025-47917 * CVE-2025-48965 * CVE-2025-49087 * CVE-2025-49600 * CVE-2025-49601 * CVE-2025-52496 * CVE-2025-52497 * CVE-2025-54764 * CVE-2025-59438 * CVE-2026-25833 * CVE-2026-25834 * CVE-2026-25835 CVSS scores: * CVE-2024-49195 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49195 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-59438 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-59438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-25833 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25833 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25834 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-25834 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25835 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-25835 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 15 vulnerabilities and has 12 bug fixes can now be installed. Description: This update for mbedtls fixes the following issues: Changes in mbedtls: - Update to 3.6.6 (LTS maintenance update from 3.6.1); security fixes accumulated across the3.6.2-3.6.6 releases: * CVE-2024-49195 (boo#1231708): buffer underrun in pkwrite when writing an opaque key pair * CVE-2025-27809 (boo#1240051): certificate verification accepted arbitrary hostnames * CVE-2025-27810 (boo#1240052): possible authentication bypass on failed memory allocation / hardware errors * CVE-2025-47917 (boo#1246783): misleading memory management in mbedtls_x509_string_to_names() * CVE-2025-48965 (boo#1246784): NULL pointer dereference after mbedtls_asn1_store_named_data() * CVE-2025-49087 (boo#1246973): timing side channel in PKCS#7 padding removal * CVE-2025-49600 (boo#1245808): unchecked return values in LMS verification allow signature bypass via fault injection * CVE-2025-49601 (boo#1245809): out-of-bounds read in mbedtls_lms_import_public_key() * CVE-2025-52496 (boo#1245810): race in AES-NI support detection can lead to AES key extraction or GCM forgery * CVE-2025-52497 (boo#1245811): one-byte heap underflow when parsing PEM-encrypted material * CVE-2025-54764 (boo#1252341): timing attacks in RSA operations * CVE-2025-59438 (boo#1252454): padding-oracle attack via timing of cipher error reporting * CVE-2026-25833: PSA RNG state duplicated across fork() * CVE-2026-25834: TLS 1.3 HelloRetryRequest man-in-the-middle session-resumption downgrade * CVE-2026-25835: RNG state duplicated when application/VM state is cloned Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-339=1 Package List: - openSUSE Leap 16.0: libeverest-3.6.6-bp160.1.1 libeverest-x86-64-v3-3.6.6-bp160.1.1 libmbedcrypto16-3.6.6-bp160.1.1 libmbedcrypto16-x86-64-v3-3.6.6-bp160.1.1 libmbedtls21-3.6.6-bp160.1.1 libmbedtls21-x86-64-v3-3.6.6-bp160.1.1 libmbedx509-7-3.6.6-bp160.1.1 libmbedx509-7-x86-64-v3-3.6.6-bp160.1.1 libp256m-3.6.6-bp160.1.1 libp256m-x86-64-v3-3.6.6-bp160.1.1 mbedtls-devel-3.6.6-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2024-49195.html * https://www.suse.com/security/cve/CVE-2025-27809.html * https://www.suse.com/security/cve/CVE-2025-27810.html * https://www.suse.com/security/cve/CVE-2025-47917.html * https://www.suse.com/security/cve/CVE-2025-48965.html * https://www.suse.com/security/cve/CVE-2025-49087.html * https://www.suse.com/security/cve/CVE-2025-49600.html * https://www.suse.com/security/cve/CVE-2025-49601.html * https://www.suse.com/security/cve/CVE-2025-52496.html * https://www.suse.com/security/cve/CVE-2025-52497.html * https://www.suse.com/security/cve/CVE-2025-54764.html * https://www.suse.com/security/cve/CVE-2025-59438.html * https://www.suse.com/security/cve/CVE-2026-25833.html * https://www.suse.com/security/cve/CVE-2026-25834.html * https://www.suse.com/security/cve/CVE-2026-25835.html . openSUSE updates mbedtls addressing 15 vulnerabilities including critical threats requiring immediate attention.. Linux Security Patch, mbedtls vulnerabilities, opensuse critical update, software security, Linux vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for himmelblau ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21111-1 Rating: important References: * bsc#1266662 Cross-References: * CVE-2026-45108 CVSS scores: * CVE-2026-45108 ( SUSE ): 8.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for himmelblau fixes the following issue - CVE-2026-45108: authentication bypass vulnerability in the Device Authorization Grant (DAG) flow (bsc#1266662). Changes for himmelblau: - Update to version 2.3.11+git1.116c6763: * Update cargo vet audits for backport * deps(rust): bump the all-cargo-updates group with 19 updates - Update to version 2.3.10: * nss/pam: bail out early when SYSTEMD_ACTIVATION_UNIT points to himmelblau * selinux: allow unconfined_service_t to search himmelblaud_t dirs Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-976=1 Package List: - openSUSE Leap 16.0: himmelblau-2.3.11+git1.116c6763-160000.1.1 himmelblau-qr-greeter-2.3.11+git1.116c6763-160000.1.1 himmelblau-sshd-config-2.3.11+git1.116c6763-160000.1.1 himmelblau-sso-2.3.11+git1.116c6763-160000.1.1 libnss_himmelblau2-2.3.11+git1.116c6763-160000.1.1 pam-himmelblau-2.3.11+git1.116c6763-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2026-45108.html . Security update for himmelblau addresses a critical issue related to authentication bypass in openSUSE.. openSUSE security, himmelblau update, authentication bypass fix. .Severity: Important. LinuxSecurity.com Team
New version of jupyter-server fixing various security vulnerabilities.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-9536c7cb79 2026-06-27 00:54:50.049657+00:00 -------------------------------------------------------------------------------- Name : python-jupyter-server Product : Fedora 43 Version : 2.19.0 Release : 2.fc43 URL : https://jupyter-server.readthedocs.io Summary : The backend for Jupyter web applications Description : The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. -------------------------------------------------------------------------------- Update Information: New version of jupyter-server fixing various security vulnerabilities. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 4 2026 Python Maint - 2.19.0-2 - Rebuilt for Python 3.15 * Mon Jun 1 2026 Lumir Balhar - 2.19.0-1 - Update to 2.19.0 (rhbz#2483209) * Mon May 11 2026 Lumir Balhar - 2.18.2-1 - Update to 2.18.2 (rhbz#2466683) * Tue May 5 2026 Lumir Balhar - 2.18.0-1 - Update to 2.18.0 (rhbz#2465646) * Tue Apr 14 2026 Tomáš Hrnčiar - 2.17.0-5 - Raise pytest upper bound to allow pytest 9 * Fri Mar 20 2026 Lumir Balhar - 2.17.0-4 - Ignore deprecation warnings from ptyprocess:pty to fix build with Python 3.15 alpha 7 * Sat Jan 17 2026 Fedora Release Engineering - 2.17.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2484708 - CVE-2026-35397 python-jupyter-server: Jupyter Server: Unauthorized File Access via Path Traversal Vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484708 [ 2 ] Bug #2484713 - CVE-2026-40934 python-jupyter-server: Jupyter Server: Authentication bypass due tounrotated cookie secret [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484713 [ 3 ] Bug #2485374 - CVE-2026-6657 python-jupyter-server: jupyter-server: Arbitrary code execution due to CORS origin validation bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2485374 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9536c7cb79' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update for python-jupyter-server in Fedora 43 addresses critical security flaws for enhanced safety.. python jupyter server, Fedora 43, security update, fix vulnerabilities, software patch. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for himmelblau Announcement ID: SUSE-SU-2026:22186-1 Release Date: 2026-06-19T17:10:10Z Rating: important References: * bsc#1266662 Cross-References: * CVE-2026-45108 CVSS scores: * CVE-2026-45108 ( SUSE ): 8.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L * CVE-2026-45108 ( NVD ): 8.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for himmelblau fixes the following issue * CVE-2026-45108: authentication bypass vulnerability in the Device Authorization Grant (DAG) flow (bsc#1266662). Changes for himmelblau: * Update to version 2.3.11+git1.116c6763: * Update cargo vet audits for backport * deps(rust): bump the all-cargo-updates group with 19 updates * Update to version 2.3.10: * nss/pam: bail out early when SYSTEMD_ACTIVATION_UNIT points to himmelblau * selinux: allow unconfined_service_t to search himmelblaud_t dirs ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-976=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-976=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * himmelblau-sso-2.3.11+git1.116c6763-160000.1.1 * himmelblau-2.3.11+git1.116c6763-160000.1.1 * himmelblau-sso-debuginfo-2.3.11+git1.116c6763-160000.1.1 * pam-himmelblau-2.3.11+git1.116c6763-160000.1.1 * himmelblau-debuginfo-2.3.11+git1.116c6763-160000.1.1 * libnss_himmelblau2-2.3.11+git1.116c6763-160000.1.1 * SUSE Linux Enterprise Server for SAPapplications 16.0 (noarch) * himmelblau-qr-greeter-2.3.11+git1.116c6763-160000.1.1 * himmelblau-sshd-config-2.3.11+git1.116c6763-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * himmelblau-sso-2.3.11+git1.116c6763-160000.1.1 * himmelblau-2.3.11+git1.116c6763-160000.1.1 * himmelblau-sso-debuginfo-2.3.11+git1.116c6763-160000.1.1 * pam-himmelblau-2.3.11+git1.116c6763-160000.1.1 * himmelblau-debuginfo-2.3.11+git1.116c6763-160000.1.1 * libnss_himmelblau2-2.3.11+git1.116c6763-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * himmelblau-qr-greeter-2.3.11+git1.116c6763-160000.1.1 * himmelblau-sshd-config-2.3.11+git1.116c6763-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-45108.html * https://bugzilla.suse.com/show_bug.cgi?id=1266662 . Important security update for himmelblau affects SUSE Enterprise Server, addressing an authentication bypass issue.. SUSE security update,himmelblau authentication bypass,SUSE Linux Enterprise Server,security patch. . Severity: Important. LinuxSecurity.com Team
Important: fence-agents security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:26206", "synopsis": "Important: fence-agents security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for fence-agents.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. \n\nSecurity Fix(es):\n\n* python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens (CVE-2026-48526)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2482734", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2482734", "description": ""}], "cves": [{"name": "CVE-2026-48526", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48526", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss3BaseScore": "7.4", "cwe": "CWE-347"}], "references": [], "publishedAt": "2026-06-17T12:03:08.073041Z", "rpms": {"Rocky Linux 9": {"nvras": ["fence-agents-0:4.10.0-110.el9_8.3.src.rpm", "fence-agents-aliyun-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-all-0:4.10.0-110.el9_8.3.aarch64.rpm", "fence-agents-all-0:4.10.0-110.el9_8.3.ppc64le.rpm", "fence-agents-all-0:4.10.0-110.el9_8.3.s390x.rpm", "fence-agents-all-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-amt-ws-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-apc-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-apc-snmp-0:4.10.0-110.el9_8.3.noarch.rpm","fence-agents-aws-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-azure-arm-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-bladecenter-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-brocade-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-cisco-mds-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-cisco-ucs-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-common-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-compute-0:4.10.0-110.el9_8.3.ppc64le.rpm", "fence-agents-compute-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-debuginfo-0:4.10.0-110.el9_8.3.aarch64.rpm", "fence-agents-debuginfo-0:4.10.0-110.el9_8.3.ppc64le.rpm", "fence-agents-debuginfo-0:4.10.0-110.el9_8.3.s390x.rpm", "fence-agents-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-debugsource-0:4.10.0-110.el9_8.3.aarch64.rpm", "fence-agents-debugsource-0:4.10.0-110.el9_8.3.ppc64le.rpm", "fence-agents-debugsource-0:4.10.0-110.el9_8.3.s390x.rpm", "fence-agents-debugsource-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-drac5-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-eaton-snmp-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-emerson-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-eps-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-gce-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-heuristics-ping-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-hpblade-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-ibmblade-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-ibm-powervs-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-ibm-vpc-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-ifmib-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-ilo2-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-ilo-moonshot-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-ilo-mp-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-ilo-ssh-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-intelmodular-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-ipdu-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-ipmilan-0:4.10.0-110.el9_8.3.noarch.rpm","fence-agents-kdump-0:4.10.0-110.el9_8.3.aarch64.rpm", "fence-agents-kdump-0:4.10.0-110.el9_8.3.ppc64le.rpm", "fence-agents-kdump-0:4.10.0-110.el9_8.3.s390x.rpm", "fence-agents-kdump-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-kdump-debuginfo-0:4.10.0-110.el9_8.3.aarch64.rpm", "fence-agents-kdump-debuginfo-0:4.10.0-110.el9_8.3.ppc64le.rpm", "fence-agents-kdump-debuginfo-0:4.10.0-110.el9_8.3.s390x.rpm", "fence-agents-kdump-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-kubevirt-0:4.10.0-110.el9_8.3.aarch64.rpm", "fence-agents-kubevirt-0:4.10.0-110.el9_8.3.ppc64le.rpm", "fence-agents-kubevirt-0:4.10.0-110.el9_8.3.s390x.rpm", "fence-agents-kubevirt-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-kubevirt-debuginfo-0:4.10.0-110.el9_8.3.aarch64.rpm", "fence-agents-kubevirt-debuginfo-0:4.10.0-110.el9_8.3.ppc64le.rpm", "fence-agents-kubevirt-debuginfo-0:4.10.0-110.el9_8.3.s390x.rpm", "fence-agents-kubevirt-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-lpar-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-mpath-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-nutanix-ahv-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-openstack-0:4.10.0-110.el9_8.3.ppc64le.rpm", "fence-agents-openstack-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-redfish-0:4.10.0-110.el9_8.3.aarch64.rpm", "fence-agents-redfish-0:4.10.0-110.el9_8.3.ppc64le.rpm", "fence-agents-redfish-0:4.10.0-110.el9_8.3.s390x.rpm", "fence-agents-redfish-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-rhevm-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-rsa-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-rsb-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-sbd-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-scsi-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-virsh-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-vmware-rest-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-vmware-soap-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-wti-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-zvm-0:4.10.0-110.el9_8.3.s390x.rpm","fence-virt-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-cpg-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-cpg-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virt-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-libvirt-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-libvirt-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-multicast-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-multicast-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-serial-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-serial-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-tcp-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-tcp-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm", "ha-cloud-support-0:4.10.0-110.el9_8.3.ppc64le.rpm", "ha-cloud-support-0:4.10.0-110.el9_8.3.x86_64.rpm", "ha-cloud-support-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. An important security update for fence-agents on Rocky Linux addresses authentication bypass issues and fixes a CVE.. fence agents security, rocky linux update, important security fix. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.