Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 446 articles for you...
202

openSUSE 2026-3025-1 sssd Important Privilege Escalation Issues

An update that solves two vulnerabilities can now be installed.. # Security update for sssd Announcement ID: SUSE-SU-2026:3025-1 Release Date: 2026-07-15T09:49:27Z Rating: important References: * bsc#1270708 * bsc#1270709 Cross-References: * CVE-2026-14474 * CVE-2026-14476 CVSS scores: * CVE-2026-14474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-14474 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-14476 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-14476 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for sssd fixes the following issues * CVE-2026-14474: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation (bsc#1270709). * CVE-2026-14476: GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication bypass (bsc#1270708). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3025=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3025=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-3025=1 ## Package List: * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * sssd-dbus-2.10.2-150600.3.53.1 * libsss_simpleifp0-debuginfo-2.10.2-150600.3.53.1 * sssd-ipa-debuginfo-2.10.2-150600.3.53.1 * sssd-tools-debuginfo-2.10.2-150600.3.53.1 *python3-sss_nss_idmap-2.10.2-150600.3.53.1 * sssd-krb5-2.10.2-150600.3.53.1 * libsss_certmap0-debuginfo-2.10.2-150600.3.53.1 * libsss_simpleifp-devel-2.10.2-150600.3.53.1 * libnfsidmap-sss-debuginfo-2.10.2-150600.3.53.1 * python3-sss_nss_idmap-debuginfo-2.10.2-150600.3.53.1 * python3-sssd-config-2.10.2-150600.3.53.1 * sssd-krb5-common-debuginfo-2.10.2-150600.3.53.1 * python3-sssd-config-debuginfo-2.10.2-150600.3.53.1 * sssd-debugsource-2.10.2-150600.3.53.1 * sssd-proxy-2.10.2-150600.3.53.1 * sssd-ad-2.10.2-150600.3.53.1 * python3-ipa_hbac-debuginfo-2.10.2-150600.3.53.1 * sssd-ldap-debuginfo-2.10.2-150600.3.53.1 * libsss_idmap0-2.10.2-150600.3.53.1 * python3-ipa_hbac-2.10.2-150600.3.53.1 * libsss_nss_idmap0-2.10.2-150600.3.53.1 * sssd-ad-debuginfo-2.10.2-150600.3.53.1 * sssd-winbind-idmap-debuginfo-2.10.2-150600.3.53.1 * sssd-krb5-debuginfo-2.10.2-150600.3.53.1 * libipa_hbac0-debuginfo-2.10.2-150600.3.53.1 * libsss_nss_idmap0-debuginfo-2.10.2-150600.3.53.1 * libsss_nss_idmap-devel-2.10.2-150600.3.53.1 * sssd-winbind-idmap-2.10.2-150600.3.53.1 * sssd-proxy-debuginfo-2.10.2-150600.3.53.1 * sssd-tools-2.10.2-150600.3.53.1 * sssd-2.10.2-150600.3.53.1 * libsss_idmap0-debuginfo-2.10.2-150600.3.53.1 * sssd-debuginfo-2.10.2-150600.3.53.1 * libnfsidmap-sss-2.10.2-150600.3.53.1 * sssd-ldap-2.10.2-150600.3.53.1 * sssd-kcm-debuginfo-2.10.2-150600.3.53.1 * sssd-kcm-2.10.2-150600.3.53.1 * libsss_simpleifp0-2.10.2-150600.3.53.1 * sssd-krb5-common-2.10.2-150600.3.53.1 * libipa_hbac0-2.10.2-150600.3.53.1 * python3-sss-murmur-debuginfo-2.10.2-150600.3.53.1 * libsss_certmap0-2.10.2-150600.3.53.1 * libsss_certmap-devel-2.10.2-150600.3.53.1 * sssd-dbus-debuginfo-2.10.2-150600.3.53.1 * sssd-ipa-2.10.2-150600.3.53.1 * python3-sss-murmur-2.10.2-150600.3.53.1 * libipa_hbac-devel-2.10.2-150600.3.53.1 * libsss_idmap-devel-2.10.2-150600.3.53.1 * openSUSE Leap 15.6(x86_64) * sssd-32bit-2.10.2-150600.3.53.1 * sssd-32bit-debuginfo-2.10.2-150600.3.53.1 * openSUSE Leap 15.6 (aarch64_ilp32) * sssd-64bit-2.10.2-150600.3.53.1 * sssd-64bit-debuginfo-2.10.2-150600.3.53.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * sssd-dbus-2.10.2-150600.3.53.1 * libsss_certmap0-debuginfo-2.10.2-150600.3.53.1 * sssd-ipa-debuginfo-2.10.2-150600.3.53.1 * sssd-tools-debuginfo-2.10.2-150600.3.53.1 * libsss_simpleifp0-debuginfo-2.10.2-150600.3.53.1 * sssd-krb5-2.10.2-150600.3.53.1 * libsss_simpleifp-devel-2.10.2-150600.3.53.1 * python3-sssd-config-2.10.2-150600.3.53.1 * sssd-krb5-common-debuginfo-2.10.2-150600.3.53.1 * python3-sssd-config-debuginfo-2.10.2-150600.3.53.1 * sssd-debugsource-2.10.2-150600.3.53.1 * sssd-proxy-2.10.2-150600.3.53.1 * sssd-ad-2.10.2-150600.3.53.1 * sssd-ldap-debuginfo-2.10.2-150600.3.53.1 * libsss_idmap0-2.10.2-150600.3.53.1 * libsss_nss_idmap0-2.10.2-150600.3.53.1 * sssd-ad-debuginfo-2.10.2-150600.3.53.1 * sssd-winbind-idmap-debuginfo-2.10.2-150600.3.53.1 * sssd-krb5-debuginfo-2.10.2-150600.3.53.1 * libipa_hbac0-debuginfo-2.10.2-150600.3.53.1 * libsss_nss_idmap0-debuginfo-2.10.2-150600.3.53.1 * libsss_nss_idmap-devel-2.10.2-150600.3.53.1 * sssd-winbind-idmap-2.10.2-150600.3.53.1 * sssd-proxy-debuginfo-2.10.2-150600.3.53.1 * sssd-tools-2.10.2-150600.3.53.1 * sssd-2.10.2-150600.3.53.1 * libsss_idmap0-debuginfo-2.10.2-150600.3.53.1 * sssd-debuginfo-2.10.2-150600.3.53.1 * sssd-kcm-debuginfo-2.10.2-150600.3.53.1 * sssd-ldap-2.10.2-150600.3.53.1 * libipa_hbac0-2.10.2-150600.3.53.1 * libsss_simpleifp0-2.10.2-150600.3.53.1 * sssd-kcm-2.10.2-150600.3.53.1 * sssd-krb5-common-2.10.2-150600.3.53.1 * libsss_certmap0-2.10.2-150600.3.53.1 * libsss_certmap-devel-2.10.2-150600.3.53.1 * sssd-dbus-debuginfo-2.10.2-150600.3.53.1 * sssd-ipa-2.10.2-150600.3.53.1 *libipa_hbac-devel-2.10.2-150600.3.53.1 * libsss_idmap-devel-2.10.2-150600.3.53.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * sssd-32bit-2.10.2-150600.3.53.1 * sssd-32bit-debuginfo-2.10.2-150600.3.53.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * sssd-dbus-2.10.2-150600.3.53.1 * libsss_certmap0-debuginfo-2.10.2-150600.3.53.1 * sssd-ipa-debuginfo-2.10.2-150600.3.53.1 * sssd-tools-debuginfo-2.10.2-150600.3.53.1 * libsss_simpleifp0-debuginfo-2.10.2-150600.3.53.1 * sssd-krb5-2.10.2-150600.3.53.1 * libsss_simpleifp-devel-2.10.2-150600.3.53.1 * python3-sssd-config-2.10.2-150600.3.53.1 * sssd-krb5-common-debuginfo-2.10.2-150600.3.53.1 * python3-sssd-config-debuginfo-2.10.2-150600.3.53.1 * sssd-debugsource-2.10.2-150600.3.53.1 * sssd-proxy-2.10.2-150600.3.53.1 * sssd-ad-2.10.2-150600.3.53.1 * sssd-ldap-debuginfo-2.10.2-150600.3.53.1 * libsss_idmap0-2.10.2-150600.3.53.1 * libsss_nss_idmap0-2.10.2-150600.3.53.1 * sssd-ad-debuginfo-2.10.2-150600.3.53.1 * sssd-winbind-idmap-debuginfo-2.10.2-150600.3.53.1 * sssd-krb5-debuginfo-2.10.2-150600.3.53.1 * libipa_hbac0-debuginfo-2.10.2-150600.3.53.1 * libsss_nss_idmap0-debuginfo-2.10.2-150600.3.53.1 * libsss_nss_idmap-devel-2.10.2-150600.3.53.1 * sssd-winbind-idmap-2.10.2-150600.3.53.1 * sssd-proxy-debuginfo-2.10.2-150600.3.53.1 * sssd-tools-2.10.2-150600.3.53.1 * sssd-2.10.2-150600.3.53.1 * libsss_idmap0-debuginfo-2.10.2-150600.3.53.1 * sssd-krb5-common-2.10.2-150600.3.53.1 * sssd-kcm-debuginfo-2.10.2-150600.3.53.1 * sssd-ldap-2.10.2-150600.3.53.1 * libipa_hbac0-2.10.2-150600.3.53.1 * sssd-debuginfo-2.10.2-150600.3.53.1 * sssd-kcm-2.10.2-150600.3.53.1 * libsss_simpleifp0-2.10.2-150600.3.53.1 * libsss_certmap0-2.10.2-150600.3.53.1 * libsss_certmap-devel-2.10.2-150600.3.53.1 * sssd-dbus-debuginfo-2.10.2-150600.3.53.1 * sssd-ipa-2.10.2-150600.3.53.1 *libipa_hbac-devel-2.10.2-150600.3.53.1 * libsss_idmap-devel-2.10.2-150600.3.53.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * sssd-32bit-2.10.2-150600.3.53.1 * sssd-32bit-debuginfo-2.10.2-150600.3.53.1 ## References: * https://www.suse.com/security/cve/CVE-2026-14474.html * https://www.suse.com/security/cve/CVE-2026-14476.html * https://bugzilla.suse.com/show_bug.cgi?id=1270708 * https://bugzilla.suse.com/show_bug.cgi?id=1270709 . Two important vulnerabilities in sssd resolved by the latest openSUSE update are crucial for maintaining system security.. openSUSE updates, sssd vulnerabilities, security patches. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 15, 2026 Important OpenSUSE
197

Debian LTS wolfssl Critical Denial of Service Auth Bypass Alert 2026-5194

Multiple vulnerabilities were discovered in wolfSSL, a lightweight, portable, C-language-based SSL/TLS library, which could result in signature forgery, authentication bypass, information disclosure, or denial of service. CVE-2026-5194. Debian LTS Advisory DLA-4683-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta July 15, 2026 https://wiki.debian.org/LTS Package : wolfssl Version : 5.5.4-2+deb12u3 CVE ID : CVE-2026-5194 CVE-2026-6092 CVE-2026-6094 CVE-2026-6325 CVE-2026-6329 CVE-2026-6331 CVE-2026-6450 CVE-2026-6678 CVE-2026-6681 CVE-2026-6731 CVE-2026-7511 CVE-2026-55961 CVE-2026-55962 CVE-2026-55967 Multiple vulnerabilities were discovered in wolfSSL, a lightweight, portable, C-language-based SSL/TLS library, which could result in signature forgery, authentication bypass, information disclosure, or denial of service. CVE-2026-5194 Missing hash/digest size and OID checks allowed digests smaller than appropriate for the relevant key type to be accepted during ECDSA certificate signature verification, weakening ECDSA certificate-based authentication when EdDSA or ML-DSA support was also enabled. CVE-2026-6092 When configured with HAVE_ENCRYPT_THEN_MAC, the TLS resumption path could fall back to MAC-then-Encrypt instead of enforcing Encrypt-then-MAC. CVE-2026-6094 A heap buffer over-read in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS#7 EnvelopedData could be triggered by attacker-supplied data delivered via S/MIME or CMS. CVE-2026-6325 An out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list allowed a write past the bounds of the destination buffer. CVE-2026-6329 PKCS#12 MAC verification compared the computed HMAC against the stored MAC using an attacker-controlled length, allowing a truncated or zero-length MACto be accepted and defeating the integrity protection of the MAC. CVE-2026-6331 An HMAC zero-length tag forgery in EVP_DigestVerifyFinal allowed a truncated or empty tag to be accepted as a valid signature, because the supplied length was only checked not to exceed the MAC length. CVE-2026-6450 A CRL critical extension bypass in ParseCRL_Extensions allowed a crafted CRL carrying an unhandled critical extension to be accepted. This only affects builds with CRL support enabled. CVE-2026-6678 An integer underflow in wc_PKCS7_DecryptOri when handling crafted OtherRecipientInfo led to incorrect length handling during decryption. CVE-2026-6681 The PKCS#7 decode path ignored the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. CVE-2026-6731 An X.509 name constraint bypass allowed a certificate whose Subject Common Name violated an issuing CA's DNS name constraints to be accepted when the CN was treated as a DNS-type name. CVE-2026-7511 A PKCS7_verify signer confusion issue meant the signer associated with a signature was not correctly bound, permitting a forged signature to be accepted. CVE-2026-55961 wolfSSL_PKCS7_verify() returned success for a degenerate (certs-only) PKCS#7 object containing no signer, so a bundle carrying no valid signature could be reported as verified. This only affects OpenSSL compatibility builds. CVE-2026-55962 A TLS 1.3 post-handshake authentication issue allowed a server to accept a client's Finished message without the client having sent a Certificate and CertificateVerify. This only affects TLS 1.3 servers configured with and actively using post-handshake authentication. CVE-2026-55967 AES-GCM encryption/decryption with extremely large cumulative single message sizes (> 64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse andconsequent plaintext recovery. For Debian 12 bookworm, these problems have been fixed in version 5.5.4-2+deb12u3. We recommend that you upgrade your wolfssl packages. For the detailed security status of wolfssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wolfssl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Multiple vulnerabilities in wolfSSL could lead to serious security risks, including authentication bypass and denial of service.. wolfSSL vulnerabilities, Debian security updates, SSL/TLS library fixes, lightweight security solutions. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 14, 2026 Critical Debian LTS
197

Debian 12 sympa Critical Authentication Bypass Vulnerability DLA-4668-1

A flaw was found in Sympa’s web interface, a modern mailing list manager. An attacker may bypass authentication by using an arbitrary e-mail address when the generic SSO loging feature was enabled. For Debian 12 bookworm, this problem has been fixed in version 6.2.70~dfsg-2+deb12u1.. Debian LTS Advisory DLA-4668-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Utkarsh Gupta July 04, 2026 https://wiki.debian.org/LTS Package : sympa Version : 6.2.70~dfsg-2+deb12u1 CVE ID : CVE-2024-55919 Debian Bug : 1090188 A flaw was found in Sympa’s web interface, a modern mailing list manager. An attacker may bypass authentication by using an arbitrary e-mail address when the generic SSO loging feature was enabled. For Debian 12 bookworm, this problem has been fixed in version 6.2.70~dfsg-2+deb12u1. We recommend that you upgrade your sympa packages. For the detailed security status of sympa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/sympa Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . A flaw in Sympa's web interface allows attackers to bypass authentication in Debian LTS. Update to version 6.2.70 to fix.. Debian LTS Security, Sympa Update, Authentication Bypass. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 04, 2026 Critical Debian LTS
202

openSUSE Leap 16.0 mbedtls Critical Buffer Overflow Vuln 2026-21144-1

An update that solves 15 vulnerabilities and has 12 bug fixes can now be installed.. openSUSE security update: security update for mbedtls ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21144-1 Rating: critical References: * bsc#1231708 * bsc#1240051 * bsc#1240052 * bsc#1245808 * bsc#1245809 * bsc#1245810 * bsc#1245811 * bsc#1246783 * bsc#1246784 * bsc#1246973 * bsc#1252341 * bsc#1252454 Cross-References: * CVE-2024-49195 * CVE-2025-27809 * CVE-2025-27810 * CVE-2025-47917 * CVE-2025-48965 * CVE-2025-49087 * CVE-2025-49600 * CVE-2025-49601 * CVE-2025-52496 * CVE-2025-52497 * CVE-2025-54764 * CVE-2025-59438 * CVE-2026-25833 * CVE-2026-25834 * CVE-2026-25835 CVSS scores: * CVE-2024-49195 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49195 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-59438 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-59438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-25833 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25833 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25834 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-25834 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25835 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-25835 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 15 vulnerabilities and has 12 bug fixes can now be installed. Description: This update for mbedtls fixes the following issues: Changes in mbedtls: - Update to 3.6.6 (LTS maintenance update from 3.6.1); security fixes accumulated across the3.6.2-3.6.6 releases: * CVE-2024-49195 (boo#1231708): buffer underrun in pkwrite when writing an opaque key pair * CVE-2025-27809 (boo#1240051): certificate verification accepted arbitrary hostnames * CVE-2025-27810 (boo#1240052): possible authentication bypass on failed memory allocation / hardware errors * CVE-2025-47917 (boo#1246783): misleading memory management in mbedtls_x509_string_to_names() * CVE-2025-48965 (boo#1246784): NULL pointer dereference after mbedtls_asn1_store_named_data() * CVE-2025-49087 (boo#1246973): timing side channel in PKCS#7 padding removal * CVE-2025-49600 (boo#1245808): unchecked return values in LMS verification allow signature bypass via fault injection * CVE-2025-49601 (boo#1245809): out-of-bounds read in mbedtls_lms_import_public_key() * CVE-2025-52496 (boo#1245810): race in AES-NI support detection can lead to AES key extraction or GCM forgery * CVE-2025-52497 (boo#1245811): one-byte heap underflow when parsing PEM-encrypted material * CVE-2025-54764 (boo#1252341): timing attacks in RSA operations * CVE-2025-59438 (boo#1252454): padding-oracle attack via timing of cipher error reporting * CVE-2026-25833: PSA RNG state duplicated across fork() * CVE-2026-25834: TLS 1.3 HelloRetryRequest man-in-the-middle session-resumption downgrade * CVE-2026-25835: RNG state duplicated when application/VM state is cloned Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-339=1 Package List: - openSUSE Leap 16.0: libeverest-3.6.6-bp160.1.1 libeverest-x86-64-v3-3.6.6-bp160.1.1 libmbedcrypto16-3.6.6-bp160.1.1 libmbedcrypto16-x86-64-v3-3.6.6-bp160.1.1 libmbedtls21-3.6.6-bp160.1.1 libmbedtls21-x86-64-v3-3.6.6-bp160.1.1 libmbedx509-7-3.6.6-bp160.1.1 libmbedx509-7-x86-64-v3-3.6.6-bp160.1.1 libp256m-3.6.6-bp160.1.1 libp256m-x86-64-v3-3.6.6-bp160.1.1 mbedtls-devel-3.6.6-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2024-49195.html * https://www.suse.com/security/cve/CVE-2025-27809.html * https://www.suse.com/security/cve/CVE-2025-27810.html * https://www.suse.com/security/cve/CVE-2025-47917.html * https://www.suse.com/security/cve/CVE-2025-48965.html * https://www.suse.com/security/cve/CVE-2025-49087.html * https://www.suse.com/security/cve/CVE-2025-49600.html * https://www.suse.com/security/cve/CVE-2025-49601.html * https://www.suse.com/security/cve/CVE-2025-52496.html * https://www.suse.com/security/cve/CVE-2025-52497.html * https://www.suse.com/security/cve/CVE-2025-54764.html * https://www.suse.com/security/cve/CVE-2025-59438.html * https://www.suse.com/security/cve/CVE-2026-25833.html * https://www.suse.com/security/cve/CVE-2026-25834.html * https://www.suse.com/security/cve/CVE-2026-25835.html . openSUSE updates mbedtls addressing 15 vulnerabilities including critical threats requiring immediate attention.. Linux Security Patch, mbedtls vulnerabilities, opensuse critical update, software security, Linux vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 30, 2026 Critical OpenSUSE
202

openSUSE Leap 16.0 himmelblau Important Auth Bypass CVE-2026-45108

An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for himmelblau ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21111-1 Rating: important References: * bsc#1266662 Cross-References: * CVE-2026-45108 CVSS scores: * CVE-2026-45108 ( SUSE ): 8.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for himmelblau fixes the following issue - CVE-2026-45108: authentication bypass vulnerability in the Device Authorization Grant (DAG) flow (bsc#1266662). Changes for himmelblau: - Update to version 2.3.11+git1.116c6763: * Update cargo vet audits for backport * deps(rust): bump the all-cargo-updates group with 19 updates - Update to version 2.3.10: * nss/pam: bail out early when SYSTEMD_ACTIVATION_UNIT points to himmelblau * selinux: allow unconfined_service_t to search himmelblaud_t dirs Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-976=1 Package List: - openSUSE Leap 16.0: himmelblau-2.3.11+git1.116c6763-160000.1.1 himmelblau-qr-greeter-2.3.11+git1.116c6763-160000.1.1 himmelblau-sshd-config-2.3.11+git1.116c6763-160000.1.1 himmelblau-sso-2.3.11+git1.116c6763-160000.1.1 libnss_himmelblau2-2.3.11+git1.116c6763-160000.1.1 pam-himmelblau-2.3.11+git1.116c6763-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2026-45108.html . Security update for himmelblau addresses a critical issue related to authentication bypass in openSUSE.. openSUSE security, himmelblau update, authentication bypass fix. .Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 30, 2026 Important OpenSUSE
89

Fedora 43 python-jupyter-server Critical Path Traversal DoS 2026-9536c7cb79

New version of jupyter-server fixing various security vulnerabilities.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-9536c7cb79 2026-06-27 00:54:50.049657+00:00 -------------------------------------------------------------------------------- Name : python-jupyter-server Product : Fedora 43 Version : 2.19.0 Release : 2.fc43 URL : https://jupyter-server.readthedocs.io Summary : The backend for Jupyter web applications Description : The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. -------------------------------------------------------------------------------- Update Information: New version of jupyter-server fixing various security vulnerabilities. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 4 2026 Python Maint - 2.19.0-2 - Rebuilt for Python 3.15 * Mon Jun 1 2026 Lumir Balhar - 2.19.0-1 - Update to 2.19.0 (rhbz#2483209) * Mon May 11 2026 Lumir Balhar - 2.18.2-1 - Update to 2.18.2 (rhbz#2466683) * Tue May 5 2026 Lumir Balhar - 2.18.0-1 - Update to 2.18.0 (rhbz#2465646) * Tue Apr 14 2026 Tomáš Hrnčiar - 2.17.0-5 - Raise pytest upper bound to allow pytest 9 * Fri Mar 20 2026 Lumir Balhar - 2.17.0-4 - Ignore deprecation warnings from ptyprocess:pty to fix build with Python 3.15 alpha 7 * Sat Jan 17 2026 Fedora Release Engineering - 2.17.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2484708 - CVE-2026-35397 python-jupyter-server: Jupyter Server: Unauthorized File Access via Path Traversal Vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484708 [ 2 ] Bug #2484713 - CVE-2026-40934 python-jupyter-server: Jupyter Server: Authentication bypass due tounrotated cookie secret [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484713 [ 3 ] Bug #2485374 - CVE-2026-6657 python-jupyter-server: jupyter-server: Arbitrary code execution due to CORS origin validation bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2485374 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9536c7cb79' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update for python-jupyter-server in Fedora 43 addresses critical security flaws for enhanced safety.. python jupyter server, Fedora 43, security update, fix vulnerabilities, software patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 26, 2026 Important Fedora
100

SUSE Himmelblau Important Authentication Bypass Fix 2026-22186-1

An update that solves one vulnerability can now be installed.. # Security update for himmelblau Announcement ID: SUSE-SU-2026:22186-1 Release Date: 2026-06-19T17:10:10Z Rating: important References: * bsc#1266662 Cross-References: * CVE-2026-45108 CVSS scores: * CVE-2026-45108 ( SUSE ): 8.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L * CVE-2026-45108 ( NVD ): 8.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for himmelblau fixes the following issue * CVE-2026-45108: authentication bypass vulnerability in the Device Authorization Grant (DAG) flow (bsc#1266662). Changes for himmelblau: * Update to version 2.3.11+git1.116c6763: * Update cargo vet audits for backport * deps(rust): bump the all-cargo-updates group with 19 updates * Update to version 2.3.10: * nss/pam: bail out early when SYSTEMD_ACTIVATION_UNIT points to himmelblau * selinux: allow unconfined_service_t to search himmelblaud_t dirs ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-976=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-976=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * himmelblau-sso-2.3.11+git1.116c6763-160000.1.1 * himmelblau-2.3.11+git1.116c6763-160000.1.1 * himmelblau-sso-debuginfo-2.3.11+git1.116c6763-160000.1.1 * pam-himmelblau-2.3.11+git1.116c6763-160000.1.1 * himmelblau-debuginfo-2.3.11+git1.116c6763-160000.1.1 * libnss_himmelblau2-2.3.11+git1.116c6763-160000.1.1 * SUSE Linux Enterprise Server for SAPapplications 16.0 (noarch) * himmelblau-qr-greeter-2.3.11+git1.116c6763-160000.1.1 * himmelblau-sshd-config-2.3.11+git1.116c6763-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * himmelblau-sso-2.3.11+git1.116c6763-160000.1.1 * himmelblau-2.3.11+git1.116c6763-160000.1.1 * himmelblau-sso-debuginfo-2.3.11+git1.116c6763-160000.1.1 * pam-himmelblau-2.3.11+git1.116c6763-160000.1.1 * himmelblau-debuginfo-2.3.11+git1.116c6763-160000.1.1 * libnss_himmelblau2-2.3.11+git1.116c6763-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * himmelblau-qr-greeter-2.3.11+git1.116c6763-160000.1.1 * himmelblau-sshd-config-2.3.11+git1.116c6763-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-45108.html * https://bugzilla.suse.com/show_bug.cgi?id=1266662 . Important security update for himmelblau affects SUSE Enterprise Server, addressing an authentication bypass issue.. SUSE security update,himmelblau authentication bypass,SUSE Linux Enterprise Server,security patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 23, 2026 Important SuSE
219

Rocky Linux 9 Important fence-agents Auth Bypass RLSA-2026 CVE-2026-48526

Important: fence-agents security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:26206", "synopsis": "Important: fence-agents security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for fence-agents.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. \n\nSecurity Fix(es):\n\n* python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens (CVE-2026-48526)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2482734", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2482734", "description": ""}], "cves": [{"name": "CVE-2026-48526", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48526", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss3BaseScore": "7.4", "cwe": "CWE-347"}], "references": [], "publishedAt": "2026-06-17T12:03:08.073041Z", "rpms": {"Rocky Linux 9": {"nvras": ["fence-agents-0:4.10.0-110.el9_8.3.src.rpm", "fence-agents-aliyun-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-all-0:4.10.0-110.el9_8.3.aarch64.rpm", "fence-agents-all-0:4.10.0-110.el9_8.3.ppc64le.rpm", "fence-agents-all-0:4.10.0-110.el9_8.3.s390x.rpm", "fence-agents-all-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-amt-ws-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-apc-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-apc-snmp-0:4.10.0-110.el9_8.3.noarch.rpm","fence-agents-aws-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-azure-arm-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-bladecenter-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-brocade-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-cisco-mds-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-cisco-ucs-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-common-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-compute-0:4.10.0-110.el9_8.3.ppc64le.rpm", "fence-agents-compute-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-debuginfo-0:4.10.0-110.el9_8.3.aarch64.rpm", "fence-agents-debuginfo-0:4.10.0-110.el9_8.3.ppc64le.rpm", "fence-agents-debuginfo-0:4.10.0-110.el9_8.3.s390x.rpm", "fence-agents-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-debugsource-0:4.10.0-110.el9_8.3.aarch64.rpm", "fence-agents-debugsource-0:4.10.0-110.el9_8.3.ppc64le.rpm", "fence-agents-debugsource-0:4.10.0-110.el9_8.3.s390x.rpm", "fence-agents-debugsource-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-drac5-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-eaton-snmp-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-emerson-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-eps-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-gce-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-heuristics-ping-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-hpblade-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-ibmblade-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-ibm-powervs-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-ibm-vpc-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-ifmib-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-ilo2-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-ilo-moonshot-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-ilo-mp-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-ilo-ssh-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-intelmodular-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-ipdu-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-ipmilan-0:4.10.0-110.el9_8.3.noarch.rpm","fence-agents-kdump-0:4.10.0-110.el9_8.3.aarch64.rpm", "fence-agents-kdump-0:4.10.0-110.el9_8.3.ppc64le.rpm", "fence-agents-kdump-0:4.10.0-110.el9_8.3.s390x.rpm", "fence-agents-kdump-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-kdump-debuginfo-0:4.10.0-110.el9_8.3.aarch64.rpm", "fence-agents-kdump-debuginfo-0:4.10.0-110.el9_8.3.ppc64le.rpm", "fence-agents-kdump-debuginfo-0:4.10.0-110.el9_8.3.s390x.rpm", "fence-agents-kdump-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-kubevirt-0:4.10.0-110.el9_8.3.aarch64.rpm", "fence-agents-kubevirt-0:4.10.0-110.el9_8.3.ppc64le.rpm", "fence-agents-kubevirt-0:4.10.0-110.el9_8.3.s390x.rpm", "fence-agents-kubevirt-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-kubevirt-debuginfo-0:4.10.0-110.el9_8.3.aarch64.rpm", "fence-agents-kubevirt-debuginfo-0:4.10.0-110.el9_8.3.ppc64le.rpm", "fence-agents-kubevirt-debuginfo-0:4.10.0-110.el9_8.3.s390x.rpm", "fence-agents-kubevirt-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-lpar-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-mpath-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-nutanix-ahv-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-openstack-0:4.10.0-110.el9_8.3.ppc64le.rpm", "fence-agents-openstack-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-redfish-0:4.10.0-110.el9_8.3.aarch64.rpm", "fence-agents-redfish-0:4.10.0-110.el9_8.3.ppc64le.rpm", "fence-agents-redfish-0:4.10.0-110.el9_8.3.s390x.rpm", "fence-agents-redfish-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-agents-rhevm-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-rsa-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-rsb-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-sbd-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-scsi-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-virsh-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-vmware-rest-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-vmware-soap-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-wti-0:4.10.0-110.el9_8.3.noarch.rpm", "fence-agents-zvm-0:4.10.0-110.el9_8.3.s390x.rpm","fence-virt-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-cpg-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-cpg-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virt-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-libvirt-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-libvirt-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-multicast-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-multicast-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-serial-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-serial-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-tcp-0:4.10.0-110.el9_8.3.x86_64.rpm", "fence-virtd-tcp-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm", "ha-cloud-support-0:4.10.0-110.el9_8.3.ppc64le.rpm", "ha-cloud-support-0:4.10.0-110.el9_8.3.x86_64.rpm", "ha-cloud-support-debuginfo-0:4.10.0-110.el9_8.3.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. An important security update for fence-agents on Rocky Linux addresses authentication bypass issues and fixes a CVE.. fence agents security, rocky linux update, important security fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 17, 2026 Important Rocky Linux
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200