Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves 6 vulnerabilities and has 7 bug fixes can now be installed.. openSUSE security update: security update for tomcat11 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21329-1 Rating: moderate References: * bsc#1232390 * bsc#1269791 * bsc#1269824 * bsc#1269907 * bsc#1269908 * bsc#1269909 * bsc#1269910 Cross-References: * CVE-2026-50229 * CVE-2026-53404 * CVE-2026-53434 * CVE-2026-55276 * CVE-2026-55955 * CVE-2026-55956 CVSS scores: * CVE-2026-50229 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-50229 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-53404 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-53404 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-53434 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-53434 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-55276 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-55276 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-55955 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-55955 ( SUSE ): 2.3 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-55956 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-55956 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 6 vulnerabilities and has 7 bug fixes can now be installed. Description: This update for tomcat11 fixes the following issues Update to Tomcat 11.0.23. Security issues fixed: - CVE-2026-50229: improper neutralization of script-related HTML tags in the number guess example (bsc#1269791). - CVE-2026-53404:always-incorrect control flow implementation in the rewrite valve caused non-OR conditions to be skipped if the first condition in an OR chain matched (bsc#1269910). - CVE-2026-53434: error condition not handled when configuring CRLs for a FFM based connector (bsc#1269824). - CVE-2026-55276: always-incorrect control flow implementation caused special roles and empty authorization constraints to not be included when the effective web.xml was logged (bsc#1269909). - CVE-2026-55955: improper authentication allows a replay attack against the EncryptionInterceptor in the cluster component (bsc#1269908). - CVE-2026-55956: improper authorization leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint (bsc#1269907). Other updates and bugfixes: - Upgrade libtcnative to v2 (bsc#1232390) - Tomcat 11.0.23: * Catalina + Add: Add support for literal '%' characters in access log output. Based on pull request #1002 by Fabian Hahn. (markt) + Fix: Lower the log level to debug when OpenSSL initialization fails in OpenSSLLifecycleListener to avoid stack traces when libssl.so is not present and to align the behavior of the isAvailable() check with the AprLifecycleListener and gracefully fail when natives are not present. (csutherl) + Fix: 70038: Cookie.clone() should also clone the internal attribute map. (markt) + Code: Remove unnecessary code from the SSI processing engine that was duplicating some of the normalisation checks. (markt) + Fix: Cleaner handling of invalid SPNEGO tokens. (remm) + Fix: Avoid some NPEs in the Connector class on an uninitialize protocol. (remm) + Fix: Incorrect session average life calculation. (remm) + Fix: Improve robustness on using Pipeline.setBasic on a running pipeline. (remm) + Fix: Avoid any init parameter updates when conflicts are found for filters, similar to what is done for servlets, as required by theservlet specification. (remm) + Fix: Fix container event cleanups in some edge cases. (remm) + Fix: Check for last-modified header in ExpiresFilter when a servlet uses addDateHeader to avoid wrongly considering it has been set. (remm) + Fix: Fix hour unit used by ExpiresFilter. (remm) + Fix: Remove exception swallowing in DataSourceStore to align it with FileStore and avoid session loss on errors. (remm) + Fix: Add support for single-quote escaped literal as well as quoted literals in DateFormatCache. (schultz) + Fix: On JAAS logout, clear out role principals on the subject that were added on commit, as recommended by the JAAS specification. (remm) + Fix: MemoryRealm should not add a dummy role when none is specified in the configuration. (remm) + Fix: DataSourceUserDatabase should return a null principal on a non existing user. (remm) + Fix: Fix shared lock expiration in WebDAV. (remm) + Fix: Inaccurate session exipration statistics when using the persistent manager. (remm) + Fix: Skip BOM when serving files with UTF-32 encoding. (remm) + Fix: Mixup of WrapperListener and WrapperLifecycle elements in storeconfig. (remm) + Fix: Incorrect processing of modified users in DataSourceUserDatabase. (remm) + Update: Clarify behavior in the UserDatabase for user, role and group creation that it does not immediately override existing elements. Removal (or update) needs to be used instead. (remm) + Fix: 70049: Align the web application class loader with parent class loaders and swallow any errors caused by invalid paths when looking up resources and behave as if the resources were not found in that case. (markt) + Fix: Improve validation of Range and Content-Range parsers so invalid ranges trigger a 4xx response rather than a 500 response. Pull request #1012 provided by Sahana Surendra Bogar. (markt) + Fix: Fix connection leak in ProxyErrorReportValve.(remm) + Fix: When using the RewriteValve, %{SSL:HTTPS} now returns on or off rather than true or false to align with httpd. (markt) + Fix: Reset the encoding used for query string parameters between requests in case an application changed the encoding in a previous request. (markt) + Fix: When encoding URLs with the CsrfPreventionFilter, don't add the nonce to URLs that are known not to require it. (markt) + Fix: Fix SSO cookie partitioned configuration. (remm) + Fix: Fix CombinedRealm isAvailable, it allows authentication if at least one sub realm is available. (remm) + Fix: 70048: Correctly handle asynchronous requests in PersistentValve. (markt) + Fix: Improve the detection of cross-context dispatches when using a RequestDispatcher. (markt) + Fix: Fix various instances of double decoding of URL patterns configured either programmatically or in web.xml. (remm/markt) + Fix: Align the rewrite conditions ornext flag processing with mod_rewrite, which follows a purely sequential evaluation strategy. (remm) + Fix: Update default web.xml version to match supported Servlet specification version. (markt) + Fix: Change the default for the useRedirect attribute of the ProxyErrorReportValve from true to false. (markt) + Add: Add support for the showReport attribute in JsonErrorReportValve and ProxyErrorReportValve. When set to false, detailed error information (message, description, stack trace) is suppressed from error responses. (dsoumis) + Fix: Avoid a NoClassDefFoundError at startup when catalina-tribes.jar is removed but catalina-ha.jar is present and the Cluster element is enabled in server.xml. Cluster digester rules are now fully conditional on both JARs being available. (dsoumis) + Fix: Fix a potential deadlock when copying resources using WebDAV. (markt) + Fix: Add jakarta., org.apache.catalina. and org.apache.tomcat.to the list of reserved prefixesfor SSI variables and request attributes. (markt) + Fix: Missing URL decoding when processing addMapping on a Servlet registration. (remm) + Fix: The Timeout WebDAV header allows comma separated values (according to the examples in the RFC). Use the first acceptable value. (remm) + Fix: Fix various issues when logging the effective web.xml for a web application. Empty sections are no longer logged. Special roles and empty authorisation constraints are included. All session cookie attributes are included. (markt) + Fix: Expand the write lock for the save process in the MemoryUserDatabase to avoid concurrency issues with the file save operations. (markt) + Fix: Ensure atomic session persistence in FileStore. Based on pull request #1016 by sahvx655-wq. (markt) + Fix: Do not ignore methods configured on security constraints that map to the default servlet. (markt) * Cluster + Fix: Expand wording and increase visibility of log message when cloud membership is configured without a trust store as all certificates will be trusted in this configuration. (markt) + Fix: Ensure listeners are correctly added and removed when configuring the channel coordinator. (markt) + Fix: Fix some concurrency issues in FragmentationInterceptor. (markt) + Fix: Fix some concurrency issues in OrderInterceptor. (markt) + Fix: Fix some concurrency issues in TwoPhaseCommitInterceptor. (markt) + Fix: Fix concurrency issues generating MD5 digests in the CloudMembershipProvider implementations. (markt) + Add: Add replay protection to the EncryptInterceptor. This us a breaking change for the EncryptInterceptor.(markt) * Coyote + Add: Log a suitable warning if an encrypted PEM file is detected using an insecure form for encryption. (markt) + Fix: If TLS groups have been configured, use the configured groups rather than using OpenSSL's default TLS groups when using Tomcat Native with OpenSSLbased connectors. (markt) + Fix: For HTTP/2, ensure that any in progress request body reads are cancelled if the container resets the associated stream. This prevents delays waiting for reads to time out when it is known that no more data will be received. (markt) + Fix: Ensure that malformed HTTP/2 messages that should trigger a stream reset do so, rather than triggered a connection close. (markt) + Fix: Improve enforcement of header trailer allow list for HTTP/2. (remm) + Fix: 70050: Avoid NPE when no header frame is processed in HTTP/2, following refactor clean-up of header buffer. (remm) + Fix: Properly use pollerThreadPriority for the NIO poller thread. (remm) + Fix: Fix MessageByte.equals if called on a null MB. (remm) + Fix: Call the delegate key manager in JSSE to retrieve the server key. (remm) + Fix: Avoid overflow scenarios in Asn1Parser. (remm) + Fix: 70091: Add a new attribute, allowSchemeMismatch to Http2Protocol that allows the consistency check for the scheme provided by the user agent to be bypassed. (markt) + Fix: isTrailerFieldsReady was always returning true. (remm) + Fix: Align OpenSSL/Panama TLS implementation with other implementations and throw an exception if there is an error loading the provided CRL(s). (markt) + Fix: Parsing of OpenSSL format cipher expressions incorrectly stopped if @STRENGTH was encountered, ignoring any subsequent expressions. (markt) + Fix: Handle the case where the HTTP/2 payload length is insufficient for the mandatory data required by the flags set in the header. (markt) + Fix: 70102: Correct expected size of ticket keys when calling setSessionTicketKeys with an FFM connector. (markt) + Fix: 69988: Fix post handshake authentication for TLS 1.3. It was broken by a breaking change in OpenSSL between 1.1.1 and 3.0.0. (markt) + Fix: When processing an OpenSSL cipher specification, fully align the order of theresulting ciphers with the order produced by OpenSSL. (markt) + Add: Add support for Brainpool TLS groups. Patch provided by YStankov. (schultz) + Update: Update both the minimum and recommended version for Tomcat Native 2.x to 2.0.15. (markt) + Update: Update the minimum version for Tomcat Native 1.x to 1.3.8. (markt) * Jasper + Fix: Fix possible EL argument mismatch when it was set to null. (remm) + Fix: Fix thread safety of TagPluginManager. (remm) + Fix: Correctly use flush on JSP include. (remm) * Web applications + Add: Manager: Add checks to ensure that any uploaded files are uploaded to the expected location. (markt) + Add: Manager: Add checks to ensure that the requested context path for a deployed WAR, directory or descriptor file is valid. (markt) + Add: Documentation: Expand the description of some of the attributes of the CrawlerSessionManagerValve. (markt) + Fix: Documentation: Clearer description and correct documented default for ocspSoftFail. (markt) + Fix: Fix double escaping in the context names for the JSON mode of the manager servlet. (remm) + Fix: Manager: Ensure automatic deployment does not trigger an undeployment during a Manager triggered web application reload. (markt) + Fix: Documentation: Provide better documentation for the scheme and secure attributes of a Connector. (markt) * Websocket + Fix: Incorrect Future.isDone() return by AsyncChannelWrapperSecure. (remm) + Fix: Trigger standard WebSocket error handling if a call to Endpoint.onOpen() fails for a programmatic endpoint. (markt) + Fix: 70110: Fix memory leak if a call to Endpoint.onOpen() fails for a programmatic endpoint. Test case provided by uabdur. (markt) + Fix: If a client presents invalid parameters when negotiating a WebSocket extension, decline the negotiation offer that includes the invalid parameters rather than failing the connection. Pull request #1019 provided by sahvx655-wq. (markt) * Other + Fix: Use per connection authenticator when executing an Ant task. (remm/markt) + Update: Update Commons Daemon to 1.6.1. (markt) + Fix: Prevent duplicate log messages when clustering JARs are not present on startup. (csutherl) + Update: Improvements to French translations. (remm) + Update: Improvements to Japanese translations provided by tak7iji. (markt) + Update: Update the packaged version of the Tomcat Migration Tool for Jakarta EE to 1.0.12. (markt) + Update: Update Tomcat Native to 2.0.15. (markt) Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1233=1 Package List: - openSUSE Leap 16.0: tomcat11-11.0.23-160000.1.1 tomcat11-admin-webapps-11.0.23-160000.1.1 tomcat11-doc-11.0.23-160000.1.1 tomcat11-docs-webapp-11.0.23-160000.1.1 tomcat11-el-6_0-api-11.0.23-160000.1.1 tomcat11-embed-11.0.23-160000.1.1 tomcat11-jsp-4_0-api-11.0.23-160000.1.1 tomcat11-jsvc-11.0.23-160000.1.1 tomcat11-lib-11.0.23-160000.1.1 tomcat11-servlet-6_1-api-11.0.23-160000.1.1 tomcat11-webapps-11.0.23-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2026-50229.html * https://www.suse.com/security/cve/CVE-2026-53404.html * https://www.suse.com/security/cve/CVE-2026-53434.html * https://www.suse.com/security/cve/CVE-2026-55276.html * https://www.suse.com/security/cve/CVE-2026-55955.html * https://www.suse.com/security/cve/CVE-2026-55956.html . Install the latest openSUSE security update for tomcat11 to resolve six issues, ensuring system integrity and safety.. openSUSE security update, tomcat11 vulnerabilities, moderate severity, security issues fixed. . Severity: moderate. LinuxSecurity.com Team
An update that solves 10 vulnerabilities can now be installed.. # libmbedtls23-4.2.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:11215-1 Rating: moderate Cross-References: * CVE-2026-25832 * CVE-2026-49300 * CVE-2026-50579 * CVE-2026-50580 * CVE-2026-50581 * CVE-2026-50585 * CVE-2026-50586 * CVE-2026-50588 * CVE-2026-50640 * CVE-2026-54441 Affected Products: * openSUSE Tumbleweed An update that solves 10 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the libmbedtls23-4.2.0-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * libmbedtls23 4.2.0-1.1 * libmbedtls23-x86-64-v3 4.2.0-1.1 * libmbedx509-9 4.2.0-1.1 * libmbedx509-9-x86-64-v3 4.2.0-1.1 * libtfpsacrypto2 4.2.0-1.1 * libtfpsacrypto2-x86-64-v3 4.2.0-1.1 * mbedtls-devel 4.2.0-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25832.html * https://www.suse.com/security/cve/CVE-2026-49300.html * https://www.suse.com/security/cve/CVE-2026-50579.html * https://www.suse.com/security/cve/CVE-2026-50580.html * https://www.suse.com/security/cve/CVE-2026-50581.html * https://www.suse.com/security/cve/CVE-2026-50585.html * https://www.suse.com/security/cve/CVE-2026-50586.html * https://www.suse.com/security/cve/CVE-2026-50588.html * https://www.suse.com/security/cve/CVE-2026-50640.html * https://www.suse.com/security/cve/CVE-2026-54441.html . Ten vulnerabilities fixed in openSUSE Tumbleweed's libmbedtls23-4.2.0-1.1 package enhance system security.. opensuse security update, libmbedtls23 vulnerabilities, operating system patch. . Severity: moderate. LinuxSecurity.com Team
Two security vulnerabilities were discovered in OpenVPN, a virtual private network application. CVE-2026-35058 Improper validation of packet length during tls-crypt-v2 key extraction allows authenticated attackers to trigger a fatal. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4653-1
Several security issues were fixed in Tomcat.. ========================================================================== Ubuntu Security Notice USN-8450-1 June 18, 2026 tomcat11 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS Summary: Several security issues were fixed in Tomcat. Software Description: - tomcat11: Servlet and JSP engine Details: It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could possibly use this issue to cause Tomcat to consume excessive memory, resulting in a denial of service. (CVE-2026-41284) It was discovered that Tomcat incorrectly validated HTTP/2 header fields. A remote attacker could use this issue to cause Tomcat to crash or possibly execute arbitrary code. (CVE-2026-41293) It was discovered that Tomcat did not properly clear HTTP authentication headers during WebSocket connection upgrades and redirects. A remote attacker could possibly use this issue to obtain sensitive credentials. (CVE-2026-42498) It was discovered that Tomcat incorrectly handled authorization when multiple method constraints defined the same HTTP method. A remote attacker could possibly use this issue to bypass authorization restrictions. (CVE-2026-43515) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libtomcat11-embed-java 11.0.18-1ubuntu0.1~esm1 Available with Ubuntu Pro libtomcat11-java 11.0.18-1ubuntu0.1~esm1 Available with Ubuntu Pro tomcat11 11.0.18-1ubuntu0.1~esm1 Available with Ubuntu Pro After a standard system update you need to restart Tomcat to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8450-1 CVE-2026-41284, CVE-2026-41293, CVE-2026-42498, CVE-2026-43515 . Several critical issues in Tomcat on Ubuntu were fixed to prevent potential remote attacks and denial of service.. Tomcat security, Ubuntu updates, remote code execution, denial of service, authentication flaws. . Severity: Critical. LinuxSecurity.com Team
An update that solves 11 vulnerabilities and has one fix can now be installed.. # Security update for openssl-3 Announcement ID: SUSE-SU-2026:22132-1 Release Date: 2026-06-11T12:41:55Z Rating: important References: * bsc#1230698 * bsc#1260446 * bsc#1261678 * bsc#1266340 * bsc#1266341 * bsc#1266342 * bsc#1266344 * bsc#1266349 * bsc#1266353 * bsc#1266355 * bsc#1266356 * bsc#1266357 Cross-References: * CVE-2024-41996 * CVE-2026-28390 * CVE-2026-34180 * CVE-2026-34182 * CVE-2026-42766 * CVE-2026-42770 * CVE-2026-45445 * CVE-2026-45446 * CVE-2026-45447 * CVE-2026-7383 * CVE-2026-9076 CVSS scores: * CVE-2024-41996 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-41996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34180 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-34180 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-34180 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34182 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34182 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34182 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-42766 ( SUSE ): 6.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42766 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-42766 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H *CVE-2026-42770 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-42770 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N * CVE-2026-42770 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-45445 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-45445 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-45445 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-45446 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-45446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-45446 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-45447 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-45447 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-45447 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-7383 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-7383 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-7383 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-9076 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-9076 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-9076 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves 11 vulnerabilities and has one fix can now be installed. ## Description: This update for openssl-3 fixes the following issues * CVE-2024-41996: DHEATATTACK: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698). * CVE-2026-7383: Possible Heap Buffer Overflow inASN.1 Multibyte String Conversion (bsc#1266340). * CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption (bsc#1266341). * CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). * CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing (bsc#1266342). * CVE-2026-34182: CMS AuthEnvelopedData Processing May Accept Forged Messages (bsc#1266344). * CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption (bsc#1266349). * CVE-2026-42770: FFC-DH Peer Validation Uses Attacker-Supplied q (bsc#1266353). * CVE-2026-45445: AES-OCB IV Ignored on EVP_Cipher() Path (bsc#1266355). * CVE-2026-45446: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes (bsc#1266356). * CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266357). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-576=1 ## Package List: * SUSE Linux Micro 6.1 (s390x) * libopenssl-3-fips-provider-debuginfo-3.1.4-slfo.1.1_10.1 * libopenssl3-debuginfo-3.1.4-slfo.1.1_10.1 * openssl-3-3.1.4-slfo.1.1_10.1 * openssl-3-debuginfo-3.1.4-slfo.1.1_10.1 * libopenssl-3-devel-3.1.4-slfo.1.1_10.1 * libopenssl-3-fips-provider-3.1.4-slfo.1.1_10.1 * libopenssl3-3.1.4-slfo.1.1_10.1 * openssl-3-debugsource-3.1.4-slfo.1.1_10.1 ## References: * https://www.suse.com/security/cve/CVE-2024-41996.html * https://www.suse.com/security/cve/CVE-2026-28390.html * https://www.suse.com/security/cve/CVE-2026-34180.html * https://www.suse.com/security/cve/CVE-2026-34182.html * https://www.suse.com/security/cve/CVE-2026-42766.html * https://www.suse.com/security/cve/CVE-2026-42770.html *https://www.suse.com/security/cve/CVE-2026-45445.html * https://www.suse.com/security/cve/CVE-2026-45446.html * https://www.suse.com/security/cve/CVE-2026-45447.html * https://www.suse.com/security/cve/CVE-2026-7383.html * https://www.suse.com/security/cve/CVE-2026-9076.html * https://bugzilla.suse.com/show_bug.cgi?id=1230698 * https://bugzilla.suse.com/show_bug.cgi?id=1260446 * https://bugzilla.suse.com/show_bug.cgi?id=1261678 * https://bugzilla.suse.com/show_bug.cgi?id=1266340 * https://bugzilla.suse.com/show_bug.cgi?id=1266341 * https://bugzilla.suse.com/show_bug.cgi?id=1266342 * https://bugzilla.suse.com/show_bug.cgi?id=1266344 * https://bugzilla.suse.com/show_bug.cgi?id=1266349 * https://bugzilla.suse.com/show_bug.cgi?id=1266353 * https://bugzilla.suse.com/show_bug.cgi?id=1266355 * https://bugzilla.suse.com/show_bug.cgi?id=1266356 * https://bugzilla.suse.com/show_bug.cgi?id=1266357 . SUSE's important security update for openssl-3 addresses multiple vulnerabilities. Install it immediately for protection.. SUSE security update openssl vulnerabilities patch important. . Severity: Important. LinuxSecurity.com Team
An update that solves seven vulnerabilities can now be installed.. # Security update for tomcat11 Announcement ID: SUSE-SU-2026:2374-1 Release Date: 2026-06-11T15:34:50Z Rating: important References: * bsc#1265145 * bsc#1265162 * bsc#1265163 * bsc#1265165 * bsc#1265166 * bsc#1265167 * bsc#1265168 Cross-References: * CVE-2026-41284 * CVE-2026-41293 * CVE-2026-42498 * CVE-2026-43512 * CVE-2026-43513 * CVE-2026-43514 * CVE-2026-43515 CVSS scores: * CVE-2026-41284 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-41284 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-41284 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-41293 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-41293 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-41293 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-42498 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-42498 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-42498 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-43512 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-43512 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-43512 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43513 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43513 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43513 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-43514 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-43514 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-43514 ( NVD ): 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-43515 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-43515 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-43515 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * Web and Scripting Module 15-SP7 An update that solves seven vulnerabilities can now be installed. ## Description: This update for tomcat11 fixes the following issues Update to Tomcat 11.0.22: * CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling (bsc#1265162). * CVE-2026-41293: HTTP/2 request headers not validated (bsc#1265163). * CVE-2026-42498: WebSocket authentication header exposure (bsc#1265165). * CVE-2026-43512: digest authenticator will authenticate any unknown user (bsc#1265145). * CVE-2026-43513: LockOutRealm treats user names as case-sensitive (bsc#1265166). * CVE-2026-43514: AJP secret compared in non-constant time (bsc#1265167). * CVE-2026-43515: Security constraints not correctly applied (bsc#1265168). Changes: * Catalina * Add: Enhance version.sh and version.bat to display APR, Tomcat Native, and OpenSSL version information (both APR and FFM implementations), along with version compatibility warnings and third-party library version information. (csutherl) * Code: Refactor generation of the remote user element in the access log to remove unnecessary code. (markt) * Fix: Fix a regression in the previous release that meant ?- could appear in the access log rather than ? when the query string was present but empty. (markt) * Fix: Failed precondition should make WebDAV DELETE fail. #982 submitted by Mahmoud Alarby.(remm) * Fix: Align the escaping in ExtendedAccessLogValve with the other AccessLogValve implementations. (markt) * Fix: 70000: fix duplication of special headers in the response after commit, following fix for 69967. (remm) * Fix: Correct the handling of URIs mapped to a security constraint that only specifies the special ** role for all authenticated users. Requests without authentication were receiving 403 responses rather than 401 responses. (markt) * Fix: Fix a race condition in StandardContext.getServletContext() that could cause the jakarta.servlet.context.tempdir attribute to be lost during a context reload. Make the context field volatile and use locking to ensure only one ApplicationContext instance is created. (dsoumis) * Fix: Update the Windows authentication (kerberos) documentation to reflect that both Java and Windows are removing / have removed support for RC4-HMAC. The guide now uses AES256-SHA1. (markt) * Fix: Add a new initialisation parameter for WebDAV, maxRequestBodySize which limits the size of a WebDAV request body for LOCK and PROPFIND. The default value is 4096 bytes. (markt) * Add: Add a new caseSensitive attribute to the LockOutRealm that controls the manner in which user names are treated when making locking decisions. The default is false, meaning user names are treated in a case insensitive manner. (markt) * Fix: Correct the handling of invalid users with DIGEST authentication. (markt) * Fix: Ensure RealmBase finds all matching extension based security constraints. (markt) * Coyote * Fix: Avoid various edge cases if Content-Length is set via setHeader(String,String) or addHeader(String,String) with an invalid value by always clearing the previous value whether the new value is valid or not and ignoring any invalid new value. (markt) * Code: Refactor the calculation of the real index in the HPACK dynamic header table implementation to reduce code duplication. (markt) * Fix:Fix various minor issues with some HTTP/2 stream error messages for HTTP/2. (markt) * Fix: Consistently reject URIs containing NULL bytes when normalizing. * Fix: Fix a few minor memory leaks on error paths reading TLS keys and certificates when using FFM. (markt) * Fix: Refactor clean-up after HTTP/2 headers have been processed to aid GC after a stream reset. (markt) * Fix: Align HTTP/2 trailer fields with HTTP/1.1 and filter out any fields not permitted in trailers. (markt) * Fix: Free private keys after use in FFM based connector configuration. * Fix: Correct an unlikely edge-case parsing bug in the HTTP/2 HPACK header decoding that could result in a valid header triggering an unexpected connection close. (markt) * Fix: Refactor HTTP/2 HPACK encoding so header field names are only converted to lower case once during the encoding process. (markt) * Fix: Refactor HTTP/2 header field validation so it occurs earlier. Extend validation to check for disallowed characters as well as upper case characters. (markt) * Fix: Add TLS 1.3 groups added in OpenSSL 4.0. (remm) * Fix: Add validation that the HTTP/2 :scheme pseudo-header is consistent with the use (or not) of TLS. (markt) * Fix: Correct the validation of pseudo headers and CONNECT requests to align Tomcat's behaviour with RFC 9113, section 8.5. (markt) * Fix: Fix a potential integer overflow when allocating capacity from a connection level window update to individual HTTP/2 streams. Based on #996 by Mike Tingey Jr. (markt) * Fix: Switch AJP secret comparison to a constant time algorithm. (markt) * WebSocket * Fix: Fix the initial connection to a WebSocket end point where the connection is made via a proxy that requires DIGEST authentication. * Other * Fix: 69993: Update the URL to the CDDL 1.0 license. (markt) * Add: Add warning when OpenSSL binary is not found. (csutherl) * Add: Add check for Tomcat Native library, and log warning when it's not found to make iteasier to see when it's not used by the suite. (csutherl) * Update: Update Byte Buddy to 1.18.8. (markt) * Update: Update Bouncy Castle to 1.84. (markt) * Update: Improvements to French translations. (remm) * Update: Improvements to Japanese translations provided by tak7iji. (markt) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2374=1 * Web and Scripting Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-2374=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2374=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2374=1 ## Package List: * openSUSE Leap 15.6 (noarch) * tomcat11-embed-11.0.22-150600.13.21.1 * tomcat11-jsp-4_0-api-11.0.22-150600.13.21.1 * tomcat11-lib-11.0.22-150600.13.21.1 * tomcat11-webapps-11.0.22-150600.13.21.1 * tomcat11-docs-webapp-11.0.22-150600.13.21.1 * tomcat11-jsvc-11.0.22-150600.13.21.1 * tomcat11-doc-11.0.22-150600.13.21.1 * tomcat11-servlet-6_1-api-11.0.22-150600.13.21.1 * tomcat11-11.0.22-150600.13.21.1 * tomcat11-admin-webapps-11.0.22-150600.13.21.1 * tomcat11-el-6_0-api-11.0.22-150600.13.21.1 * Web and Scripting Module 15-SP7 (noarch) * tomcat11-jsp-4_0-api-11.0.22-150600.13.21.1 * tomcat11-lib-11.0.22-150600.13.21.1 * tomcat11-webapps-11.0.22-150600.13.21.1 * tomcat11-servlet-6_1-api-11.0.22-150600.13.21.1 * tomcat11-11.0.22-150600.13.21.1 * tomcat11-admin-webapps-11.0.22-150600.13.21.1 * tomcat11-el-6_0-api-11.0.22-150600.13.21.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * tomcat11-jsp-4_0-api-11.0.22-150600.13.21.1 * tomcat11-lib-11.0.22-150600.13.21.1 *tomcat11-webapps-11.0.22-150600.13.21.1 * tomcat11-servlet-6_1-api-11.0.22-150600.13.21.1 * tomcat11-11.0.22-150600.13.21.1 * tomcat11-admin-webapps-11.0.22-150600.13.21.1 * tomcat11-el-6_0-api-11.0.22-150600.13.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * tomcat11-jsp-4_0-api-11.0.22-150600.13.21.1 * tomcat11-lib-11.0.22-150600.13.21.1 * tomcat11-webapps-11.0.22-150600.13.21.1 * tomcat11-servlet-6_1-api-11.0.22-150600.13.21.1 * tomcat11-11.0.22-150600.13.21.1 * tomcat11-admin-webapps-11.0.22-150600.13.21.1 * tomcat11-el-6_0-api-11.0.22-150600.13.21.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41284.html * https://www.suse.com/security/cve/CVE-2026-41293.html * https://www.suse.com/security/cve/CVE-2026-42498.html * https://www.suse.com/security/cve/CVE-2026-43512.html * https://www.suse.com/security/cve/CVE-2026-43513.html * https://www.suse.com/security/cve/CVE-2026-43514.html * https://www.suse.com/security/cve/CVE-2026-43515.html * https://bugzilla.suse.com/show_bug.cgi?id=1265145 * https://bugzilla.suse.com/show_bug.cgi?id=1265162 * https://bugzilla.suse.com/show_bug.cgi?id=1265163 * https://bugzilla.suse.com/show_bug.cgi?id=1265165 * https://bugzilla.suse.com/show_bug.cgi?id=1265166 * https://bugzilla.suse.com/show_bug.cgi?id=1265167 * https://bugzilla.suse.com/show_bug.cgi?id=1265168 . An update for openSUSE addresses seven important vulnerabilities in tomcat11 including unbounded read and authentication risks.. openSUSE tomcat11 vulnerabilities patch security. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for firewalld Announcement ID: SUSE-SU-2026:2302-1 Release Date: 2026-06-08T15:27:07Z Rating: moderate References: * bsc#1260903 Cross-References: * CVE-2026-4948 CVSS scores: * CVE-2026-4948 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-4948 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for firewalld fixes the following issue: * CVE-2026-4948: local unprivileged users can modify the runtime firewall state without proper authentication due to D-Bus setter mis-authorizations (bsc#1260903). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2302=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2302=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2302=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2302=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2302=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-2302=1 ## Package List: * openSUSE Leap 15.4 (noarch) * firewalld-lang-0.9.3-150400.8.15.1 * firewall-applet-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 *firewall-macros-0.9.3-150400.8.15.1 * python3-firewall-0.9.3-150400.8.15.1 * firewall-config-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-firewall-0.9.3-150400.8.15.1 * firewalld-0.9.3-150400.8.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4948.html * https://bugzilla.suse.com/show_bug.cgi?id=1260903 . This advisory details a moderate security update for openSUSE firewalld fixing a D-Bus authentication issue for local users.. firewalld security update, openSUSE vulnerability, D-Bus authentication issue. . Severity: moderate. LinuxSecurity.com Team
MGASA-2026-0140 - Updated perl-HTTP-Tiny packages fix security vulnerability. MGASA-2026-0140 - Updated perl-HTTP-Tiny packages fix security vulnerability Publication date: 15 May 2026 URL: https://advisories.mageia.org/MGASA-2026-0140.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-7010 Description: HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. (CVE-2026-7010) References: - https://bugs.mageia.org/show_bug.cgi?id=35521 - https://www.openwall.com/lists/oss-security/2026/05/11/17 - https://metacpan.org/release/HAARG/HTTP-Tiny-0.093-TRIAL/changes - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7010 SRPMS: - 9/core/perl-HTTP-Tiny-0.82.0-1.2.mga9 . Updated perl-HTTP-Tiny packages address serious security flaws in Mageia 9, ensuring better protection against attacks.. Mageia 9 security, perl-HTTP-Tiny updates, HTTP vulnerability fix. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.