Alerts This Week
Warning Icon 1 905
Alerts This Week
Warning Icon 1 905

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE libyang Important Buffer Overflow Advisory 2026-2381-1

Calendar White Jun 12, 2026
Important
Opensuse Large Esm H900
openSUSE

openSUSE HPLIP Severe Code Execution Denial of Service 2026-2380-1

Calendar White Jun 12, 2026
Critical
Suse Large Esm H900
SuSE

openSUSE HPLIP Critical Escalation DoS Advisory SUSE-2026-2380-1

Calendar White Jun 12, 2026
Critical
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.2 python-Pygments Low Denial of Service CVE-2026-4539

Calendar White Jun 12, 2026
Low
Ubuntu Large Esm H900
Ubuntu

Ubuntu 16.04 LTS GStreamer Base Plugins Critical DoS CVE-2026-2921

Calendar White Jun 12, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 12 Linux Base Update Brings Important Security Fix DLA-4628-1

Calendar White Jun 12, 2026
Informational
Debianlts Large Esm H800
Debian LTS

Debian 12 Kernel-Wedge Update for Linux 6.12 DLA-4627-1

Calendar White Jun 12, 2026
Informational
Opensuse Large Esm H900
openSUSE

openSUSE NetworkManager-libreswan Important Security Update CVE-2024-9050

Calendar White Jun 12, 2026
Important
Opensuse Large Esm H900
openSUSE

openSUSE Rclone Critical Security Update CVE-2026-25680 CVE-2026-25681

Calendar White Jun 12, 2026
Critical
Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":555,"type":"x","order":1,"pct":78.72,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.26,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.82,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.2,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 2 articles for you...
202
Ls Advisories Opensuse Esm H240
Price Tag%201security advisorymoderateOpenSUSE

openSUSE Tumbleweed aardvark-dns Moderate CVE-2026-35406

An update that solves one vulnerability can now be installed.. # aardvark-dns-1.17.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10570-1 Rating: moderate Cross-References: * CVE-2026-35406 CVSS scores: * CVE-2026-35406 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35406 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the aardvark-dns-1.17.1-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * aardvark-dns 1.17.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35406.html . Aardvark DNS update on openSUSE addresses moderate vulnerability CVE-2026-35406, enhancing system security.. openSUSE aardvark dns update security availability CVE-2026-35406. . LinuxSecurity.com Team

Calendar%202 Apr 19, 2026 OpenSUSE
100
Ls Advisories Suse Esm H240
Price Tag%201security advisorymoderateDoS

openSUSE: python310 Moderate DoS Availability Issues 2026:0130-1

An update that solves three vulnerabilities can now be installed.. # Security update for python310 Announcement ID: SUSE-SU-2026:0130-1 Release Date: 2026-01-15T13:11:13Z Rating: moderate References: * bsc#1254400 * bsc#1254401 * bsc#1254997 Cross-References: * CVE-2025-12084 * CVE-2025-13836 * CVE-2025-13837 CVSS scores: * CVE-2025-12084 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-12084 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13836 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13836 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2025-13837 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13837 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13837 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X AffectedProducts: * openSUSE Leap 15.4 * openSUSE Leap 15.6 An update that solves three vulnerabilities can now be installed. ## Description: This update for python310 fixes the following issues: * CVE-2025-12084: quadratic complexity when building nested elements using `xml.dom.minidom` methods that depend on `_clear_id_cache()` can lead to availability issues when building excessively nested documents (bsc#1254997). * CVE-2025-13836: use of `Content-Length` by default when reading an HTTP response with no read amount specified can lead to OOM issues and DoS when a client deals with a malicious server (bsc#1254400). * CVE-2025-13837: data read by the plistlib module according to the size specified by the file itself can lead to OOM issues and DoS (bsc#1254401). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-130=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-130=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python310-base-debuginfo-3.10.19-150400.4.94.1 * python310-curses-3.10.19-150400.4.94.1 * python310-debugsource-3.10.19-150400.4.94.1 * python310-base-3.10.19-150400.4.94.1 * python310-testsuite-3.10.19-150400.4.94.1 * python310-tk-debuginfo-3.10.19-150400.4.94.1 * python310-doc-devhelp-3.10.19-150400.4.94.1 * python310-curses-debuginfo-3.10.19-150400.4.94.1 * python310-testsuite-debuginfo-3.10.19-150400.4.94.1 * python310-3.10.19-150400.4.94.1 * python310-doc-3.10.19-150400.4.94.1 * libpython3_10-1_0-debuginfo-3.10.19-150400.4.94.1 * python310-dbm-debuginfo-3.10.19-150400.4.94.1 * python310-tk-3.10.19-150400.4.94.1 * python310-idle-3.10.19-150400.4.94.1 * python310-devel-3.10.19-150400.4.94.1 *python310-core-debugsource-3.10.19-150400.4.94.1 * python310-dbm-3.10.19-150400.4.94.1 * python310-tools-3.10.19-150400.4.94.1 * libpython3_10-1_0-3.10.19-150400.4.94.1 * python310-debuginfo-3.10.19-150400.4.94.1 * openSUSE Leap 15.4 (x86_64) * python310-32bit-3.10.19-150400.4.94.1 * python310-base-32bit-debuginfo-3.10.19-150400.4.94.1 * python310-base-32bit-3.10.19-150400.4.94.1 * libpython3_10-1_0-32bit-3.10.19-150400.4.94.1 * python310-32bit-debuginfo-3.10.19-150400.4.94.1 * libpython3_10-1_0-32bit-debuginfo-3.10.19-150400.4.94.1 * openSUSE Leap 15.4 (aarch64_ilp32) * python310-64bit-3.10.19-150400.4.94.1 * python310-64bit-debuginfo-3.10.19-150400.4.94.1 * python310-base-64bit-3.10.19-150400.4.94.1 * libpython3_10-1_0-64bit-debuginfo-3.10.19-150400.4.94.1 * python310-base-64bit-debuginfo-3.10.19-150400.4.94.1 * libpython3_10-1_0-64bit-3.10.19-150400.4.94.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python310-base-debuginfo-3.10.19-150400.4.94.1 * python310-curses-3.10.19-150400.4.94.1 * python310-debugsource-3.10.19-150400.4.94.1 * python310-base-3.10.19-150400.4.94.1 * python310-testsuite-3.10.19-150400.4.94.1 * python310-tk-debuginfo-3.10.19-150400.4.94.1 * python310-doc-devhelp-3.10.19-150400.4.94.1 * python310-curses-debuginfo-3.10.19-150400.4.94.1 * python310-testsuite-debuginfo-3.10.19-150400.4.94.1 * python310-3.10.19-150400.4.94.1 * python310-doc-3.10.19-150400.4.94.1 * libpython3_10-1_0-debuginfo-3.10.19-150400.4.94.1 * python310-dbm-debuginfo-3.10.19-150400.4.94.1 * python310-tk-3.10.19-150400.4.94.1 * python310-idle-3.10.19-150400.4.94.1 * python310-devel-3.10.19-150400.4.94.1 * python310-core-debugsource-3.10.19-150400.4.94.1 * python310-dbm-3.10.19-150400.4.94.1 * python310-tools-3.10.19-150400.4.94.1 * libpython3_10-1_0-3.10.19-150400.4.94.1 * python310-debuginfo-3.10.19-150400.4.94.1 * openSUSE Leap 15.6 (x86_64) *python310-32bit-3.10.19-150400.4.94.1 * python310-base-32bit-debuginfo-3.10.19-150400.4.94.1 * python310-base-32bit-3.10.19-150400.4.94.1 * libpython3_10-1_0-32bit-3.10.19-150400.4.94.1 * python310-32bit-debuginfo-3.10.19-150400.4.94.1 * libpython3_10-1_0-32bit-debuginfo-3.10.19-150400.4.94.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12084.html * https://www.suse.com/security/cve/CVE-2025-13836.html * https://www.suse.com/security/cve/CVE-2025-13837.html * https://bugzilla.suse.com/show_bug.cgi?id=1254400 * https://bugzilla.suse.com/show_bug.cgi?id=1254401 * https://bugzilla.suse.com/show_bug.cgi?id=1254997 . This update addresses three moderate issues in python310, including DoS risks and memory consumption.. python310 update, SUSE security, openSUSE vulnerabilities. . LinuxSecurity.com Team

Calendar%202 Jan 15, 2026 SuSE
Banner 1 1028x280 1708121660 1771599717
202
Ls Advisories Opensuse Esm H240
Price Tag%201security advisorymoderateDoS

openSUSE: python39 Moderate Update for Availability DoS Issues 2025:4522-1

An update that solves three vulnerabilities can now be installed.. # Security update for python39 Announcement ID: SUSE-SU-2025:4522-1 Release Date: 2025-12-26T10:35:06Z Rating: moderate References: * bsc#1254400 * bsc#1254401 * bsc#1254997 Cross-References: * CVE-2025-12084 * CVE-2025-13836 * CVE-2025-13837 CVSS scores: * CVE-2025-12084 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-12084 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13836 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13836 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13837 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13837 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13837 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.6 An update that solvesthree vulnerabilities can now be installed. ## Description: This update for python39 fixes the following issues: * CVE-2025-12084: quadratic complexity when building nested elements using `xml.dom.minidom` methods that depend on `_clear_id_cache()` can lead to availability issues when building excessively nested documents (bsc#1254997). * CVE-2025-13836: use of `Content-Length` by default when reading an HTTP response with no read amount specified can lead to OOM issues and DoS when a client deals with a malicious server (bsc#1254400). * CVE-2025-13837: data read by the plistlib module according to the size specified by the file itself can lead to OOM issues and DoS (bsc#1254401). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-4522=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-4522=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * python39-devel-3.9.25-150300.4.90.1 * python39-debuginfo-3.9.25-150300.4.90.1 * libpython3_9-1_0-3.9.25-150300.4.90.1 * python39-tools-3.9.25-150300.4.90.1 * python39-doc-devhelp-3.9.25-150300.4.90.1 * python39-dbm-debuginfo-3.9.25-150300.4.90.1 * python39-base-3.9.25-150300.4.90.1 * python39-curses-debuginfo-3.9.25-150300.4.90.1 * python39-idle-3.9.25-150300.4.90.1 * python39-debugsource-3.9.25-150300.4.90.1 * libpython3_9-1_0-debuginfo-3.9.25-150300.4.90.1 * python39-doc-3.9.25-150300.4.90.1 * python39-tk-3.9.25-150300.4.90.1 * python39-core-debugsource-3.9.25-150300.4.90.1 * python39-testsuite-debuginfo-3.9.25-150300.4.90.1 * python39-base-debuginfo-3.9.25-150300.4.90.1 * python39-3.9.25-150300.4.90.1 * python39-curses-3.9.25-150300.4.90.1 * python39-tk-debuginfo-3.9.25-150300.4.90.1 *python39-testsuite-3.9.25-150300.4.90.1 * python39-dbm-3.9.25-150300.4.90.1 * openSUSE Leap 15.3 (x86_64) * libpython3_9-1_0-32bit-3.9.25-150300.4.90.1 * libpython3_9-1_0-32bit-debuginfo-3.9.25-150300.4.90.1 * python39-base-32bit-3.9.25-150300.4.90.1 * python39-32bit-debuginfo-3.9.25-150300.4.90.1 * python39-base-32bit-debuginfo-3.9.25-150300.4.90.1 * python39-32bit-3.9.25-150300.4.90.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libpython3_9-1_0-64bit-debuginfo-3.9.25-150300.4.90.1 * libpython3_9-1_0-64bit-3.9.25-150300.4.90.1 * python39-base-64bit-3.9.25-150300.4.90.1 * python39-64bit-debuginfo-3.9.25-150300.4.90.1 * python39-base-64bit-debuginfo-3.9.25-150300.4.90.1 * python39-64bit-3.9.25-150300.4.90.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python39-devel-3.9.25-150300.4.90.1 * python39-debuginfo-3.9.25-150300.4.90.1 * libpython3_9-1_0-3.9.25-150300.4.90.1 * python39-tools-3.9.25-150300.4.90.1 * python39-doc-devhelp-3.9.25-150300.4.90.1 * python39-dbm-debuginfo-3.9.25-150300.4.90.1 * python39-base-3.9.25-150300.4.90.1 * python39-curses-debuginfo-3.9.25-150300.4.90.1 * python39-idle-3.9.25-150300.4.90.1 * python39-debugsource-3.9.25-150300.4.90.1 * libpython3_9-1_0-debuginfo-3.9.25-150300.4.90.1 * python39-doc-3.9.25-150300.4.90.1 * python39-tk-3.9.25-150300.4.90.1 * python39-core-debugsource-3.9.25-150300.4.90.1 * python39-testsuite-debuginfo-3.9.25-150300.4.90.1 * python39-base-debuginfo-3.9.25-150300.4.90.1 * python39-3.9.25-150300.4.90.1 * python39-curses-3.9.25-150300.4.90.1 * python39-tk-debuginfo-3.9.25-150300.4.90.1 * python39-testsuite-3.9.25-150300.4.90.1 * python39-dbm-3.9.25-150300.4.90.1 * openSUSE Leap 15.6 (x86_64) * libpython3_9-1_0-32bit-3.9.25-150300.4.90.1 * libpython3_9-1_0-32bit-debuginfo-3.9.25-150300.4.90.1 * python39-base-32bit-3.9.25-150300.4.90.1 * python39-32bit-debuginfo-3.9.25-150300.4.90.1 *python39-base-32bit-debuginfo-3.9.25-150300.4.90.1 * python39-32bit-3.9.25-150300.4.90.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12084.html * https://www.suse.com/security/cve/CVE-2025-13836.html * https://www.suse.com/security/cve/CVE-2025-13837.html * https://bugzilla.suse.com/show_bug.cgi?id=1254400 * https://bugzilla.suse.com/show_bug.cgi?id=1254401 * https://bugzilla.suse.com/show_bug.cgi?id=1254997 . This update for python39 addresses three vulnerabilities leading to potential availability and DoS issues.. security advisory, openSUSE, python39 vulnerabilities, moderate update, SUSE patch. . LinuxSecurity.com Team

Calendar%202 Dec 26, 2025 OpenSUSE
100
Ls Advisories Suse Esm H240
Price Tag%201security advisorymoderateDoS

openSUSE Leap: python39 Moderate DoS Issues SUSE-SU-2025:4522-1

An update that solves three vulnerabilities can now be installed.. # Security update for python39 Announcement ID: SUSE-SU-2025:4522-1 Release Date: 2025-12-26T10:35:06Z Rating: moderate References: * bsc#1254400 * bsc#1254401 * bsc#1254997 Cross-References: * CVE-2025-12084 * CVE-2025-13836 * CVE-2025-13837 CVSS scores: * CVE-2025-12084 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-12084 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13836 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13836 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13837 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13837 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13837 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.6 An update that solvesthree vulnerabilities can now be installed. ## Description: This update for python39 fixes the following issues: * CVE-2025-12084: quadratic complexity when building nested elements using `xml.dom.minidom` methods that depend on `_clear_id_cache()` can lead to availability issues when building excessively nested documents (bsc#1254997). * CVE-2025-13836: use of `Content-Length` by default when reading an HTTP response with no read amount specified can lead to OOM issues and DoS when a client deals with a malicious server (bsc#1254400). * CVE-2025-13837: data read by the plistlib module according to the size specified by the file itself can lead to OOM issues and DoS (bsc#1254401). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-4522=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-4522=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * python39-devel-3.9.25-150300.4.90.1 * python39-debuginfo-3.9.25-150300.4.90.1 * libpython3_9-1_0-3.9.25-150300.4.90.1 * python39-tools-3.9.25-150300.4.90.1 * python39-doc-devhelp-3.9.25-150300.4.90.1 * python39-dbm-debuginfo-3.9.25-150300.4.90.1 * python39-base-3.9.25-150300.4.90.1 * python39-curses-debuginfo-3.9.25-150300.4.90.1 * python39-idle-3.9.25-150300.4.90.1 * python39-debugsource-3.9.25-150300.4.90.1 * libpython3_9-1_0-debuginfo-3.9.25-150300.4.90.1 * python39-doc-3.9.25-150300.4.90.1 * python39-tk-3.9.25-150300.4.90.1 * python39-core-debugsource-3.9.25-150300.4.90.1 * python39-testsuite-debuginfo-3.9.25-150300.4.90.1 * python39-base-debuginfo-3.9.25-150300.4.90.1 * python39-3.9.25-150300.4.90.1 * python39-curses-3.9.25-150300.4.90.1 * python39-tk-debuginfo-3.9.25-150300.4.90.1 *python39-testsuite-3.9.25-150300.4.90.1 * python39-dbm-3.9.25-150300.4.90.1 * openSUSE Leap 15.3 (x86_64) * libpython3_9-1_0-32bit-3.9.25-150300.4.90.1 * libpython3_9-1_0-32bit-debuginfo-3.9.25-150300.4.90.1 * python39-base-32bit-3.9.25-150300.4.90.1 * python39-32bit-debuginfo-3.9.25-150300.4.90.1 * python39-base-32bit-debuginfo-3.9.25-150300.4.90.1 * python39-32bit-3.9.25-150300.4.90.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libpython3_9-1_0-64bit-debuginfo-3.9.25-150300.4.90.1 * libpython3_9-1_0-64bit-3.9.25-150300.4.90.1 * python39-base-64bit-3.9.25-150300.4.90.1 * python39-64bit-debuginfo-3.9.25-150300.4.90.1 * python39-base-64bit-debuginfo-3.9.25-150300.4.90.1 * python39-64bit-3.9.25-150300.4.90.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python39-devel-3.9.25-150300.4.90.1 * python39-debuginfo-3.9.25-150300.4.90.1 * libpython3_9-1_0-3.9.25-150300.4.90.1 * python39-tools-3.9.25-150300.4.90.1 * python39-doc-devhelp-3.9.25-150300.4.90.1 * python39-dbm-debuginfo-3.9.25-150300.4.90.1 * python39-base-3.9.25-150300.4.90.1 * python39-curses-debuginfo-3.9.25-150300.4.90.1 * python39-idle-3.9.25-150300.4.90.1 * python39-debugsource-3.9.25-150300.4.90.1 * libpython3_9-1_0-debuginfo-3.9.25-150300.4.90.1 * python39-doc-3.9.25-150300.4.90.1 * python39-tk-3.9.25-150300.4.90.1 * python39-core-debugsource-3.9.25-150300.4.90.1 * python39-testsuite-debuginfo-3.9.25-150300.4.90.1 * python39-base-debuginfo-3.9.25-150300.4.90.1 * python39-3.9.25-150300.4.90.1 * python39-curses-3.9.25-150300.4.90.1 * python39-tk-debuginfo-3.9.25-150300.4.90.1 * python39-testsuite-3.9.25-150300.4.90.1 * python39-dbm-3.9.25-150300.4.90.1 * openSUSE Leap 15.6 (x86_64) * libpython3_9-1_0-32bit-3.9.25-150300.4.90.1 * libpython3_9-1_0-32bit-debuginfo-3.9.25-150300.4.90.1 * python39-base-32bit-3.9.25-150300.4.90.1 * python39-32bit-debuginfo-3.9.25-150300.4.90.1 *python39-base-32bit-debuginfo-3.9.25-150300.4.90.1 * python39-32bit-3.9.25-150300.4.90.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12084.html * https://www.suse.com/security/cve/CVE-2025-13836.html * https://www.suse.com/security/cve/CVE-2025-13837.html * https://bugzilla.suse.com/show_bug.cgi?id=1254400 * https://bugzilla.suse.com/show_bug.cgi?id=1254401 * https://bugzilla.suse.com/show_bug.cgi?id=1254997 . SUSE update 2025:4522-1 addresses moderate security issues in python39, ensuring system stability and reliability.. python39 security patch,suse advisory,openSUSE update,software vulnerabilities,moderate severity. . LinuxSecurity.com Team

Calendar%202 Dec 26, 2025 SuSE
Banner 1 1028x280 1708121660 1771599717
197
Ls Advisories Deblts Esm H240
Price Tag%201security advisoryXSSdebian

Debian 11: ruby-sidekiq DLA-4407-1 CVE-2021-30151 XSS Risk

ruby-sidekiq, a simple, efficient background processing for Ruby, had a couple of vulnerabilities as follows: CVE-2021-30151 Sidekiq allows XSS via the queue name of the live-poll feature when Internet Explorer is used.. Debian LTS Advisory DLA-4407-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Utkarsh Gupta December 15, 2025 https://wiki.debian.org/LTS Package : ruby-sidekiq Version : 6.0.4+dfsg-2+deb11u1 CVE ID : CVE-2021-30151 CVE-2022-23837 Debian Bug : z987354 1004193 ruby-sidekiq, a simple, efficient background processing for Ruby, had a couple of vulnerabilities as follows: CVE-2021-30151 Sidekiq allows XSS via the queue name of the live-poll feature when Internet Explorer is used. CVE-2022-23837 In api.rb in Sidekiq, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users. For Debian 11 bullseye, these problems have been fixed in version 6.0.4+dfsg-2+deb11u1. We recommend that you upgrade your ruby-sidekiq packages. For the detailed security status of ruby-sidekiq please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/ruby-sidekiq Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ensure ruby-sidekiq is updated to address XSS and system overload issues revealed in current advisories.. Debian LTS, ruby-sidekiq, security update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 15, 2025 Important Debian LTS
172
Ls Advisories Ubuntu Esm H240
Price Tag%201security advisorybuffer overflowremote code execution

Ubuntu 23.10: USN-6638-1 Moderate: EDK II Buffer Overflow Issues

Several security issues were fixed in EDK II.. ========================================================================== Ubuntu Security Notice USN-6638-1 February 15, 2024 edk2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in EDK II. Software Description: - edk2: UEFI firmware for virtual machines Details: Marc Beatove discovered buffer overflows exit in EDK2. An attacker on the local network could potentially use this to impact availability or possibly cause remote code execution. (CVE-2022-36763, CVE-2022-36764, CVE-2022-36765) It was discovered that a buffer overflows exists in EDK2's Network Package An attacker on the local network could potentially use these to impact availability or possibly cause remote code execution. (CVE-2023-45230, CVE-2023-45234, CVE-2023-45235) It was discovered that an out-of-bounds read exists in EDK2's Network Package An attacker on the local network could potentially use this to impact confidentiality. (CVE-2023-45231) It was discovered that infinite-loops exists in EDK2's Network Package An attacker on the local network could potentially use these to impact availability. (CVE-2023-45232, CVE-2023-45233) Mate Kukri discovered that an insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. An attacker could use this to bypass Secure Boot. (CVE-2023-48733) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: efi-shell-aa64 2023.05-2ubuntu0.1 efi-shell-arm 2023.05-2ubuntu0.1 efi-shell-x64 2023.05-2ubuntu0.1 ovmf 2023.05-2ubuntu0.1 qemu-efi-aarch64 2023.05-2ubuntu0.1 qemu-efi-arm 2023.05-2ubuntu0.1 Ubuntu 22.04 LTS: ovmf 2022.02-3ubuntu0.22.04.2 qemu-efi 2022.02-3ubuntu0.22.04.2 qemu-efi-aarch64 2022.02-3ubuntu0.22.04.2 qemu-efi-arm 2022.02-3ubuntu0.22.04.2 Ubuntu 20.04 LTS: ovmf 0~20191122.bd85bf54-2ubuntu3.5 qemu-efi 0~20191122.bd85bf54-2ubuntu3.5 qemu-efi-aarch64 0~20191122.bd85bf54-2ubuntu3.5 qemu-efi-arm 0~20191122.bd85bf54-2ubuntu3.5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6638-1 CVE-2022-36763, CVE-2022-36764, CVE-2022-36765, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-48733,https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 Package Information: https://launchpad.net/ubuntu/+source/edk2/0~20191122.bd85bf54-2ubuntu3.5 . A range of vulnerabilities concerning Ubuntu's EDK II firmware has been addressed, leading to enhanced overall system protection.. EDK II Issues, Ubuntu Security Fixes, UEFI Firmware Updates. . LinuxSecurity.com Team

Calendar%202 Feb 15, 2024 Ubuntu
Banner 1 1028x280 1708121660 1771599717
203
Ls Advisories Mageia Esm H240
Price Tag%201security advisorycriticalsoftware update

Mageia 8: MGASA-2023-0004 Critical: FFmpeg Null Pointer Dereference

An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. (CVE-2022-3109) References: . MGASA-2023-0004 - Updated ffmpeg packages fix security vulnerability Publication date: 13 Jan 2023 URL: https://advisories.mageia.org/MGASA-2023-0004.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-3109 An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. (CVE-2022-3109) References: - https://bugs.mageia.org/show_bug.cgi?id=31361 - https://lists.suse.com/pipermail/sle-security-updates/2023-January/013408.html - - https://www.cve.org/CVERecord?id=CVE-2022-3109 SRPMS: - 8/tainted/ffmpeg-4.3.5-1.1.mga8.tainted - 8/core/ffmpeg-4.3.5-1.1.mga8 . Mageia 2023-0005 resolves a significant vulnerability in libarchive linked to buffer overflow issues. Patch immediately.. ffmpeg Security,Mageia Updates,null pointer issue. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jan 13, 2023 Critical Mageia
203
Ls Advisories Mageia Esm H240
Price Tag%201security advisorycriticalsamba

Mageia: 2021-0287 Critical Samba and LDB Flaws Affecting Availability

A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability (CVE-2020-27840). . MGASA-2021-0287 - Updated samba and ldb packages fix security vulnerabilities Publication date: 25 Jun 2021 URL: https://advisories.mageia.org/MGASA-2021-0287.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2020-27840, CVE-2021-20254, CVE-2021-20277 A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability (CVE-2020-27840). A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity (CVE-2021-20254). A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability (CVE-2021-20277). Also, the samba package for Mageia 7 fixes a scriplet issue when updating. Additionally, the sssd package has been rebuilt for the updated ldb package. References: - https://bugs.mageia.org/show_bug.cgi?id=28686 - https://bugs.mageia.org/show_bug.cgi?id=28042 - - - -https://www.cve.org/CVERecord?id=CVE-2020-27840 - https://www.cve.org/CVERecord?id=CVE-2021-20254 - https://www.cve.org/CVERecord?id=CVE-2021-20277 SRPMS: - 8/core/ldb-2.1.5-1.mga8 - 8/core/samba-4.12.15-1.mga8 - 8/core/sssd-2.4.0-1.1.mga8 - 7/core/ldb-1.5.8-1.1.mga7 - 7/core/samba-4.10.18-1.3.mga7 - 7/core/sssd-1.16.3-3.3.mga7 . Mageia 2021-0287 resolves significant vulnerabilities in samba and ldb that could compromise system stability and data security.. Samba Security, LDB Security, Mageia Updates, System Availability, Data Integrity. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 25, 2021 Critical Mageia
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":555,"type":"x","order":1,"pct":78.72,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.26,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.82,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.2,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here