Explore top 10 tips to secure your open-source projects now. Read More
×
Several issues were found in the GRUB2 bootloader, which could result in crashes and potentially execution of arbitrary code. These could lead to bypass of UEFI Secure Boot on affected systems. For Debian 11 bullseye, these problems have been fixed in version 2.06-3~deb11u7.. Debian LTS Advisory DLA-4685-1
An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for python-pydata-sphinx-theme ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21231-1 Rating: important References: * bsc#1269597 Cross-References: * CVE-2026-13676 CVSS scores: * CVE-2026-13676 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N * CVE-2026-13676 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for python-pydata-sphinx-theme fixes the following issues: Changes in python-pydata-sphinx-theme: - CVE-2026-13676: fast-uri: failure to canonicalize Unicode/IDN hostnames for HTTP-family URLs allows for bypass (bsc#1269597) * revendor the vendored tarball with updated versions Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-388=1 Package List: - openSUSE Leap 16.0: python313-pydata-sphinx-theme-0.16.1-bp160.3.1 References: * https://www.suse.com/security/cve/CVE-2026-13676.html . Critical update for openSUSE users addressing a significant issue in python-pydata-sphinx-theme with a security vulnerability.. openSUSE security patch, python package updates, CVE-2026-13676 fix. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for keylime ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21025-1 Rating: moderate References: * bsc#1264265 Cross-References: * CVE-2026-6420 CVSS scores: * CVE-2026-6420 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L * CVE-2026-6420 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for keylime fixes the following issue - CVE-2026-6420: use of hardcoded challenge nonce for TPM quote attestation allows for security bypass (bsc#1264265). Changes for keylime: - Update to version 7.14.2. Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1037=1 Package List: - openSUSE Leap 16.0: keylime-config-7.14.2-160000.1.1 keylime-firewalld-7.14.2-160000.1.1 keylime-logrotate-7.14.2-160000.1.1 keylime-registrar-7.14.2-160000.1.1 keylime-tenant-7.14.2-160000.1.1 keylime-tpm_cert_store-7.14.2-160000.1.1 keylime-verifier-7.14.2-160000.1.1 python313-keylime-7.14.2-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2026-6420.html . Get essential updates for openSUSE keylime including a fix for a vulnerability and a bug. Stay secure with this essential patch.. openSUSE keylime update,bypass security fix,moderate vulnerability,TPM security fix. . Severity: moderate. LinuxSecurity.com Team
Multiple security issues were discovered in LXD, a system container and virtual machine manager, which could result in a bypass of security restrictions or the execution of arbitrary commands. For the stable distribution (trixie), these problems have been fixed in version 5.0.2+git20231211.1364ae4-9+deb13u7.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6373-1
Multiple security issues were discovered in Incus, a system container and virtual machine manager, which could result in a bypass of security restrictions or the execution of arbitrary commands. For the stable distribution (trixie), these problems have been fixed in version 6.0.4-2+deb13u8.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6370-1
Moderate: keylime security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:28582", "synopsis": "Moderate: keylime security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for keylime.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution.\n\nSecurity Fix(es):\n\n* keylime: Keylime: Security bypass due to hardcoded TPM quote nonce (CVE-2026-6420)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2458889", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2458889", "description": ""}], "cves": [{"name": "CVE-2026-6420", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6420", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "cvss3BaseScore": "6.3", "cwe": "CWE-1241"}], "references": [], "publishedAt": "2026-06-25T12:05:27.708216Z", "rpms": {"Rocky Linux 10": {"nvras": ["keylime-base-0:7.14.1-5.el10_2.1.s390x.rpm", "python3-keylime-0:7.14.1-5.el10_2.1.ppc64le.rpm", "keylime-tools-0:7.14.1-5.el10_2.1.x86_64.rpm", "keylime-base-0:7.14.1-5.el10_2.1.aarch64.rpm", "keylime-0:7.14.1-5.el10_2.1.x86_64.rpm", "keylime-0:7.14.1-5.el10_2.1.ppc64le.rpm", "keylime-verifier-0:7.14.1-5.el10_2.1.aarch64.rpm", "keylime-registrar-0:7.14.1-5.el10_2.1.ppc64le.rpm", "keylime-0:7.14.1-5.el10_2.1.src.rpm", "python3-keylime-0:7.14.1-5.el10_2.1.s390x.rpm", "keylime-tools-0:7.14.1-5.el10_2.1.aarch64.rpm", "keylime-tools-0:7.14.1-5.el10_2.1.ppc64le.rpm", "keylime-base-0:7.14.1-5.el10_2.1.x86_64.rpm","keylime-registrar-0:7.14.1-5.el10_2.1.aarch64.rpm", "keylime-verifier-0:7.14.1-5.el10_2.1.x86_64.rpm", "keylime-0:7.14.1-5.el10_2.1.s390x.rpm", "python3-keylime-0:7.14.1-5.el10_2.1.x86_64.rpm", "keylime-tools-0:7.14.1-5.el10_2.1.s390x.rpm", "keylime-verifier-0:7.14.1-5.el10_2.1.s390x.rpm", "keylime-0:7.14.1-5.el10_2.1.aarch64.rpm", "keylime-registrar-0:7.14.1-5.el10_2.1.x86_64.rpm", "keylime-tenant-0:7.14.1-5.el10_2.1.aarch64.rpm", "keylime-base-0:7.14.1-5.el10_2.1.ppc64le.rpm", "keylime-registrar-0:7.14.1-5.el10_2.1.s390x.rpm", "keylime-tenant-0:7.14.1-5.el10_2.1.ppc64le.rpm", "keylime-tenant-0:7.14.1-5.el10_2.1.x86_64.rpm", "keylime-selinux-0:7.14.1-5.el10_2.1.noarch.rpm", "keylime-tenant-0:7.14.1-5.el10_2.1.s390x.rpm", "python3-keylime-0:7.14.1-5.el10_2.1.aarch64.rpm", "keylime-verifier-0:7.14.1-5.el10_2.1.ppc64le.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Keylime security update for Rocky Linux addresses a moderate security bypass issue. Update recommended for all users.. Rocky Linux Keylime Update Security Bypass CVE-2026-6420. . Severity: moderate. LinuxSecurity.com Team
An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for mbedtls-2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0213-1 Rating: important References: #1240051 #1240052 Cross-References: CVE-2025-27809 CVE-2025-27810 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for mbedtls-2 fixes the following issues: - Update to version 2.28.10 (2.28 LTS line), fixing: * CVE-2025-27809: the TLS client accepted certificates valid for arbitrary hostnames unless the application called mbedtls_ssl_set_hostname() (boo#1240051) * CVE-2025-27810: use of uninitialized stack memory when composing the TLS Finished message could lead to an authentication bypass such as a replay (boo#1240052) - Sync packaging with Factory: enable MBEDTLS_SSL_DTLS_SRTP and MBEDTLS_SSL_PROTO_DTLS and ship the everest headers and pkg-config files in the -devel subpackage Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-213=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): libmbedcrypto7-2.28.10-bp157.2.3.1 libmbedtls14-2.28.10-bp157.2.3.1 libmbedx509-1-2.28.10-bp157.2.3.1 mbedtls-2-devel-2.28.10-bp157.2.3.1 - openSUSE Backports SLE-15-SP7 (aarch64_ilp32): libmbedcrypto7-64bit-2.28.10-bp157.2.3.1 libmbedtls14-64bit-2.28.10-bp157.2.3.1 libmbedx509-1-64bit-2.28.10-bp157.2.3.1 - openSUSE Backports SLE-15-SP7 (x86_64): libmbedcrypto7-32bit-2.28.10-bp157.2.3.1 libmbedtls14-32bit-2.28.10-bp157.2.3.1 libmbedx509-1-32bit-2.28.10-bp157.2.3.1 References: https://www.suse.com/security/cve/CVE-2025-27809.html https://www.suse.com/security/cve/CVE-2025-27810.html https://bugzilla.suse.com/1240051 https://bugzilla.suse.com/1240052 . Update for mbedtls-2 fixes important issues regarding authentication bypass and stack memory concerns.. openSUSE update, mbedtls-2 security, security patch, authentication issues. . Severity: Important. LinuxSecurity.com Team
Security update. Publication date: 07 Jun 2026 URL: https://advisories.mageia.org/MGASA-2026-0178.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-34080 Description: A policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' (with a space before the equals sign) and similar cases. References: - https://bugs.mageia.org/show_bug.cgi?id=35347 - https://www.openwall.com/lists/oss-security/2026/04/10/15 - https://github.com/flatpak/xdg-dbus-proxy/security/advisories/GHSA-vjp5-hjfm-7677 - https://www.cve.org/CVERecord?id=CVE-2026-34080 SRPMS: - 9/core/xdg-dbus-proxy-0.1.7-1.mga9 . Mageia advisory MGASA-2026-0178 addresses an important xdg-dbus-proxy eavesdrop issue with critical fixes available.. Mageia Security Advisory, xdg-dbus-proxy Vulnerability, Mageia 9 Security Update. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.