Explore top 10 tips to secure your open-source projects now. Read More
×Security update. Publication date: 14 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0252.html Type: security Affected Mageia releases: 10 CVE: CVE-2026-48724, CVE-2026-48733, CVE-2026-48734, CVE-2026-49218, CVE-2026-49219, CVE-2026-48994, CVE-2026-53460, CVE-2026-53461, CVE-2026-53462, CVE-2026-53463, CVE-2026-53464, CVE-2026-53465, CVE-2026-53466, CVE-2026-53467, CVE-2026-55510, CVE-2026-55628, CVE-2026-55594, CVE-2026-55595, CVE-2026-55597, CVE-2026-25797, CVE-2026-55577 Description: The updated packages fix numerous security vulnerabilities: Code injection in HTML encoder due to incomplete fix of CVE-2026-25797. (CVE-2026-25797) Heap Buffer Underwrite in Floyd-Steinberg depth dithering. (CVE-2026-48724) Infinite Loop in subimage-search with crafted image. (CVE-2026-48733) Stack Overflow in MVG decoder. (CVE-2026-48734) Policy Bypass in DCM decoder could result in image with invalid dimensions. (CVE-2026-49218) Policy Bypass can read disallowed files. (CVE-2026-49219) Heap Buffer Over-Write in MAT decoder on 32-bit systems. (CVE-2026-48994) Policy Bypass can trigger out-of-Memory condition. (CVE-2026-53460) Heap Buffer Over-Write in ICON decoder due to incorrect loop. (CVE-2026-53461) Use-After-Free when allocation in CheckPrimitiveExtent fails. (CVE-2026-53462) Null Pointer Dereference in distort operation when passing incorrect arguments. (CVE-2026-53463) Memory Leak in wand option parser when providing invalid arguments. (CVE-2026-53464) Heap Buffer Over-Write in SF3 encoder when writing multi-frame image. (CVE-2026-53465) Heap Buffer Over-Read in XCF decoder due to integer conversion overflow. (CVE-2026-53466) Information Disclosure in MNG decoder because allocated memory is left unchanged. (CVE-2026-53467) Use-After-Free in crafted 8BIM when identifying an image. (CVE-2026-55510) Heap Buffer Overflow in ImageMagick MVG decoder. (CVE-2026-55577) Stack Overflow in MVG decoder due to missing depthcheck. (CVE-2026-55594) Infinite Loop in connected-components when providing invalid arguments. (CVE-2026-55595) Heap Buffer Over-Write in JP2 encoder when due to incorrect handling of arguments. (CVE-2026-55597) Policy Bypass in concatenate operation due to missing checks. (CVE-2026-55628) References: - https://bugs.mageia.org/show_bug.cgi?id=35866 - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2hhq-c99x-492r - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h36c-3666-h489 - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5v62-8fq6-cp9m - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm48-c7f2-v67p - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8pj9-6897-74xc - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xcjm-wqff-m669 - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-4v89-6mgq-6rgc - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q62c-h75r-2xhc - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g22q-f7gc-5jhr - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-px7q-ggqj-hcf2 - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p9rq-q46c-g4x6 - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j989-f892-2335 - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-44cp-c3ww-9rv5 - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pjxj-pchx-4c3m - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h5r4-w88w-7ccr - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h58x-r7f7-rh84 - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-m596-67p7-69wh - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r628-69v2-2f9c - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h7f2-f9cc-h2gv -https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jfq9-q63x-rc63 - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-99w9-hv66-rfv7 - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j8rh-v2r8-v94x - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7c7m-fpjw-gwcq - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6vxp-gfwf-hcr9 - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hwf3-r46v-5ggx - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8g53-9m3c-69xg - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvxh-prvr-85w2 - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6jwg-7q3p-5fqm - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-ff5c-8x9r-8qcw - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vghg-5jrg-2398 - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-82mp-vp5c-9pf7 - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v3j6-27vc-7pw2 - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh5g-q395-cx4j - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-c4v7-w88g-m6c4 - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hc76-7mpc-qjqh - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qhmf-7fc4-8q3h - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-56m6-8q75-f2rw - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wx47-rm3x-jx6p - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rvhp-75f6-9jqh - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mx48-2qq3-23hf - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-76q6-2p6h-xjqr - https://www.cve.org/CVERecord?id=CVE-2026-48724 - https://www.cve.org/CVERecord?id=CVE-2026-48733 - https://www.cve.org/CVERecord?id=CVE-2026-48734 -https://www.cve.org/CVERecord?id=CVE-2026-49218 - https://www.cve.org/CVERecord?id=CVE-2026-49219 - https://www.cve.org/CVERecord?id=CVE-2026-48994 - https://www.cve.org/CVERecord?id=CVE-2026-53460 - https://www.cve.org/CVERecord?id=CVE-2026-53461 - https://www.cve.org/CVERecord?id=CVE-2026-53462 - https://www.cve.org/CVERecord?id=CVE-2026-53463 - https://www.cve.org/CVERecord?id=CVE-2026-53464 - https://www.cve.org/CVERecord?id=CVE-2026-53465 - https://www.cve.org/CVERecord?id=CVE-2026-53466 - https://www.cve.org/CVERecord?id=CVE-2026-53467 - https://www.cve.org/CVERecord?id=CVE-2026-55510 - https://www.cve.org/CVERecord?id=CVE-2026-55628 - https://www.cve.org/CVERecord?id=CVE-2026-55594 - https://www.cve.org/CVERecord?id=CVE-2026-55595 - https://www.cve.org/CVERecord?id=CVE-2026-55597 - https://www.cve.org/CVERecord?id=CVE-2026-25797 - https://www.cve.org/CVERecord?id=CVE-2026-55577 SRPMS: - 10/core/imagemagick-7.1.2.27-1.mga10 - 10/tainted/imagemagick-7.1.2.27-1.mga10.tainted . This Mageia advisory details critical updates for ImageMagick, addressing multiple security flaws impacting system integrity and stability.. imagemagick updates, mageia security, vulnerability management. . Severity: Critical. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-38511 http://linux.oracle.com/errata/ELSA-2026-38511.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: vim-X11-8.2.2637-26.0.1.el9_8.10.x86_64.rpm vim-common-8.2.2637-26.0.1.el9_8.10.x86_64.rpm vim-enhanced-8.2.2637-26.0.1.el9_8.10.x86_64.rpm vim-filesystem-8.2.2637-26.0.1.el9_8.10.noarch.rpm vim-minimal-8.2.2637-26.0.1.el9_8.10.x86_64.rpm aarch64: vim-X11-8.2.2637-26.0.1.el9_8.10.aarch64.rpm vim-common-8.2.2637-26.0.1.el9_8.10.aarch64.rpm vim-enhanced-8.2.2637-26.0.1.el9_8.10.aarch64.rpm vim-filesystem-8.2.2637-26.0.1.el9_8.10.noarch.rpm vim-minimal-8.2.2637-26.0.1.el9_8.10.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/vim-8.2.2637-26.0.1.el9_8.10.src.rpm Related CVEs: CVE-2026-46483 CVE-2026-47162 CVE-2026-47167 CVE-2026-52858 Description of changes: [8.2.2637-26.0.1.el9_8.10] - Remove upstream references [Orabug: 31197557] [2:8.2.2637-26.10] - RHEL-186659 CVE-2026-47162 vim: code injection via NetrwBookHistSave() [2:8.2.2637-26.9] - RHEL-186646 CVE-2026-52858 vim: possible code execution with python3complete [2:8.2.2637-26.8] - RHEL-185874 CVE-2026-47167 vim: Code Injection in cucumber filetype plugin [2:8.2.2637-26.7] - RHEL-178243 CVE-2026-46483 vim: command injection in tar plugin [2:8.2.2637-26.6] - CVE-2026-41411 vim: Command injection via backticks in tag files [2:8.2.2637-26.5] - RHEL-170136 CVE-2026-35177 vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass [2:8.2.2637-26.4] - Resolves: RHEL-164966 vim: arbitrary command execution via modeline sandbox bypass [2:8.2.2637-26.3] - Related: RHEL-159630 rebuild to build with exception target [2:8.2.2637-26.2] - remove -O0 from flags _______________________________________________ El-errata mailing list
An update that solves one vulnerability can now be installed.. # Security update for dracut Announcement ID: SUSE-SU-2026:22273-1 Release Date: 2026-06-24T21:38:59Z Rating: important References: * bsc#1268322 Cross-References: * CVE-2026-6893 CVSS scores: * CVE-2026-6893 ( SUSE ): 8.7 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-6893 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for dracut fixes the following issue * CVE-2026-6893: Root code execution via DHCP options command injection (bsc#1268322). Changes for dracut: * Update to version 059+suse.722.gdd9d67ff5: * fix(network-legacy): sanitize DHCP values in dhclient-script.sh (bsc#1268322, CVE-2026-6893) * fix(network-legacy): add input validation to RFC 3442 route parser ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-1067=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * dracut-debuginfo-059+suse.722.gdd9d67ff5-160000.1.1 * dracut-fips-059+suse.722.gdd9d67ff5-160000.1.1 * dracut-059+suse.722.gdd9d67ff5-160000.1.1 * dracut-debugsource-059+suse.722.gdd9d67ff5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-6893.html * https://bugzilla.suse.com/show_bug.cgi?id=1268322 . A crucial update for dracut addresses an important security flaw involving code execution via DHCP options command injection.. SUSE Dracut Security Update, Important Patch for Dracut, Linux Micro Security Fix. . Severity: Important. LinuxSecurity.com Team
Update to 2.14.2; fixes GHSA-4xgf-cpjx-pc3j.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ade10efd88 2026-06-29 01:10:47.357904+00:00 -------------------------------------------------------------------------------- Name : python-pydantic-settings Product : Fedora 43 Version : 2.14.2 Release : 1.fc43 URL : https://github.com/pydantic/pydantic-settings Summary : Settings management using pydantic Description : Settings management using pydantic. -------------------------------------------------------------------------------- Update Information: Update to 2.14.2; fixes GHSA-4xgf-cpjx-pc3j. -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 19 2026 Benjamin A. Beasley - 2.14.2-1 - Update to 2.14.2; close RHBZ#2490754; fixes GHSA-4xgf-cpjx-pc3j * Thu Jun 4 2026 Python Maint - 2.14.1-2 - Rebuilt for Python 3.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2490754 - python-pydantic-settings-2.14.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2490754 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ade10efd88' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-26297 http://linux.oracle.com/errata/ELSA-2026-26297.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: hplip-3.21.2-6.el9_8.4.x86_64.rpm hplip-common-3.21.2-6.el9_8.4.i686.rpm hplip-common-3.21.2-6.el9_8.4.x86_64.rpm hplip-libs-3.21.2-6.el9_8.4.i686.rpm hplip-libs-3.21.2-6.el9_8.4.x86_64.rpm libsane-hpaio-3.21.2-6.el9_8.4.i686.rpm libsane-hpaio-3.21.2-6.el9_8.4.x86_64.rpm aarch64: hplip-3.21.2-6.el9_8.4.aarch64.rpm hplip-common-3.21.2-6.el9_8.4.aarch64.rpm hplip-libs-3.21.2-6.el9_8.4.aarch64.rpm libsane-hpaio-3.21.2-6.el9_8.4.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/hplip-3.21.2-6.el9_8.4.src.rpm Related CVEs: CVE-2026-8631 CVE-2026-8632 Description of changes: [3.21.2-6.4] - Fix more leaks in hpcups [3.21.2-6.3] - OSH fixes after CVE-2026-8631 [3.21.2-6.2] - CVE-2026-8631 hplip: HPLIP: Arbitrary code execution and privilege escalation via integer overflow in hpcups [3.21.2-6.1] - CVE-2026-8632 hplip: Privilege escalation and arbitrary code execution via OS command injection in Is_Process_Running() _______________________________________________ El-errata mailing list
Multiple security vulnerabilities were discovered in Twig, a template engine for PHP, which could result in PHP code injection, sandbox bypass or cross-site scripting. For the oldstable distribution (bookworm), these problems have been fixed in version 3.5.1-1+deb12u3.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6320-1
Multiple security vulnerabilities were discovered in Twig, a template engine for PHP, which could result in PHP code injection, sandbox bypass or cross-site scripting. For the stable distribution (trixie), these problems have been fixed in version 3.27.0-0+deb13u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6311-1
It was discovered that there was a potential SQL vulnerability in python-geopandas, a tool for working with geographic/geospatial data in the Pandas data analysis suite. For Debian 11 bullseye, this problem has been fixed in version 0.8.2-1+deb11u1.. Debian LTS Advisory DLA-4523-1
Get the latest Linux and open source security news straight to your inbox.