Explore top 10 tips to secure your open-source projects now. Read More
×
Update bundled golang.org/x/crypto to 0.53.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-7794729685 2026-07-02 01:05:29.983902+00:00 -------------------------------------------------------------------------------- Name : opkssh Product : Fedora 44 Version : 0.14.0 Release : 3.fc44 URL : https://github.com/openpubkey/opkssh Summary : OpenPubkey SSH Description : OpenPubkey SSH is a tool which enables ssh to be used with OpenID Connect allowing SSH access to be managed via identities like
GD.pm could be made to run programs or overwrite files if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-8484-1 June 30, 2026 libgd-perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: GD.pm could be made to run programs or overwrite files if it opened a specially crafted file. Software Description: - libgd-perl: Perl module wrapper for libgd Details: It was discovered that GD.pm incorrectly handled filename arguments. An attacker could possibly use this issue to execute arbitrary commands or overwrite files. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libgd-perl 2.84-2ubuntu0.1 Ubuntu 25.10 libgd-perl 2.78-1ubuntu0.25.10.1 Ubuntu 24.04 LTS libgd-perl 2.78-1ubuntu0.24.04.1 Ubuntu 22.04 LTS libgd-perl 2.76-2ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8484-1 CVE-2026-11526 Package Information: https://launchpad.net/ubuntu/+source/libgd-perl/2.84-2ubuntu0.1 https://launchpad.net/ubuntu/+source/libgd-perl/2.78-1ubuntu0.25.10.1 https://launchpad.net/ubuntu/+source/libgd-perl/2.78-1ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/libgd-perl/2.76-2ubuntu0.1 . GD.pm contains a critical issue that could allow arbitrary command execution or file overwrite if misused. Update now.. libgd-perl, command execution, file overwrite, Ubuntu advisory. . Severity: Critical. LinuxSecurity.com Team
Update to release v29.6.0 Resolves: rhbz#2490590 Resolves CVE-2026-39828: rhbz#2489945 Resolves CVE-2026-39829: rhbz#2490099 Resolves CVE-2026-39830: rhbz#2490466. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-0feb6e4967 2026-06-28 01:07:37.246057+00:00 -------------------------------------------------------------------------------- Name : moby-engine Product : Fedora 43 Version : 29.6.0 Release : 1.fc43 URL : https://github.com/moby/moby Summary : The open-source application container engine Description : Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance and everything in between — and they do not require you to use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider. -------------------------------------------------------------------------------- Update Information: Update to release v29.6.0 Resolves: rhbz#2490590 Resolves CVE-2026-39828: rhbz#2489945 Resolves CVE-2026-39829: rhbz#2490099 Resolves CVE-2026-39830: rhbz#2490466 Upstream fixes and enhancements -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 19 2026 Bradley G Smith - 29.6.0-1 - Update to release v29.6.0 - Resolves: rhbz#2490590 - Resolves CVE-2026-39828: rhbz#2489945 - Resolves CVE-2026-39829: rhbz#2490099 - Resolves CVE-2026-39830: rhbz#2490466 - Upstream fixes and enhancements -------------------------------------------------------------------------------- References: [ 1 ] Bug #2489945 - CVE-2026-39828 moby-engine: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489945 [ 2 ] Bug #2490099 - CVE-2026-39829 moby-engine: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490099 [ 3 ] Bug #2490466 - CVE-2026-39830 moby-engine: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490466 [ 4 ] Bug #2490590 - moby-engine-29.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2490590 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-0feb6e4967' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update to moby-engine in Fedora 43 addresses critical security issues, improving container functionality and safety.. Fedora moby-engine security update critical. . Severity: Critical. LinuxSecurity.com Team
Update to release v0.35.0 Resolves: rhbz#2487819 Resolves CVE-2026-39828: rhbz#2489918, rhbz#2490102 Upstream enhancements, new features, and fixes. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-105f7df940 2026-06-27 01:10:00.374865+00:00 -------------------------------------------------------------------------------- Name : docker-buildx Product : Fedora 44 Version : 0.35.0 Release : 1.fc44 URL : https://github.com/docker/buildx Summary : Docker CLI plugin for extended build capabilities with BuildKit Description : Docker CLI plugin for extended build capabilities with BuildKit. -------------------------------------------------------------------------------- Update Information: Update to release v0.35.0 Resolves: rhbz#2487819 Resolves CVE-2026-39828: rhbz#2489918, rhbz#2490102 Upstream enhancements, new features, and fixes -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 18 2026 Bradley G Smith - 0.35.0-1 - Update to release v0.35.0 - Resolves: rhbz#2487819 - Resolves CVE-2026-39828: rhbz#2489918, rhbz#2490102 - Upstream enhancements, new features, and fixes * Tue May 19 2026 Bradley G Smith - 0.34.1-1 - Update to release v0.34.1 - Resolves: rhbz#2479976 - Upstream fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #2487819 - docker-buildx-0.35.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2487819 [ 2 ] Bug #2489918 - CVE-2026-39828 docker-buildx: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489918 [ 3 ] Bug #2490102 - CVE-2026-39829 docker-buildx: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490102 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-105f7df940' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Multiple security issues were discovered in Incus, a system container and virtual machine manager, which could result in a bypass of security restrictions or the execution of arbitrary commands. For the stable distribution (trixie), these problems have been fixed in version 6.0.4-2+deb13u8.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6370-1
Moderate: emacs security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:7083", "synopsis": "Moderate: emacs security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for emacs.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es):\n\n* emacs: command execution via shell metacharacters (CVE-2022-48337)\n\n* emacs: command injection vulnerability in htmlfontify.el (CVE-2022-48339)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2171987", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2171987", "description": ""}, {"ticket": "2171989", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2171989", "description": ""}], "cves": [{"name": "CVE-2022-48337", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48337", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.3", "cwe": "CWE-77"}, {"name": "CVE-2022-48339", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48339", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-77"}], "references": [], "publishedAt": "2026-06-25T12:00:44.845974Z", "rpms": {"RockyLinux 8": {"nvras": ["emacs-1:26.1-11.el8.aarch64.rpm", "emacs-1:26.1-11.el8.src.rpm", "emacs-1:26.1-11.el8.x86_64.rpm", "emacs-common-1:26.1-11.el8.aarch64.rpm", "emacs-common-1:26.1-11.el8.x86_64.rpm", "emacs-common-debuginfo-1:26.1-11.el8.aarch64.rpm", "emacs-debuginfo-1:26.1-11.el8.aarch64.rpm", "emacs-debugsource-1:26.1-11.el8.aarch64.rpm", "emacs-filesystem-1:26.1-11.el8.noarch.rpm", "emacs-lucid-1:26.1-11.el8.aarch64.rpm", "emacs-lucid-1:26.1-11.el8.x86_64.rpm", "emacs-lucid-debuginfo-1:26.1-11.el8.aarch64.rpm", "emacs-nox-1:26.1-11.el8.aarch64.rpm", "emacs-nox-1:26.1-11.el8.x86_64.rpm", "emacs-nox-debuginfo-1:26.1-11.el8.aarch64.rpm", "emacs-terminal-1:26.1-11.el8.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Explore the critical security updates for emacs on Rocky Linux affecting command execution and injection vulnerabilities.. Rocky Linux emacs update, command injection vulnerability, command execution fix. . Severity: moderate. LinuxSecurity.com Team
Config-IniFiles could be made to run commands or overwrite files if it received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-8445-1 June 17, 2026 libconfig-inifiles-perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Config-IniFiles could be made to run commands or overwrite files if it received specially crafted input. Software Description: - libconfig-inifiles-perl: Perl module for working with INI configuration files Details: It was discovered that Config-IniFiles incorrectly handled the -file argument in certain situations. An attacker could possibly use this issue to execute arbitrary commands or overwrite arbitrary files. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libconfig-inifiles-perl 3.000003-4ubuntu0.1 Ubuntu 25.10 libconfig-inifiles-perl 3.000003-3ubuntu0.1 Ubuntu 24.04 LTS libconfig-inifiles-perl 3.000003-2ubuntu0.1 Ubuntu 22.04 LTS libconfig-inifiles-perl 3.000003-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8445-1 CVE-2026-11527 Package Information: https://launchpad.net/ubuntu/+source/libconfig-inifiles-perl/3.000003-4ubuntu0.1 https://launchpad.net/ubuntu/+source/libconfig-inifiles-perl/3.000003-3ubuntu0.1 https://launchpad.net/ubuntu/+source/libconfig-inifiles-perl/3.000003-2ubuntu0.1 https://launchpad.net/ubuntu/+source/libconfig-inifiles-perl/3.000003-1ubuntu0.1 . Config-IniFiles exposed to command execution or file overwrite via crafted inputs. Urgent patch recommended for Ubuntu.. Ubuntu distro libconfig-inifiles-perl update advisory critical. . Severity: Critical.LinuxSecurity.com Team
Several security issues were fixed in FastNetMon.. ========================================================================== Ubuntu Security Notice USN-8429-1 June 15, 2026 fastnetmon vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in FastNetMon. Software Description: - fastnetmon: High-performance DDoS detector Details: It was discovered that FastNetMon incorrectly validated prefix lengths when decoding BGP NLRI data. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-48686) It was discovered that FastNetMon incorrectly sanitized input in the Juniper router integration plugin. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2026-48687) It was discovered that FastNetMon incorrectly handled buffer bounds checks when processing network traffic. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-48689) It was discovered that FastNetMon incorrectly handled encoding the BGP AS_PATH attribute. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-48691) It was discovered that FastNetMon incorrectly validated IP address input in the Juniper router integration plugin. An attacker could possibly use this issue to inject arbitrary router configuration commands. (CVE-2026-48694) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS fastnetmon 1.2.8+git20250911-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 24.04 LTS fastnetmon 1.2.6-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS fastnetmon 1.1.4-1ubuntu0.1~esm1 Available with Ubuntu Pro After a standard system update you need to restart fastnetmon to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8429-1 CVE-2026-48686, CVE-2026-48687, CVE-2026-48689, CVE-2026-48691, CVE-2026-48694 . Security issues in FastNetMon fixed for Ubuntu versions; critical updates available for DDoS detector.. DDoS detection, FastNetMon security, Ubuntu updates, command execution risk. . Severity: Critical. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.