An update that solves 8 vulnerabilities and has 8 bug fixes can now be installed.. openSUSE security update: security update for rsync ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20877-1 Rating: important References: * bsc#1254441 * bsc#1262223 * bsc#1264511 * bsc#1264512 * bsc#1264513 * bsc#1264514 * bsc#1264515 * bsc#1265296 Cross-References: * CVE-2025-10158 * CVE-2026-29518 * CVE-2026-41035 * CVE-2026-43617 * CVE-2026-43618 * CVE-2026-43619 * CVE-2026-43620 * CVE-2026-45232 CVSS scores: * CVE-2025-10158 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-29518 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29518 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-41035 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-41035 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43617 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43617 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43618 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-43618 ( SUSE ): 6.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43619 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-43619 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-43620 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-43620 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-45232 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2026-45232 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 8 vulnerabilitiesand has 8 bug fixes can now be installed. Description: This update for rsync fixes the following issues - CVE-2025-10158: Out of bounds array access via negative index (bsc#1254441). - CVE-2026-29518: Symlink-Race TOCTOU in Daemon (use chroot = no) (bsc#1264511). - CVE-2026-41035: count of entries mismatch can lead to a use-after-free (bsc#1262223). - CVE-2026-43617: Authorization Bypass via Hostname Resolution (bsc#1264515). - CVE-2026-43618: Integer Overflow Information Disclosure (bsc#1264512). - CVE-2026-43619: Symlink Race Condition via Path-Based Syscalls (bsc#1264514). - CVE-2026-43620: Out-of-Bounds Array Read via recv_files() (bsc#1264513). - CVE-2026-45232: Off-by-one stack OOB write in HTTP CONNECT proxy response parsing (bsc#1265296). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-867=1 Package List: - openSUSE Leap 16.0: rsync-3.4.1-160000.4.1 References: * https://www.suse.com/security/cve/CVE-2025-10158.html * https://www.suse.com/security/cve/CVE-2026-29518.html * https://www.suse.com/security/cve/CVE-2026-41035.html * https://www.suse.com/security/cve/CVE-2026-43617.html * https://www.suse.com/security/cve/CVE-2026-43618.html * https://www.suse.com/security/cve/CVE-2026-43619.html * https://www.suse.com/security/cve/CVE-2026-43620.html * https://www.suse.com/security/cve/CVE-2026-45232.html . This update addresses 8 important vulnerabilities in rsync on openSUSE Leap 16.0. Immediate action required for security.. openSUSE rsync vulnerabilities important update security patch. . LinuxSecurity.com Team
Frameworks 6.25.0 + KDE Plasma 6.6.4. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-fe3d8d4767 2026-04-16 23:40:54.273526+00:00 -------------------------------------------------------------------------------- Name : kf6-networkmanager-qt Product : Fedora 44 Version : 6.25.0 Release : 1.fc44 URL : https://invent.kde.org/frameworks/networkmanager-qt Summary : A Tier 1 KDE Frameworks 6 module that wraps NetworkManager DBus API Description : A Tier 1 KDE Frameworks 6 Qt library for NetworkManager. -------------------------------------------------------------------------------- Update Information: Frameworks 6.25.0 + KDE Plasma 6.6.4 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 9 2026 Steve Cossette - 6.25.0-1 - 6.25.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2455469 - Configuring WifI network via Network pane appears to not work https://bugzilla.redhat.com/show_bug.cgi?id=2455469 [ 2 ] Bug #2457573 - FE: KDE Frameworks 6.25.0 + Plasma 6.6.4 https://bugzilla.redhat.com/show_bug.cgi?id=2457573 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-fe3d8d4767' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Frameworks 6.25.0 + KDE Plasma 6.6.4. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-fe3d8d4767 2026-04-16 23:40:54.273526+00:00 -------------------------------------------------------------------------------- Name : kf6-kconfigwidgets Product : Fedora 44 Version : 6.25.0 Release : 1.fc44 URL : https://invent.kde.org/frameworks/kconfigwidgets Summary : KDE Frameworks 6 Tier 3 addon for creating configuration dialogs Description : KConfigWidgets provides easy-to-use classes to create configuration dialogs, as well as a set of widgets which uses KConfig to store their settings. -------------------------------------------------------------------------------- Update Information: Frameworks 6.25.0 + KDE Plasma 6.6.4 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 9 2026 Steve Cossette - 6.25.0-1 - 6.25.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2455469 - Configuring WifI network via Network pane appears to not work https://bugzilla.redhat.com/show_bug.cgi?id=2455469 [ 2 ] Bug #2457573 - FE: KDE Frameworks 6.25.0 + Plasma 6.6.4 https://bugzilla.redhat.com/show_bug.cgi?id=2457573 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-fe3d8d4767' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-0608 http://linux.oracle.com/errata/ELSA-2026-0608.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: vsftpd-3.0.3-36.el8_10.3.x86_64.rpm aarch64: vsftpd-3.0.3-36.el8_10.3.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/vsftpd-3.0.3-36.el8_10.3.src.rpm Related CVEs: CVE-2025-14242 Description of changes: [3.0.3-36.3] - Rebuild to test with proper configuration - Related: RHEL-134160 [3.0.3-36.2] - Rebuild to test with proper configuration - Related: RHEL-134160 [3.0.3-36.1] - Fix CVE-2025-14242 - Resolves: RHEL-134160 _______________________________________________ El-errata mailing list
* bsc#1242063 * bsc#1246995 Affected Products: * Public Cloud Module 12 . # Security update for regionServiceClientConfigGCE Announcement ID: SUSE-SU-2025:03171-1 Release Date: 2025-09-11T12:38:50Z Rating: critical References: * bsc#1242063 * bsc#1246995 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has two security fixes can now be installed. ## Description: This update for regionServiceClientConfigGCE contains the following fixes: * Update to version 5.0.0. (bsc#1246995) * SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16 when it gets released. * Update conditional to handle name change of metadata package in SLE 16. (bsc#1242063) * Add noipv6 patch ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2025-3171=1 ## Package List: * Public Cloud Module 12 (noarch) * regionServiceClientConfigGCE-5.0.0-5.21.1 ## References: *https://bugzilla.suse.com/show_bug.cgi?id=1242063 * https://bugzilla.suse.com/show_bug.cgi?id=1246995 . Important patch for serviceConnectionSettingsGCE addresses numerous vulnerabilities. Swift response advised.. Public Cloud Module, SUSE Linux, system update, server integrity, configuration fix. . LinuxSecurity.com Team
* bsc#1242063 * bsc#1246995 Affected Products: * openSUSE Leap 15.6 . # Security update for regionServiceClientConfigGCE Announcement ID: SUSE-SU-2025:03119-1 Release Date: 2025-09-09T12:59:59Z Rating: critical References: * bsc#1242063 * bsc#1246995 Affected Products: * openSUSE Leap 15.6 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * Public Cloud Module 15-SP6 * Public Cloud Module 15-SP7 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has two security fixes can now be installed. ## Description: This update for regionServiceClientConfigGCE contains the following fixes: * Update to version 5.0.0 (bsc#1246995) * SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16 when it gets released. * Update conditional to handle name change of metadata package in SLE 16. (bsc#1242063) * Add noipv6 patch ## Patch Instructions: To install thisSUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3119=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-3119=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-3119=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-3119=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-3119=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-3119=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2025-3119=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2025-3119=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2025-3119=1 * Public Cloud Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2025-3119=1 * Public Cloud Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2025-3119=1 ## Package List: * openSUSE Leap 15.6 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 * Public Cloud Module 15-SP3 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 * Public Cloud Module 15-SP4 (noarch) *regionServiceClientConfigGCE-5.0.0-150000.4.18.1 * Public Cloud Module 15-SP5 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 * Public Cloud Module 15-SP6 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 * Public Cloud Module 15-SP7 (noarch) * regionServiceClientConfigGCE-5.0.0-150000.4.18.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1242063 * https://bugzilla.suse.com/show_bug.cgi?id=1246995 . Essential security patch for regionServiceClientConfigGCE on openSUSE Leap addresses major setup vulnerabilities.. openSUSE security, critical updates, regionServiceClientConfigGCE, public cloud module. . LinuxSecurity.com Team
pam_cap: Fix potential configuration parsing error. (CVE-2025-1390) References: - https://bugs.mageia.org/show_bug.cgi?id=34048 - https://ubuntu.com/security/notices/USN-7287-1 . MGASA-2025-0082 - Updated libcap packages fix security vulnerability Publication date: 26 Feb 2025 URL: https://advisories.mageia.org/MGASA-2025-0082.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-1390 pam_cap: Fix potential configuration parsing error. (CVE-2025-1390) References: - https://bugs.mageia.org/show_bug.cgi?id=34048 - https://ubuntu.com/security/notices/USN-7287-1 - https://www.cve.org/CVERecord?id=CVE-2025-1390 SRPMS: - 9/core/libcap-2.52-5.1.mga9 . Newly released libcap updates address vulnerabilities linked to configuration parsing. Ensure your system's safety with the latest Mageia updates.. libcap security,mageia advisory,configuration parsing fix,security patch,updated packages. . LinuxSecurity.com Team
libcap2 would allow unintended capabilities.. ========================================================================== Ubuntu Security Notice USN-7287-1 February 24, 2025 libcap2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: libcap2 would allow unintended capabilities. Software Description: - libcap2: POSIX 1003.1e capabilities (library) Details: Tianjia Zhang discovered the libcap2 PAM module pam_cap incorrectly handled parsing group names in the configuration file. This could result in certain users being granted capabilities, contrary to expectations. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 libpam-cap 1:2.66-5ubuntu3.1 Ubuntu 24.04 LTS libpam-cap 1:2.66-5ubuntu2.2 Ubuntu 22.04 LTS libpam-cap 1:2.44-1ubuntu0.22.04.2 Ubuntu 20.04 LTS libpam-cap 1:2.32-1ubuntu0.2 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7287-1 CVE-2025-1390 Package Information: https://launchpad.net/ubuntu/+source/libcap2/1:2.66-5ubuntu3.1 https://launchpad.net/ubuntu/+source/libcap2/1:2.66-5ubuntu2.2 https://launchpad.net/ubuntu/+source/libcap2/1:2.44-1ubuntu0.22.04.2 https://launchpad.net/ubuntu/+source/libcap2/1:2.32-1ubuntu0.2 . Ubuntu Security Bulletin USN-7288-2 highlights a vulnerability in libcap2 that may grant excessive permissions. Immediate patching necessary.. libcap2 security, Ubuntu update, PAM module issue, capabilities management, security advisory. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.