An update that solves one vulnerability can now be installed.. # Security update for python-pyOpenSSL Announcement ID: SUSE-SU-2026:1416-1 Release Date: 2026-04-16T15:36:01Z Rating: low References: * bsc#1259804 Cross-References: * CVE-2026-27448 CVSS scores: * CVE-2026-27448 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27448 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27448 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27448 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for python-pyOpenSSL fixes the following issue: * CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1416=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1416=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1416=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-pyOpenSSL-19.0.0-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-pyOpenSSL-19.0.0-150300.3.3.1 * openSUSE Leap 15.3 (noarch) * python3-pyOpenSSL-19.0.0-150300.3.3.1 * python2-pyOpenSSL-19.0.0-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27448.html *https://bugzilla.suse.com/show_bug.cgi?id=1259804 . Update available for python-pyOpenSSL in SUSE fixing low impact connection issue from unhandled exceptions.. python pyOpenSSL security advisory openSUSE update. . LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for python-pyOpenSSL Announcement ID: SUSE-SU-2026:20930-1 Release Date: 2026-03-25T03:41:11Z Rating: important References: * bsc#1259804 * bsc#1259808 Cross-References: * CVE-2026-27448 * CVE-2026-27459 CVSS scores: * CVE-2026-27448 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27448 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27448 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27448 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27459 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-27459 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-27459 ( NVD ): 7.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27459 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-pyOpenSSL fixes the following issues: * CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804). * CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-439=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0(noarch) * python313-pyOpenSSL-25.0.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27448.html * https://www.suse.com/security/cve/CVE-2026-27459.html * https://bugzilla.suse.com/show_bug.cgi?id=1259804 * https://bugzilla.suse.com/show_bug.cgi?id=1259808 . Fixes critical issues in python-pyOpenSSL for SUSE Linux that could lead to connection problems and buffer overflows.. SUSE Linux, python-pyOpenSSL, security update, buffer overflow, important patch. . LinuxSecurity.com Team
An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.. openSUSE security update: security update for python-pyopenssl ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20419-1 Rating: important References: * bsc#1259804 * bsc#1259808 Cross-References: * CVE-2026-27448 * CVE-2026-27459 CVSS scores: * CVE-2026-27448 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27448 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27459 ( SUSE ): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-27459 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed. Description: This update for python-pyOpenSSL fixes the following issues: - CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804). - CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-439=1 Package List: - openSUSE Leap 16.0: python313-pyOpenSSL-25.0.0-160000.3.1 References: * https://www.suse.com/security/cve/CVE-2026-27448.html * https://www.suse.com/security/cve/CVE-2026-27459.html . Update for openSUSE contains important fixes for python-pyOpenSSL addressing connection issues and buffer overflows.. openSUSE patch, python-pyOpenSSL fix, buffer overflow security, important update, connection issue resolution. . LinuxSecurity.com Team
MGAA-2026-0001 - Updated crypto-policies packages fix bug. MGAA-2026-0001 - Updated crypto-policies packages fix bug Publication date: 02 Jan 2026 URL: https://advisories.mageia.org/MGAA-2026-0001.html Type: bugfix Affected Mageia releases: 9 Description: Some recent systems refuse to connect to a ssh server running on mageia 9. This update fixes the issue. References: - https://bugs.mageia.org/show_bug.cgi?id=34914 - https://www.openssh.org/pq.html SRPMS: - 9/core/crypto-policies-20221110-2.1.mga9 . Fixes connection issues with ssh server on Mageia 9 related to updated crypto-policies, enhancing system stability.. Mageia Security Update,Crypto Policies Bug Fix,SSH Connection Issues,Mageia 9 Advisory. . LinuxSecurity.com Team
Wget could be made to connect to a different host than expected.. ========================================================================== Ubuntu Security Notice USN-6852-2 June 27, 2024 wget vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Wget could be made to connect to a different host than expected. Software Description: - wget: retrieves files from the web Details: USN-6852-1 fixed a vulnerability in Wget. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Wget incorrectly handled semicolons in the userinfo subcomponent of a URI. A remote attacker could possibly trick a user into connecting to a different host than expected. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS wget 1.19.4-1ubuntu2.2+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS wget 1.17.1-1ubuntu1.5+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6852-2 https://ubuntu.com/security/notices/USN-6852-1 CVE-2024-38428 . Ubuntu's recent security notice USN-6852-2 highlights critical Wget vulnerabilities, urging immediate updates to prevent potential remote exploits and data breaches. download manager, security notice, remote threats, Ubuntu updates. . LinuxSecurity.com Team
The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause . MGASA-2024-0113 - Updated libreswan packages fix security vulnerabilities Publication date: 06 Apr 2024 URL: https://advisories.mageia.org/MGASA-2024-0113.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-2357 The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service. (CVE-2024-2357) References: - https://bugs.mageia.org/show_bug.cgi?id=32996 - https://libreswan.org/security/CVE-2024-2357/CVE-2024-2357.txt - https://www.cve.org/CVERecord?id=CVE-2024-2357 SRPMS: - 9/core/libreswan-4.14-1.mga9 . A recent security patch for Libreswan tackles significant vulnerabilities that could result in Denial of Service attacks and connectivity disruptions.. Libreswan Security, Mageia Advisory, IKEv2 Vulnerability, Denial Of Service, Security Update. . LinuxSecurity.com Team
iwd 2.15: Fix issue with notice events for connection timeouts. Fix issue with reason code and deauthenticate event. Fix issue with handling basename() functionality. libell 0.63:. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-58c59bfa4c 2024-03-23 00:20:56.396900 -------------------------------------------------------------------------------- Name : iwd Product : Fedora 40 Version : 2.15 Release : 1.fc40 URL : https://archive.kernel.org/oldwiki/iwd.wiki.kernel.org/ Summary : Wireless daemon for Linux Description : The daemon and utilities for controlling and configuring the Wi-Fi network hardware. -------------------------------------------------------------------------------- Update Information: iwd 2.15: Fix issue with notice events for connection timeouts. Fix issue with reason code and deauthenticate event. Fix issue with handling basename() functionality. libell 0.63: Fix issue with handling ending boundary of the PEM. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 28 2024 Peter Robinson - 2.15-1 - Update to 2.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2263042 - libell-0.63 is available https://bugzilla.redhat.com/show_bug.cgi?id=2263042 [ 2 ] Bug #2263573 - iwd-2.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=2263573 [ 3 ] Bug #2264597 - TRIAGE CVE-2023-52161 iwd: potential authorization bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2264597 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-58c59bfa4c' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
iwd 2.15: Fix issue with notice events for connection timeouts. Fix issue with reason code and deauthenticate event. Fix issue with handling basename() functionality. libell 0.63:. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-38faa9a2a8 2024-03-08 01:53:53.708420 -------------------------------------------------------------------------------- Name : iwd Product : Fedora 38 Version : 2.15 Release : 1.fc38 URL : https://archive.kernel.org/oldwiki/iwd.wiki.kernel.org/ Summary : Wireless daemon for Linux Description : The daemon and utilities for controlling and configuring the Wi-Fi network hardware. -------------------------------------------------------------------------------- Update Information: iwd 2.15: Fix issue with notice events for connection timeouts. Fix issue with reason code and deauthenticate event. Fix issue with handling basename() functionality. libell 0.63: Fix issue with handling ending boundary of the PEM. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 28 2024 Peter Robinson - 2.15-1 - Update to 2.15 * Sat Feb 10 2024 Peter Robinson - 2.14-1 - Update to 2.14 * Wed Jan 24 2024 Fedora Release Engineering - 2.13-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jan 20 2024 Fedora Release Engineering - 2.13-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 14 2024 Peter Robinson - 2.13-1 - Update to 2.13 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2264597 - TRIAGE CVE-2023-52161 iwd: potential authorization bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2264597 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2024-38faa9a2a8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.