Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":1,"type":"x","order":1,"pct":33.33,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":66.67,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 67 articles for you...
219

Rocky Linux Buildah Important DoS Security Fix RLSA-2026-29195

Important: buildah security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:29195", "synopsis": "Important: buildah security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for buildah.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. \n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}, {"ticket": "2456339", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "description": ""}, {"ticket": "2456333", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333", "description": ""}, {"ticket": "2456338", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "description": ""}],"cves": [{"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}, {"name": "CVE-2026-32280", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}, {"name": "CVE-2026-32281", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32281", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-1050"}, {"name": "CVE-2026-32283", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-764"}], "references": [], "publishedAt": "2026-06-26T12:05:00.179765Z", "rpms": {"Rocky Linux 10": {"nvras": ["buildah-2:1.43.1-2.el10_2.src.rpm", "buildah-2:1.43.1-2.el10_2.ppc64le.rpm", "buildah-debuginfo-2:1.43.1-2.el10_2.aarch64.rpm", "buildah-tests-2:1.43.1-2.el10_2.x86_64.rpm", "buildah-tests-debuginfo-2:1.43.1-2.el10_2.ppc64le.rpm", "buildah-debugsource-2:1.43.1-2.el10_2.s390x.rpm", "buildah-debuginfo-2:1.43.1-2.el10_2.x86_64.rpm", "buildah-tests-2:1.43.1-2.el10_2.s390x.rpm", "buildah-debuginfo-2:1.43.1-2.el10_2.ppc64le.rpm", "buildah-2:1.43.1-2.el10_2.s390x.rpm", "buildah-2:1.43.1-2.el10_2.x86_64.rpm", "buildah-debuginfo-2:1.43.1-2.el10_2.s390x.rpm", "buildah-tests-debuginfo-2:1.43.1-2.el10_2.x86_64.rpm", "buildah-debugsource-2:1.43.1-2.el10_2.x86_64.rpm", "buildah-tests-2:1.43.1-2.el10_2.aarch64.rpm", "buildah-2:1.43.1-2.el10_2.aarch64.rpm", "buildah-debugsource-2:1.43.1-2.el10_2.ppc64le.rpm", "buildah-tests-debuginfo-2:1.43.1-2.el10_2.aarch64.rpm", "buildah-tests-debuginfo-2:1.43.1-2.el10_2.s390x.rpm","buildah-debugsource-2:1.43.1-2.el10_2.aarch64.rpm", "buildah-tests-2:1.43.1-2.el10_2.ppc64le.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Buildah security update for Rocky Linux 10 addresses important vulnerabilities affecting container image management tools.. Rocky Linux, buildah security, container image vulnerabilities, Denial of Service, security advisories. . LinuxSecurity.com Team

Calendar%202 Jun 26, 2026 Rocky Linux
219

Rocky Linux 9 podman Important DoS Issues RLSA-2026-26447

Important: podman security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:26447", "synopsis": "Important: podman security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for podman.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2456333", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333", "description": ""}, {"ticket": "2456338", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "description": ""}, {"ticket": "2456339", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "description": ""}], "cves": [{"name": "CVE-2026-32280", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}, {"name": "CVE-2026-32281", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32281", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-1050"}, {"name": "CVE-2026-32283", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-764"}], "references": [], "publishedAt": "2026-06-17T12:03:08.073041Z", "rpms": {"Rocky Linux 9": {"nvras": ["podman-6:5.8.2-3.el9_8.aarch64.rpm", "podman-6:5.8.2-3.el9_8.ppc64le.rpm", "podman-6:5.8.2-3.el9_8.s390x.rpm", "podman-6:5.8.2-3.el9_8.src.rpm", "podman-6:5.8.2-3.el9_8.x86_64.rpm", "podman-debuginfo-6:5.8.2-3.el9_8.aarch64.rpm", "podman-debuginfo-6:5.8.2-3.el9_8.ppc64le.rpm", "podman-debuginfo-6:5.8.2-3.el9_8.s390x.rpm", "podman-debuginfo-6:5.8.2-3.el9_8.x86_64.rpm", "podman-debugsource-6:5.8.2-3.el9_8.aarch64.rpm", "podman-debugsource-6:5.8.2-3.el9_8.ppc64le.rpm", "podman-debugsource-6:5.8.2-3.el9_8.s390x.rpm", "podman-debugsource-6:5.8.2-3.el9_8.x86_64.rpm", "podman-docker-6:5.8.2-3.el9_8.noarch.rpm", "podman-plugins-6:5.8.2-3.el9_8.aarch64.rpm", "podman-plugins-6:5.8.2-3.el9_8.ppc64le.rpm", "podman-plugins-6:5.8.2-3.el9_8.s390x.rpm", "podman-plugins-6:5.8.2-3.el9_8.x86_64.rpm", "podman-plugins-debuginfo-6:5.8.2-3.el9_8.aarch64.rpm", "podman-plugins-debuginfo-6:5.8.2-3.el9_8.ppc64le.rpm", "podman-plugins-debuginfo-6:5.8.2-3.el9_8.s390x.rpm", "podman-plugins-debuginfo-6:5.8.2-3.el9_8.x86_64.rpm", "podman-remote-6:5.8.2-3.el9_8.aarch64.rpm", "podman-remote-6:5.8.2-3.el9_8.ppc64le.rpm", "podman-remote-6:5.8.2-3.el9_8.s390x.rpm", "podman-remote-6:5.8.2-3.el9_8.x86_64.rpm", "podman-remote-debuginfo-6:5.8.2-3.el9_8.aarch64.rpm", "podman-remote-debuginfo-6:5.8.2-3.el9_8.ppc64le.rpm", "podman-remote-debuginfo-6:5.8.2-3.el9_8.s390x.rpm", "podman-remote-debuginfo-6:5.8.2-3.el9_8.x86_64.rpm", "podman-tests-6:5.8.2-3.el9_8.aarch64.rpm", "podman-tests-6:5.8.2-3.el9_8.ppc64le.rpm","podman-tests-6:5.8.2-3.el9_8.s390x.rpm", "podman-tests-6:5.8.2-3.el9_8.x86_64.rpm", "podman-tests-debuginfo-6:5.8.2-3.el9_8.aarch64.rpm", "podman-tests-debuginfo-6:5.8.2-3.el9_8.ppc64le.rpm", "podman-tests-debuginfo-6:5.8.2-3.el9_8.s390x.rpm", "podman-tests-debuginfo-6:5.8.2-3.el9_8.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important podman security updates for Rocky Linux 9 address denial of service issues from several CVEs.. Rocky Linux podman update Denial of Service vulnerabilities. . LinuxSecurity.com Team

Calendar%202 Jun 17, 2026 Rocky Linux
89

Fedora 43: Moby-Engine 29.1.3 Critical Local Privilege Escalation Patch

Update to release v29.1.3 Resolves: rhbz#2417969 Resolves CVE-2024-25621: rhbz#2419019, rhbz#2419046, rhbz#2419442 Upstream new features and fixes. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-d39f46567c 2025-12-22 00:51:48.774296+00:00 -------------------------------------------------------------------------------- Name : moby-engine Product : Fedora 43 Version : 29.1.3 Release : 1.fc43 URL : https://github.com/moby/moby Summary : The open-source application container engine Description : Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance and everything in between \u2014 and they do not require you to use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider. -------------------------------------------------------------------------------- Update Information: Update to release v29.1.3 Resolves: rhbz#2417969 Resolves CVE-2024-25621: rhbz#2419019, rhbz#2419046, rhbz#2419442 Upstream new features and fixes -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 12 2025 Bradley G Smith - 29.1.3-1 - Update to release v29.1.3 - Resolves: rhbz#2417969 - Resolves CVE-2024-25621: rhbz#2419019, rhbz#2419046, rhbz#2419442 - Upstream new features and fixes * Tue Dec 2 2025 Bradley G Smith - 29.1.2-1 - Update to release v29.1.2 - Resolves: rhbz#2417969 - Upstream new features and fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #2417969 - moby-engine-29.1.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2417969 [ 2 ] Bug#2419019 - CVE-2024-25621 moby-engine: containerd local privilege escalation [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2419019 [ 3 ] Bug #2419046 - CVE-2024-25621 moby-engine: containerd local privilege escalation [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2419046 [ 4 ] Bug #2419442 - CVE-2024-25621 moby-engine: containerd local privilege escalation [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2419442 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d39f46567c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Stay informed with the latest Fedora update for moby-engine, addressing critical security issues and new features.. Fedora Update, Moby Engine Security, Container Privilege Escalation, Open Source Application. . LinuxSecurity.com Team

Calendar%202 Dec 22, 2025 Fedora
89

Fedora 42: Important Kubernetes Updates Released for 2025-4c576d1bd9

Update to release v1.34.2 Resolves: rhbz#2398589, rhbz#2398850, rhbz#2399251, rhbz#2399524 Resolves: rhbz#2407790, rhbz#2408060, rhbz#2408317, rhbz#2408611 Resolves: rhbz#2408674, rhbz#2408732, rhbz#2409239, rhbz#2409529 Resolves: rhbz#2409790, rhbz#2410204, rhbz#2410479, rhbz#2410740. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-4c576d1bd9 2025-11-25 01:34:32.166692+00:00 -------------------------------------------------------------------------------- Name : kubernetes1.34 Product : Fedora 42 Version : 1.34.2 Release : 1.fc42 URL : https://github.com/kubernetes/kubernetes Summary : Open Source Production-Grade Container Scheduling And Management Platform Description : Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machines. -------------------------------------------------------------------------------- Update Information: Update to release v1.34.2 Resolves: rhbz#2398589, rhbz#2398850, rhbz#2399251, rhbz#2399524 Resolves: rhbz#2407790, rhbz#2408060, rhbz#2408317, rhbz#2408611 Resolves: rhbz#2408674, rhbz#2408732, rhbz#2409239, rhbz#2409529 Resolves: rhbz#2409790, rhbz#2410204, rhbz#2410479, rhbz#2410740 Resolves: rhbz#2411120, rhbz#2411378, rhbz#2411636 rhbz#2412590 Resolves: rhbz#2412805 Upstream fixes -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2025 Bradley G Smith - 1.34.2-1 - Update to release v1.34.2 - Resolves: rhbz#2398589, rhbz#2398850, rhbz#2399251, rhbz#2399524 - Resolves: rhbz#2407790, rhbz#2408060, rhbz#2408317, rhbz#2408611 - Resolves: rhbz#2408674, rhbz#2408732, rhbz#2409239, rhbz#2409529 - Resolves: rhbz#2409790, rhbz#2410204, rhbz#2410479,rhbz#2410740 - Resolves: rhbz#2411120, rhbz#2411378, rhbz#2411636 rhbz#2412590 - Resolves: rhbz#2412805 - Upstream fixes * Fri Nov 14 2025 Bradley G Smith - 1.34.1-4 - Reorder CRI Recommends - Update cri-o recommend with correct version information - Reorder CRI as (for example): Recommends: (cri-o1.34 or containerd) * Fri Oct 10 2025 Maxwell G - 1.34.1-3 - Rebuild for golang 1.25.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2398589 - CVE-2025-47910 kubernetes1.34: CrossOriginProtection bypass in net/http [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2398589 [ 2 ] Bug #2398850 - CVE-2025-47910 kubernetes1.34: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398850 [ 3 ] Bug #2399251 - CVE-2025-47906 kubernetes1.34: Unexpected paths returned from LookPath in os/exec [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2399251 [ 4 ] Bug #2399524 - CVE-2025-47906 kubernetes1.34: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399524 [ 5 ] Bug #2407790 - CVE-2025-58189 kubernetes1.34: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2407790 [ 6 ] Bug #2408060 - CVE-2025-58189 kubernetes1.34: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408060 [ 7 ] Bug #2408317 - CVE-2025-58189 kubernetes1.34: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408317 [ 8 ] Bug #2408611 - CVE-2025-61725 kubernetes1.34: Excessive CPU consumption in ParseAddress in net/mail [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2408611 [ 9 ] Bug #2408674 - CVE-2025-61725 kubernetes1.34:Excessive CPU consumption in ParseAddress in net/mail [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408674 [ 10 ] Bug #2408732 - CVE-2025-61725 kubernetes1.34: Excessive CPU consumption in ParseAddress in net/mail [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408732 [ 11 ] Bug #2409239 - CVE-2025-61723 kubernetes1.34: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2409239 [ 12 ] Bug #2409529 - CVE-2025-61723 kubernetes1.34: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409529 [ 13 ] Bug #2409790 - CVE-2025-61723 kubernetes1.34: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409790 [ 14 ] Bug #2410204 - CVE-2025-58185 kubernetes1.34: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2410204 [ 15 ] Bug #2410479 - CVE-2025-58185 kubernetes1.34: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2410479 [ 16 ] Bug #2410740 - CVE-2025-58185 kubernetes1.34: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2410740 [ 17 ] Bug #2411120 - CVE-2025-58188 kubernetes1.34: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2411120 [ 18 ] Bug #2411378 - CVE-2025-58188 kubernetes1.34: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411378 [ 19 ] Bug #2411636 - CVE-2025-58188 kubernetes1.34: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411636 [ 20 ] Bug #2412590 - CVE-2025-58183 kubernetes1.34: Unbounded allocation when parsing GNU sparse map [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2412590 [ 21 ] Bug #2412805 - CVE-2025-58183 kubernetes1.34: Unbounded allocation when parsing GNU sparse map [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2412805 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4c576d1bd9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Critical updates for Kubernetes 1.34.2 on Fedora 42 addressing multiple security issues ensuring robust container management.. Fedora Kubernetes security updates fixes. . LinuxSecurity.com Team

Calendar%202 Nov 25, 2025 Fedora
89

Fedora 43: runc High Risk Security Fix 2025-ebd4913540 CVE-2025-31133

Update to release v1.3.3. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-ebd4913540 2025-11-14 01:25:41.063350+00:00 -------------------------------------------------------------------------------- Name : runc Product : Fedora 43 Version : 1.3.3 Release : 1.fc43 URL : https://github.com/opencontainers/runc Summary : CLI for running Open Containers Description : The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. -------------------------------------------------------------------------------- Update Information: Update to release v1.3.3 -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 5 2025 Bradley G Smith - 2:1.3.3-1 - Update to release v1.3.3 - Resolves: rhbz#2411664, rhbz#2411410, rhbz#2411148 - Resolves: rbhz#2410768, rhbz#2410512, rhbz#2410233 - Resolves: rhbz#2409818, rhbz#2409561, rhbz#2409284 - Resolves: rhbz#2408345, rhbz#2408091, rhbz#2407818 - Security. Fixes CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 - Upstream new feature -------------------------------------------------------------------------------- References: [ 1 ] Bug #2407818 - CVE-2025-58189 runc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2407818 [ 2 ] Bug #2408091 - CVE-2025-58189 runc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408091 [ 3 ] Bug #2408345 - CVE-2025-58189 runc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408345 [ 4 ] Bug #2409284 - CVE-2025-61723 runc: Quadratic complexity when parsing someinvalid inputs in encoding/pem [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2409284 [ 5 ] Bug #2409561 - CVE-2025-61723 runc: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409561 [ 6 ] Bug #2409818 - CVE-2025-61723 runc: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409818 [ 7 ] Bug #2411148 - CVE-2025-58188 runc: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2411148 [ 8 ] Bug #2411410 - CVE-2025-58188 runc: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411410 [ 9 ] Bug #2411664 - CVE-2025-58188 runc: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411664 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-ebd4913540' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Federation 43 releases runc 1.3.3 with security updates for multiple CVEs ensuring container security.. Fedora runc security update CVE container management. . LinuxSecurity.com Team

Calendar%202 Nov 14, 2025 Fedora
89

Fedora 41: runc High Security Fix for CVE-2025-31133 FEDORA-2025-6924245627

Update to release v1.3.3. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-6924245627 2025-11-14 01:07:42.820576+00:00 -------------------------------------------------------------------------------- Name : runc Product : Fedora 41 Version : 1.3.3 Release : 1.fc41 URL : https://github.com/opencontainers/runc Summary : CLI for running Open Containers Description : The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. -------------------------------------------------------------------------------- Update Information: Update to release v1.3.3 -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 5 2025 Bradley G Smith - 2:1.3.3-1 - Update to release v1.3.3 - Resolves: rhbz#2411664, rhbz#2411410, rhbz#2411148 - Resolves: rbhz#2410768, rhbz#2410512, rhbz#2410233 - Resolves: rhbz#2409818, rhbz#2409561, rhbz#2409284 - Resolves: rhbz#2408345, rhbz#2408091, rhbz#2407818 - Security. Fixes CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 - Upstream new feature -------------------------------------------------------------------------------- References: [ 1 ] Bug #2407818 - CVE-2025-58189 runc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2407818 [ 2 ] Bug #2408091 - CVE-2025-58189 runc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408091 [ 3 ] Bug #2408345 - CVE-2025-58189 runc: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408345 [ 4 ] Bug #2409284 - CVE-2025-61723 runc: Quadratic complexity when parsing someinvalid inputs in encoding/pem [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2409284 [ 5 ] Bug #2409561 - CVE-2025-61723 runc: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409561 [ 6 ] Bug #2409818 - CVE-2025-61723 runc: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409818 [ 7 ] Bug #2411148 - CVE-2025-58188 runc: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2411148 [ 8 ] Bug #2411410 - CVE-2025-58188 runc: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411410 [ 9 ] Bug #2411664 - CVE-2025-58188 runc: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411664 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6924245627' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Update to runc v1.3.3 on Fedora 41 addresses critical issues including CVE-2025-31133 and CVE-2025-52565.. Fedora 41, runc, container security, security advisory, security update. . LinuxSecurity.com Team

Calendar%202 Nov 14, 2025 Fedora
100

SUSE: KubeVirt Important Security Update 2025:03278-1 for Containers

* bsc#1234537 * bsc#1235303 * bsc#1241772 Cross-References: . # Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t Announcement ID: SUSE-SU-2025:03278-1 Release Date: 2025-09-19T13:42:11Z Rating: important References: * bsc#1234537 * bsc#1235303 * bsc#1241772 Cross-References: * CVE-2024-45337 * CVE-2024-45338 * CVE-2025-22872 CVSS scores: * CVE-2024-45337 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45337 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2024-45338 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45338 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45338 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-22872 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2025-22872 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-22872 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L Affected Products: * Containers Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for kubevirt, virt-api-container, virt-controller-container, virt- exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator- container, virt-pr-helper-container fixes the following issues: This update for kubevirt updates golang.org/x/net to 0.38.0, fixing security issues (CVE-2025-22872, CVE-2024-45337, CVE-2024-45338, bsc#1234537, bsc#1235303, bsc#1241772) and also rebuilds it against current GO. ## Patch Instructions: Toinstall this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3278=1 openSUSE-SLE-15.6-2025-3278=1 * Containers Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-3278=1 ## Package List: * openSUSE Leap 15.6 (aarch64 x86_64) * kubevirt-virt-api-debuginfo-1.4.1-150600.5.24.1 * kubevirt-virt-exportserver-debuginfo-1.4.1-150600.5.24.1 * kubevirt-virt-exportproxy-debuginfo-1.4.1-150600.5.24.1 * kubevirt-virtctl-1.4.1-150600.5.24.1 * kubevirt-virt-launcher-debuginfo-1.4.1-150600.5.24.1 * kubevirt-container-disk-1.4.1-150600.5.24.1 * kubevirt-virtctl-debuginfo-1.4.1-150600.5.24.1 * kubevirt-virt-api-1.4.1-150600.5.24.1 * kubevirt-virt-controller-1.4.1-150600.5.24.1 * kubevirt-virt-exportserver-1.4.1-150600.5.24.1 * kubevirt-container-disk-debuginfo-1.4.1-150600.5.24.1 * kubevirt-virt-launcher-1.4.1-150600.5.24.1 * kubevirt-virt-operator-1.4.1-150600.5.24.1 * kubevirt-tests-debuginfo-1.4.1-150600.5.24.1 * kubevirt-virt-exportproxy-1.4.1-150600.5.24.1 * kubevirt-virt-controller-debuginfo-1.4.1-150600.5.24.1 * kubevirt-pr-helper-conf-1.4.1-150600.5.24.1 * kubevirt-tests-1.4.1-150600.5.24.1 * kubevirt-virt-handler-1.4.1-150600.5.24.1 * kubevirt-manifests-1.4.1-150600.5.24.1 * kubevirt-virt-handler-debuginfo-1.4.1-150600.5.24.1 * kubevirt-virt-operator-debuginfo-1.4.1-150600.5.24.1 * obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1 * Containers Module 15-SP6 (aarch64 x86_64) * kubevirt-virtctl-debuginfo-1.4.1-150600.5.24.1 * kubevirt-virtctl-1.4.1-150600.5.24.1 * kubevirt-manifests-1.4.1-150600.5.24.1 ## References: * https://www.suse.com/security/cve/CVE-2024-45337.html * https://www.suse.com/security/cve/CVE-2024-45338.html * https://www.suse.com/security/cve/CVE-2025-22872.html *https://bugzilla.suse.com/show_bug.cgi?id=1234537 * https://bugzilla.suse.com/show_bug.cgi?id=1235303 * https://bugzilla.suse.com/show_bug.cgi?id=1241772 . Important security update for SUSE's KubeVirt images. Upgrade immediately to resolve critical vulnerabilities before consequences arise.. KubeVirt Update. . LinuxSecurity.com Team

Calendar%202 Sep 19, 2025 SuSE
89

Fedora 41: kubernetes1.32 Update CVE-2025-5187 Self-Deletion Fix

Update to release v1.32.7 Resolves: rhbz#2388412 Resolves: CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference Upstream fixes. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-8f9b0ca4c7 2025-08-23 01:31:19.590141+00:00 -------------------------------------------------------------------------------- Name : kubernetes1.32 Product : Fedora 41 Version : 1.32.8 Release : 1.fc41 URL : https://github.com/kubernetes/kubernetes Summary : Open Source Production-Grade Container Scheduling And Management Platform Description : Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machines. -------------------------------------------------------------------------------- Update Information: Update to release v1.32.7 Resolves: rhbz#2388412 Resolves: CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference Upstream fixes -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 13 2025 Bradley G Smith - 1.32.8-1 - Update to release v1.32.7 - Resolves: rhbz#2388412 - Resolves: CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference - Upstream fixes * Thu Jul 24 2025 Fedora Release Engineering - 1.32.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2388412 - kubernetes1.32-1.33.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2388412 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade--advisory FEDORA-2025-8f9b0ca4c7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Upgrade your Fedora 41 to include the recent kubernetes 1.32 patch that resolves significant node self-deletion vulnerabilities.. kubernetes1.32,Fedora 41,kernel updates,container management. . LinuxSecurity.com Team

Calendar%202 Aug 23, 2025 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":1,"type":"x","order":1,"pct":33.33,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":66.67,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Your message here