Explore top 10 tips to secure your open-source projects now. Read More
×Security update. Publication date: 16 Jul 2026 URL: https://advisories.mageia.org/MGAA-2026-0054.html Type: bugfix Affected Mageia releases: 10 Description: Quod Libet crashed immediately when started. This update fixes the issue. References: - https://bugs.mageia.org/show_bug.cgi?id=35885 SRPMS: - 10/core/quodlibet-4.7.1-1.mga10 . A security update addressing a critical crash issue in Quod Libet for Mageia 10, ensuring stability and performance.. Mageia Quod Libet Crash Fix, Security Update Mageia, Bugfix Advisory Mageia. . Severity: Critical. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for openldap2_5 Announcement ID: SUSE-SU-2026:0256-1 Release Date: 2026-01-22T16:09:02Z Rating: moderate References: * bsc#1256297 Cross-References: * CVE-2026-22185 CVSS scores: * CVE-2026-22185 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-22185 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-22185 ( NVD ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for openldap2_5 fixes the following issues: Security fixes: * CVE-2026-22185: Fixed possible crash in malicious DB (bsc#1256297) Other fixes: * Update to version 2.5.20+11: * ITS#10421 mdb_load: check for malicious input ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-256=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-256=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-256=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-256=1 ## Package List: * openSUSELeap 15.5 (aarch64 ppc64le s390x x86_64 i586) * openldap2_5-ppolicy-check-password-debuginfo-2.5.20+11-150500.11.38.1 * openldap2_5-contrib-2.5.20+11-150500.11.38.1 * openldap2_5-client-2.5.20+11-150500.11.38.1 * openldap2_5-2.5.20+11-150500.11.38.1 * openldap2_5-debugsource-2.5.20+11-150500.11.38.1 * openldap2_5-devel-2.5.20+11-150500.11.38.1 * libldap-2_5-0-2.5.20+11-150500.11.38.1 * libldap-2_5-0-debuginfo-2.5.20+11-150500.11.38.1 * openldap2_5-ppolicy-check-password-2.5.20+11-150500.11.38.1 * openldap2_5-debuginfo-2.5.20+11-150500.11.38.1 * openldap2_5-contrib-debuginfo-2.5.20+11-150500.11.38.1 * openSUSE Leap 15.5 (noarch) * openldap2_5-doc-2.5.20+11-150500.11.38.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * openldap2_5-ppolicy-check-password-debuginfo-2.5.20+11-150500.11.38.1 * openldap2_5-contrib-2.5.20+11-150500.11.38.1 * openldap2_5-client-2.5.20+11-150500.11.38.1 * openldap2_5-2.5.20+11-150500.11.38.1 * openldap2_5-debugsource-2.5.20+11-150500.11.38.1 * openldap2_5-devel-2.5.20+11-150500.11.38.1 * libldap-2_5-0-2.5.20+11-150500.11.38.1 * libldap-2_5-0-debuginfo-2.5.20+11-150500.11.38.1 * openldap2_5-ppolicy-check-password-2.5.20+11-150500.11.38.1 * openldap2_5-debuginfo-2.5.20+11-150500.11.38.1 * openldap2_5-contrib-debuginfo-2.5.20+11-150500.11.38.1 * openSUSE Leap 15.6 (noarch) * openldap2_5-doc-2.5.20+11-150500.11.38.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * openldap2_5-client-2.5.20+11-150500.11.38.1 * openldap2_5-debugsource-2.5.20+11-150500.11.38.1 * openldap2_5-devel-2.5.20+11-150500.11.38.1 * libldap-2_5-0-2.5.20+11-150500.11.38.1 * libldap-2_5-0-debuginfo-2.5.20+11-150500.11.38.1 * openldap2_5-debuginfo-2.5.20+11-150500.11.38.1 * Basesystem Module 15-SP7 (noarch) * openldap2_5-doc-2.5.20+11-150500.11.38.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) *openldap2_5-ppolicy-check-password-debuginfo-2.5.20+11-150500.11.38.1 * openldap2_5-contrib-2.5.20+11-150500.11.38.1 * openldap2_5-2.5.20+11-150500.11.38.1 * openldap2_5-debugsource-2.5.20+11-150500.11.38.1 * openldap2_5-ppolicy-check-password-2.5.20+11-150500.11.38.1 * openldap2_5-debuginfo-2.5.20+11-150500.11.38.1 * openldap2_5-contrib-debuginfo-2.5.20+11-150500.11.38.1 ## References: * https://www.suse.com/security/cve/CVE-2026-22185.html * https://bugzilla.suse.com/show_bug.cgi?id=1256297 . An update for openldap2_5 on openSUSE addresses a moderate crash issue related to CVE-2026-22185, enhancing security.. openldap2_5 security update, openSUSE vulnerability, moderate security fix, software patch SUSE. . LinuxSecurity.com Team
An update that solves three vulnerabilities can now be installed.. # Security update for avahi Announcement ID: SUSE-SU-2026:0143-1 Release Date: 2026-01-17T11:04:18Z Rating: moderate References: * bsc#1256498 * bsc#1256499 * bsc#1256500 Cross-References: * CVE-2025-68276 * CVE-2025-68468 * CVE-2025-68471 CVSS scores: * CVE-2025-68276 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68276 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68276 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68468 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68468 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-68468 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-68471 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68471 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-68471 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2025-68276: avahi: reachable assertion in `avahi_wide_area_scan_cache` can lead to crash of avahi-daemon (bsc#1256498). * CVE-2025-68468: avahi: reachable assertion in `lookup_multicast_callback` can lead to crash of avahi-daemon (bsc#1256499). * CVE-2025-68471: avahi: reachable assertion in `lookup_start` can lead to crash of avahi-daemon (bsc#1256500). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patchSUSE-SUSE-MicroOS-5.2-2026-143=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-143=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libavahi-core7-debuginfo-0.7-150100.3.46.1 * libavahi-core7-0.7-150100.3.46.1 * libavahi-common3-debuginfo-0.7-150100.3.46.1 * avahi-debuginfo-0.7-150100.3.46.1 * libavahi-client3-0.7-150100.3.46.1 * avahi-0.7-150100.3.46.1 * libavahi-client3-debuginfo-0.7-150100.3.46.1 * avahi-debugsource-0.7-150100.3.46.1 * libavahi-common3-0.7-150100.3.46.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libavahi-core7-debuginfo-0.7-150100.3.46.1 * libavahi-core7-0.7-150100.3.46.1 * libavahi-common3-debuginfo-0.7-150100.3.46.1 * avahi-debuginfo-0.7-150100.3.46.1 * libavahi-client3-0.7-150100.3.46.1 * avahi-0.7-150100.3.46.1 * libavahi-client3-debuginfo-0.7-150100.3.46.1 * avahi-debugsource-0.7-150100.3.46.1 * libavahi-common3-0.7-150100.3.46.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68276.html * https://www.suse.com/security/cve/CVE-2025-68468.html * https://www.suse.com/security/cve/CVE-2025-68471.html * https://bugzilla.suse.com/show_bug.cgi?id=1256498 * https://bugzilla.suse.com/show_bug.cgi?id=1256499 * https://bugzilla.suse.com/show_bug.cgi?id=1256500 . Three vulnerabilities fixed in Avahi update for SUSE Enterprise Micro 5.2 to enhance system stability.. SUSE Enterprise Micro, Avahi security, patch management, software update, system vulnerabilities. . LinuxSecurity.com Team
libcaca could be made to crash if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-7943-1 January 07, 2026 libcaca vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: libcaca could be made to crash if it opened a specially crafted file. Software Description: - libcaca: text mode graphics utilities Details: Han Zheng discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause libcaca to crash. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 caca-utils 0.99.beta20-5ubuntu0.25.10.1 libcaca0 0.99.beta20-5ubuntu0.25.10.1 Ubuntu 25.04 caca-utils 0.99.beta20-5ubuntu0.25.04.1 libcaca0 0.99.beta20-5ubuntu0.25.04.1 Ubuntu 24.04 LTS caca-utils 0.99.beta20-4ubuntu0.1 libcaca0 0.99.beta20-4ubuntu0.1 Ubuntu 22.04 LTS caca-utils 0.99.beta19-2.2ubuntu4.1 libcaca0 0.99.beta19-2.2ubuntu4.1 Ubuntu 20.04 LTS caca-utils 0.99.beta19-2.1ubuntu1.20.04.2+esm1 Available with Ubuntu Pro libcaca0 0.99.beta19-2.1ubuntu1.20.04.2+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS caca-utils 0.99.beta19-2ubuntu0.18.04.3+esm1 Available with Ubuntu Pro libcaca0 0.99.beta19-2ubuntu0.18.04.3+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS caca-utils 0.99.beta19-2ubuntu0.16.04.2+esm2 Available with Ubuntu Pro libcaca0 0.99.beta19-2ubuntu0.16.04.2+esm2 Available with Ubuntu Pro Ubuntu 14.04 LTS caca-utils 0.99.beta18-1ubuntu5.1+esm3 Available with Ubuntu Pro libcaca0 0.99.beta18-1ubuntu5.1+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7943-1 CVE-2022-0856 Package Information: https://launchpad.net/ubuntu/+source/libcaca/0.99.beta20-5ubuntu0.25.10.1 https://launchpad.net/ubuntu/+source/libcaca/0.99.beta20-5ubuntu0.25.04.1 https://launchpad.net/ubuntu/+source/libcaca/0.99.beta19-2.2ubuntu4.1 . libcaca may crash when handling specially crafted files across multiple Ubuntu versions. Update now to protect your system.. libcaca update, ubuntu security, libcaca crash, software vulnerability. . Severity: Important. LinuxSecurity.com Team
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2 - CVE-2023-52969. MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through . MGASA-2025-0186 - Updated mariadb packages fix security vulnerabilities Publication date: 11 Jun 2025 URL: https://advisories.mageia.org/MGASA-2025-0186.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-52969, CVE-2023-52970, CVE-2023-52971, CVE-2025-30693, CVE-2025-30722 MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2 - CVE-2023-52969. MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where - CVE-2023-52970. MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan - CVE-2023-52971. Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H) - CVE-2025-30693. Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N) - CVE-2025-30722 References: - https://bugs.mageia.org/show_bug.cgi?id=34342 - https://mariadb.com/docs/release-notes/community-server/11.4/11.4.7 - https://mariadb.com/docs/release-notes/community-server/11.4/11.4.6 - https://ubuntu.com/security/notices/USN-7548-1 - https://www.cve.org/CVERecord?id=CVE-2023-52969 - https://www.cve.org/CVERecord?id=CVE-2023-52970 - https://www.cve.org/CVERecord?id=CVE-2023-52971 - https://www.cve.org/CVERecord?id=CVE-2025-30693 - https://www.cve.org/CVERecord?id=CVE-2025-30722 SRPMS: - 9/core/mariadb-11.4.7-1.mga9 . The recent MariaDB enhancements within Mageia tackle a range of security flaws, bolstering system robustness and protecting data accuracy for its community.. MariaDB Security, Mageia Update, DOS Prevention, Crash Protection. . LinuxSecurity.com Team
MariaDB a popular database engine was affected by two vulnerabilties. CVE-2023-52969 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4154-1
An issue has been found in expat, an XML parsing C library. The issue is related to a crash within XML_ResumeParser() because XML_StopParser() can stop/suspend an unstarted parser. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4145-1
MariaDB 10.11.11 Release notes: https://mariadb.com/docs/release-notes/community-server/10.11/10.11.11. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-e317a33d16 2025-04-15 19:19:49.588596+00:00 -------------------------------------------------------------------------------- Name : mariadb10.11 Product : Fedora 40 Version : 10.11.11 Release : 1.fc40 URL : http://mariadb.org Summary : A very fast and robust SQL database server Description : MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mariadbd) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and utilities. -------------------------------------------------------------------------------- Update Information: MariaDB 10.11.11 Release notes: https://mariadb.com/docs/release-notes/community-server/10.11/10.11.11 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 5 2025 Michal Schorm - 3:10.11.11-1 - Rebase to 10.11.11 * Sat Feb 1 2025 Björn Esser - 3:10.11.10-4 - Add explicit BR: libxcrypt-devel * Fri Jan 17 2025 Fedora Release Engineering - 3:10.11.10-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Fri Nov 29 2024 Timothée Ravier - 3:10.11.10-2 - Split mariadb-access & mariadb-find-rows into a client-utils subpackage -------------------------------------------------------------------------------- References: [ 1 ] Bug #2351039 - CVE-2023-52969 mariadb10.11: MariaDB Server Crash Due to Empty Backtrace Log [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2351039 [ 2 ] Bug #2351041 - CVE-2023-52971 mariadb10.11: MariaDB Server Crash [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2351041 [ 3 ] Bug #2351043 - CVE-2023-52970 mariadb10.11: MariaDBServer Crash via Item_direct_view_ref [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2351043 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e317a33d16' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . The PostgreSQL 15 release for Ubuntu 22.04 resolves stability issues and enhances general efficiency for its user base.. MariaDB, Fedora, SQL database, software update, crash fix. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.