Explore top 10 tips to secure your open-source projects now. Read More
×
Update! Close Go standard library CVE bugs that are solved by a rebuild. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ed208f5337 2026-07-02 01:05:29.983895+00:00 -------------------------------------------------------------------------------- Name : hut Product : Fedora 44 Version : 0.8.0 Release : 1.fc44 URL : https://git.sr.ht/~xenrox/hut Summary : A CLI tool for Sourcehut Description : hut is a CLI tool for interacting with Sourcehut instances. It supports git.sr.ht as well as self-hosted Sourcehut instances. -------------------------------------------------------------------------------- Update Information: Update! Close Go standard library CVE bugs that are solved by a rebuild -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 23 2026 Javier Olaechea - 0.8.0-1 - Update to 0.8.0. Fixes rhbz#2451702. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2408304 - CVE-2025-58189 hut: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408304 [ 2 ] Bug #2408723 - CVE-2025-61725 hut: Excessive CPU consumption in ParseAddress in net/mail [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408723 [ 3 ] Bug #2409777 - CVE-2025-61723 hut: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409777 [ 4 ] Bug #2410727 - CVE-2025-58185 hut: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2410727 [ 5 ] Bug #2411623 - CVE-2025-58188 hut: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411623 [ 6 ] Bug #2412711- CVE-2025-58183 hut: Unbounded allocation when parsing GNU sparse map [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2412711 [ 7 ] Bug #2451702 - hut-0.8.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451702 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ed208f5337' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
nginx-mod-headers-more: Rebuild for 1.30.3 nginx-mod-brotli: Rebuild for 1.30.3 nginx-mod-vts:. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-9d7328702e 2026-06-27 00:54:50.049683+00:00 -------------------------------------------------------------------------------- Name : nginx-mod-fancyindex Product : Fedora 43 Version : 0.6.0 Release : 6.fc43 URL : https://github.com/aperezdc/ngx-fancyindex Summary : Nginx FancyIndex module Description : The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: * Custom headers. Either local or stored remotely. * Custom footers. Either local or stored remotely. * Add you own CSS style rules. * Allow choosing to sort elements by name (default), modification time, or size; both ascending (default), or descending. -------------------------------------------------------------------------------- Update Information: nginx-mod-headers-more: Rebuild for 1.30.3 nginx-mod-brotli: Rebuild for 1.30.3 nginx-mod-vts: Rebuild for 1.30.3 nginx-mod-modsecurity: Rebuild for 1.30.3 nginx-mod-fancyindex: Rebuild for 1.30.3 nginx-mod-naxsi: Rebuild for 1.30.3 nginx: update to 1.30.3 fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 17 2026 Felix Kaechele - 0.6.0-6 - Rebuild for 1.30.3 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9d7328702e' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that solves five vulnerabilities can now be installed.. # Security update for xen Announcement ID: SUSE-SU-2026:2613-1 Release Date: 2026-06-24T09:01:48Z Rating: important References: * bsc#1264066 * bsc#1266952 * bsc#1266953 * bsc#1266955 Cross-References: * CVE-2025-54518 * CVE-2026-42487 * CVE-2026-42488 * CVE-2026-42489 * CVE-2026-42490 CVSS scores: * CVE-2025-54518 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-54518 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-54518 ( NVD ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-42487 ( SUSE ): 8.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-42487 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-42487 ( NVD ): 7.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H * CVE-2026-42488 ( SUSE ): 8.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-42488 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-42488 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-42489 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-42489 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2026-42489 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2026-42490 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-42490 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42490 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise HighPerformance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264066). * CVE-2026-42487: x86 HVM I/O port list traversal (bsc#1266952). * CVE-2026-42488: x86: mismatched mapcache metadata (bsc#1266955). * CVE-2026-42489,CVE-2026-42490: domctl lock open to abuse (bsc#1266953). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2613=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2613=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2613=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2613=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2613=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2613=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2613=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2613=1 * openSUSE Leap 15.4 zypper in -t patchSUSE-2026-2613=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * xen-4.16.7_10-150400.4.86.2 * xen-tools-domU-4.16.7_10-150400.4.86.2 * xen-libs-debuginfo-4.16.7_10-150400.4.86.2 * xen-tools-debuginfo-4.16.7_10-150400.4.86.2 * xen-devel-4.16.7_10-150400.4.86.2 * xen-debugsource-4.16.7_10-150400.4.86.2 * xen-tools-domU-debuginfo-4.16.7_10-150400.4.86.2 * xen-libs-4.16.7_10-150400.4.86.2 * xen-tools-4.16.7_10-150400.4.86.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * xen-tools-xendomains-wait-disk-4.16.7_10-150400.4.86.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * xen-4.16.7_10-150400.4.86.2 * xen-tools-domU-4.16.7_10-150400.4.86.2 * xen-libs-debuginfo-4.16.7_10-150400.4.86.2 * xen-tools-debuginfo-4.16.7_10-150400.4.86.2 * xen-devel-4.16.7_10-150400.4.86.2 * xen-debugsource-4.16.7_10-150400.4.86.2 * xen-tools-domU-debuginfo-4.16.7_10-150400.4.86.2 * xen-libs-4.16.7_10-150400.4.86.2 * xen-tools-4.16.7_10-150400.4.86.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * xen-tools-xendomains-wait-disk-4.16.7_10-150400.4.86.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * xen-4.16.7_10-150400.4.86.2 * xen-tools-domU-4.16.7_10-150400.4.86.2 * xen-libs-debuginfo-4.16.7_10-150400.4.86.2 * xen-tools-debuginfo-4.16.7_10-150400.4.86.2 * xen-devel-4.16.7_10-150400.4.86.2 * xen-debugsource-4.16.7_10-150400.4.86.2 * xen-tools-domU-debuginfo-4.16.7_10-150400.4.86.2 * xen-libs-4.16.7_10-150400.4.86.2 * xen-tools-4.16.7_10-150400.4.86.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * xen-tools-xendomains-wait-disk-4.16.7_10-150400.4.86.2 * openSUSE Leap 15.4 (aarch64 x86_64) * xen-tools-debuginfo-4.16.7_10-150400.4.86.2 * xen-doc-html-4.16.7_10-150400.4.86.2 * xen-4.16.7_10-150400.4.86.2 *xen-tools-4.16.7_10-150400.4.86.2 * openSUSE Leap 15.4 (aarch64 i586 x86_64) * xen-tools-domU-4.16.7_10-150400.4.86.2 * xen-libs-debuginfo-4.16.7_10-150400.4.86.2 * xen-devel-4.16.7_10-150400.4.86.2 * xen-debugsource-4.16.7_10-150400.4.86.2 * xen-libs-4.16.7_10-150400.4.86.2 * xen-tools-domU-debuginfo-4.16.7_10-150400.4.86.2 * openSUSE Leap 15.4 (x86_64) * xen-libs-32bit-debuginfo-4.16.7_10-150400.4.86.2 * xen-libs-32bit-4.16.7_10-150400.4.86.2 * openSUSE Leap 15.4 (aarch64_ilp32) * xen-libs-64bit-4.16.7_10-150400.4.86.2 * xen-libs-64bit-debuginfo-4.16.7_10-150400.4.86.2 * openSUSE Leap 15.4 (noarch) * xen-tools-xendomains-wait-disk-4.16.7_10-150400.4.86.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * xen-libs-debuginfo-4.16.7_10-150400.4.86.2 * xen-debugsource-4.16.7_10-150400.4.86.2 * xen-libs-4.16.7_10-150400.4.86.2 * SUSE Linux Enterprise Micro 5.3 (x86_64) * xen-libs-debuginfo-4.16.7_10-150400.4.86.2 * xen-debugsource-4.16.7_10-150400.4.86.2 * xen-libs-4.16.7_10-150400.4.86.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * xen-libs-debuginfo-4.16.7_10-150400.4.86.2 * xen-debugsource-4.16.7_10-150400.4.86.2 * xen-libs-4.16.7_10-150400.4.86.2 * SUSE Linux Enterprise Micro 5.4 (x86_64) * xen-libs-debuginfo-4.16.7_10-150400.4.86.2 * xen-debugsource-4.16.7_10-150400.4.86.2 * xen-libs-4.16.7_10-150400.4.86.2 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * xen-4.16.7_10-150400.4.86.2 * xen-tools-domU-4.16.7_10-150400.4.86.2 * xen-libs-debuginfo-4.16.7_10-150400.4.86.2 * xen-tools-debuginfo-4.16.7_10-150400.4.86.2 * xen-devel-4.16.7_10-150400.4.86.2 * xen-debugsource-4.16.7_10-150400.4.86.2 * xen-tools-domU-debuginfo-4.16.7_10-150400.4.86.2 * xen-libs-4.16.7_10-150400.4.86.2 * xen-tools-4.16.7_10-150400.4.86.2 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * xen-tools-xendomains-wait-disk-4.16.7_10-150400.4.86.2 ## References: *https://www.suse.com/security/cve/CVE-2025-54518.html * https://www.suse.com/security/cve/CVE-2026-42487.html * https://www.suse.com/security/cve/CVE-2026-42488.html * https://www.suse.com/security/cve/CVE-2026-42489.html * https://www.suse.com/security/cve/CVE-2026-42490.html * https://bugzilla.suse.com/show_bug.cgi?id=1264066 * https://bugzilla.suse.com/show_bug.cgi?id=1266952 * https://bugzilla.suse.com/show_bug.cgi?id=1266953 * https://bugzilla.suse.com/show_bug.cgi?id=1266955 . Update mitigates five critical issues in SUSE for xen, focusing on security threats and important patches.. SUSE update,xen software,security patch,system vulnerabilities,SUSE security advisory. . Severity: Important. LinuxSecurity.com Team
Moderate: libpng15 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:28244", "synopsis": "Moderate: libpng15 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for libpng15.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng.\n\nSecurity Fix(es):\n\n* libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2451805", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805", "description": ""}], "cves": [{"name": "CVE-2026-33416", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}], "references": [], "publishedAt": "2026-06-24T12:03:26.635873Z", "rpms": {"Rocky Linux 9": {"nvras": ["libpng15-0:1.5.30-15.el9_8.1.aarch64.rpm", "libpng15-0:1.5.30-15.el9_8.1.i686.rpm", "libpng15-0:1.5.30-15.el9_8.1.ppc64le.rpm", "libpng15-0:1.5.30-15.el9_8.1.s390x.rpm", "libpng15-0:1.5.30-15.el9_8.1.src.rpm", "libpng15-0:1.5.30-15.el9_8.1.x86_64.rpm", "libpng15-debuginfo-0:1.5.30-15.el9_8.1.aarch64.rpm", "libpng15-debuginfo-0:1.5.30-15.el9_8.1.i686.rpm", "libpng15-debuginfo-0:1.5.30-15.el9_8.1.ppc64le.rpm", "libpng15-debuginfo-0:1.5.30-15.el9_8.1.s390x.rpm","libpng15-debuginfo-0:1.5.30-15.el9_8.1.x86_64.rpm", "libpng15-debugsource-0:1.5.30-15.el9_8.1.aarch64.rpm", "libpng15-debugsource-0:1.5.30-15.el9_8.1.i686.rpm", "libpng15-debugsource-0:1.5.30-15.el9_8.1.ppc64le.rpm", "libpng15-debugsource-0:1.5.30-15.el9_8.1.s390x.rpm", "libpng15-debugsource-0:1.5.30-15.el9_8.1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. A moderate security update for libpng15 on Rocky Linux addresses arbitrary code execution risk due to a use-after-free issue. Update advised.. libpng15 update, Rocky Linux security, use-after-free issue, update libpng, security advisory. . Severity: moderate. LinuxSecurity.com Team
Update to 0.031 #2477035 #2481131 fixes CVE-2026-8463. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-dafdad8fd3 2026-06-05 04:25:00.358941+00:00 -------------------------------------------------------------------------------- Name : perl-ExtUtils-Builder-Compiler Product : Fedora 44 Version : 0.036 Release : 1.fc44 URL : https://metacpan.org/dist/ExtUtils-Builder-Compiler Summary : Interface around different compilers Description : This is an interface wrapping around different compilers. It's usually not used directly but by a portability layer like ExtUtils::Builder::Autodetect::C. -------------------------------------------------------------------------------- Update Information: Update to 0.031 #2477035 #2481131 fixes CVE-2026-8463 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 22 2026 Charles R. Anderson 0.036-1 - Update to 0.036 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-dafdad8fd3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
The 7.0.6 stable kernel update contains a number of important fixes across the tree. It also contains a fix for the Fragnesia CVE-2026-46300. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-cccb681166 2026-05-14 00:41:12.640505+00:00 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 43 Version : 7.0.6 Release : 100.fc43 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package -------------------------------------------------------------------------------- Update Information: The 7.0.6 stable kernel update contains a number of important fixes across the tree. It also contains a fix for the Fragnesia CVE-2026-46300 -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2026 Justin M. Forbes [7.0.6-0] - net: skbuff: propagate shared-frag marker through pskb_copy() (Hyunwoo Kim) - net: skbuff: preserve shared-frag marker during coalescing (William Bowling) - Add BugsFixed for 7.0.7 (Justin M. Forbes) - ovl: fix verity lazy-load guard broken by fsverity_active() semantic change (Colin Walters) - Revert rxrpc dirtyfrag fix in favor of version which landed upstream (Justin M. Forbes) - Re-enable Intel MEI for Fedora x86 (Justin M. Forbes) - xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present (Hyunwoo Kim) - Linux v7.0.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2468594 - overlayfs+fsverity-require (composefs) broken in 7.x - just needs cherry pick https://bugzilla.redhat.com/show_bug.cgi?id=2468594 [ 2 ] Bug #2468995 - Regression: Intel MEI modules missing in kernel 7.0.4-200.fc44 causing i915 / Meteor Lake system freezes https://bugzilla.redhat.com/show_bug.cgi?id=2468995 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-cccb681166' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
CVE-2026-4897 aisle.com fix of unsanitized getline. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-1774635f74 2026-04-13 00:49:53.479885+00:00 -------------------------------------------------------------------------------- Name : polkit Product : Fedora 42 Version : 126 Release : 3.fc42.2 URL : https://github.com/polkit-org/polkit Summary : An authorization framework Description : polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. -------------------------------------------------------------------------------- Update Information: CVE-2026-4897 aisle.com fix of unsanitized getline -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 27 2026 Jan Rybar - 126-3.2 - CVE-2026-4897 aisle.com fix of unsanitized getline -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-1774635f74' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that solves one vulnerability can now be installed.. # pnpm-10.32.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10410-1 Rating: moderate Cross-References: * CVE-2026-24842 CVSS scores: * CVE-2026-24842 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-24842 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the pnpm-10.32.1-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * pnpm 10.32.1-1.1 * pnpm-bash-completion 10.32.1-1.1 * pnpm-fish-completion 10.32.1-1.1 * pnpm-zsh-completion 10.32.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24842.html . An update for openSUSE Tumbleweed to address a moderate security issue in pnpm 10.32.1-1.1 with CVE-2026-24842.. openSUSE pnpm security update CVE-2026-24842 moderate. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.