Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 184 articles for you...
89

Fedora 44 python-django5 Low Threat CVE Updates 2026-595d35a4d1

Update python-django5 to version 5.2.16 Fixes three low-severity CVEs CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response CVE-2026-53877: Heap buffer over-read in GDALRaster. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-595d35a4d1 2026-07-18 00:26:14.273091+00:00 -------------------------------------------------------------------------------- Name : python-django5 Product : Fedora 44 Version : 5.2.16 Release : 1.fc44 URL : https://www.djangoproject.com/ Summary : A high-level Python Web framework Description : Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. -------------------------------------------------------------------------------- Update Information: Update python-django5 to version 5.2.16 Fixes three low-severity CVEs CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response CVE-2026-53877: Heap buffer over-read in GDALRaster CVE-2026-53878: Header injection possibility since DomainNameValidator accepted newlines in input -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 16 2026 Michel Lind - 5.2.16-1 - Update to version 5.2.16; Resolves RHBZ#2497734 - Fixes three low-severity CVEs - CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response - CVE-2026-53877: Heap buffer over-read in GDALRaster - CVE-2026-53878: Header injection possibility since DomainNameValidator accepted newlines in input * Thu Jul 16 2026 Fedora Release Engineering - 5.2.15-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_45_Mass_Rebuild * Fri Jun 19 2026 Miro Hrončok - 5.2.15-5 - Heavily reduce the list of skipped tests * Sat Jun 6 2026 Michel Lind - 5.2.15-4 - Remove dump of disabled tests from the end of thespec * Sat Jun 6 2026 Michel Lind - 5.2.15-3 - Disable failing tests on Python 3.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2497734 - python-django5-5.2.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=2497734 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-595d35a4d1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Upgrade python-django5 to version 5.2.16 to fix low-severity issues with potential data exposure and buffer over-read.. Fedora security patch, python-django5 update, data protection Linux, buffer over-read issue, web framework vulnerabilities. . Severity: Low. LinuxSecurity.com Team

Calendar%202 Jul 17, 2026 Low Fedora
202

openSUSE python-Django Medium Heap Information Exposure Patch 2026-2819-1

An update that solves two vulnerabilities can now be installed.. # Security update for python-Django Announcement ID: SUSE-SU-2026:2819-1 Release Date: 2026-07-09T17:12:22Z Rating: moderate References: * bsc#1271029 * bsc#1271030 Cross-References: * CVE-2026-48588 * CVE-2026-53877 CVSS scores: * CVE-2026-48588 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-48588 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-48588 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-48588 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-53877 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-53877 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-53877 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-Django fixes the following issues: * CVE-2026-48588: potential exposure of private data via cached `Set-Cookie` response (bsc#1271029). * CVE-2026-53877: information disclosure via 32-byte heap buffer overread in `GDALRaster` (bsc#1271030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patchSUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2819=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2819=1 ## Package List: * SUSE Package Hub 15 15-SP7 (noarch) * python311-Django-4.2.11-150600.3.62.1 * openSUSE Leap 15.6 (noarch) * python311-Django-4.2.11-150600.3.62.1 ## References: * https://www.suse.com/security/cve/CVE-2026-48588.html * https://www.suse.com/security/cve/CVE-2026-53877.html * https://bugzilla.suse.com/show_bug.cgi?id=1271029 * https://bugzilla.suse.com/show_bug.cgi?id=1271030 . This security update for python-Django addresses two critical issues including potential data exposure and information disclosure.. python django updates, opensuse security, data exposure fix, security patch. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 10, 2026 moderate OpenSUSE
172

Ubuntu 25.10 AMD Microcode Critical Data Exposure Vulnerability USN-8475-1

Several security issues were fixed in AMD Microcode.. ========================================================================== Ubuntu Security Notice USN-8475-1 June 25, 2026 amd64-microcode vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS Summary: Several security issues were fixed in AMD Microcode. Software Description: - amd64-microcode: Platform firmware and microcode for AMD CPUs and SoCs Details: Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) It was discovered that some AMD Zen 5 processors supporting RDSEED instruction did not properly handle entropy, potentially resulting in the consumption of insufficiently random values. A local attacker could possibly use this issue to influence the values returned by the RDSEED instruction causing loss of confidentiality and integrity. (CVE-2025-62626) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 amd64-microcode 3.20251202.1ubuntu0.25.10.1 Ubuntu 24.04 LTS amd64-microcode 3.20251202.1ubuntu0.24.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: For the most comprehensive protection, users should update their system BIOS/UEFI to the latest version provided by their hardware vendor. If the BIOS has not been updated, this microcode update will apply the latest available mitigations that can be delivered via the operating system. For more information, pleasesee: https://ubuntu.com/security/vulnerabilities/entrysign References: https://ubuntu.com/security/notices/USN-8475-1 CVE-2024-36350, CVE-2024-36357, CVE-2025-62626 Package Information: https://launchpad.net/ubuntu/+source/amd64-microcode/3.20251202.1ubuntu0.25.10.1 https://launchpad.net/ubuntu/+source/amd64-microcode/3.20251202.1ubuntu0.24.04.1 . Update your Ubuntu systems to patch critical AMD Microcode vulnerabilities leading to data leaks and integrity issues.. Ubuntu Security Update, AMD Microcode, Confidentiality Loss. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 25, 2026 Important Ubuntu
89

Fedora 43 python-django5 Low Threat Data Exposure Fixes 2026-f140cb16b6

Fixes five low-severity CVEs CVE-2026-6873: Signed cookie salt namespace collision CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend CVE-2026-8404: Potential exposure of private data via case-sensitive Cache-. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f140cb16b6 2026-06-15 01:10:25.755889+00:00 -------------------------------------------------------------------------------- Name : python-django5 Product : Fedora 43 Version : 5.2.15 Release : 1.fc43 URL : https://www.djangoproject.com/ Summary : A high-level Python Web framework Description : Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. -------------------------------------------------------------------------------- Update Information: Fixes five low-severity CVEs CVE-2026-6873: Signed cookie salt namespace collision CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend CVE-2026-8404: Potential exposure of private data via case-sensitive Cache- Control directives CVE-2026-35193: Potential exposure of private data via missing Vary: Authorization CVE-2026-48587: Potential exposure of private data via whitespace padding in Vary header -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 5 2026 Michel Lind - 5.2.15-1 - Update to version 5.2.15; Resolves RHBZ#2484354 - Fixes five low-severity CVEs - CVE-2026-6873: Signed cookie salt namespace collision - CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend - CVE-2026-8404: Potential exposure of private data via case-sensitive Cache-Control directives - CVE-2026-35193: Potential exposure of private data via missing Vary: Authorization - CVE-2026-48587: Potential exposure of private data via whitespace padding in Vary header * Fri Jun 5 2026 Python Maint - 5.2.14-3 - Rebuilt for Python 3.15 * Thu Jun 4 2026 Python Maint - 5.2.14-2 - Bootstrap for Python 3.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2484354 - python-django5-5.2.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=2484354 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f140cb16b6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fedora 43 patch resolves low-severity issues in python-django5, enhancing security and data protection.. Fedora 43, python-django5, low severity fixes, data exposure. . Severity: Low. LinuxSecurity.com Team

Calendar%202 Jun 14, 2026 Low Fedora
89

Fedora 44 python-django5 Low Risk Issues Resolved Advisory 2026-e4146022ce

Fixes five low-severity CVEs CVE-2026-6873: Signed cookie salt namespace collision CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend CVE-2026-8404: Potential exposure of private data via case-sensitive Cache-. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e4146022ce 2026-06-15 00:48:35.285131+00:00 -------------------------------------------------------------------------------- Name : python-django5 Product : Fedora 44 Version : 5.2.15 Release : 1.fc44 URL : https://www.djangoproject.com/ Summary : A high-level Python Web framework Description : Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. -------------------------------------------------------------------------------- Update Information: Fixes five low-severity CVEs CVE-2026-6873: Signed cookie salt namespace collision CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend CVE-2026-8404: Potential exposure of private data via case-sensitive Cache- Control directives CVE-2026-35193: Potential exposure of private data via missing Vary: Authorization CVE-2026-48587: Potential exposure of private data via whitespace padding in Vary header -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 5 2026 Michel Lind - 5.2.15-1 - Update to version 5.2.15; Resolves RHBZ#2484354 - Fixes five low-severity CVEs - CVE-2026-6873: Signed cookie salt namespace collision - CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend - CVE-2026-8404: Potential exposure of private data via case-sensitive Cache-Control directives - CVE-2026-35193: Potential exposure of private data via missing Vary: Authorization - CVE-2026-48587: Potential exposure of private data via whitespace padding in Vary header * Fri Jun 5 2026 Python Maint - 5.2.14-3 - Rebuilt for Python 3.15 * Thu Jun 4 2026 Python Maint - 5.2.14-2 - Bootstrap for Python 3.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2484354 - python-django5-5.2.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=2484354 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e4146022ce' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Five low-severity issues fixed in python-django5 for Fedora 44; includes unencrypted email transmission risks.. Fedora 44 security advisory, Python Django security, Low-severity CVEs, Django web framework, Update python-django5. . Severity: Low. LinuxSecurity.com Team

Calendar%202 Jun 14, 2026 Low Fedora
202

openSUSE 16.0 Python-Django Important Data Exposure Bugs Vul 2026-20937-1

An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed.. openSUSE security update: security update for python-django ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20937-1 Rating: important References: * bsc#1267576 * bsc#1267577 * bsc#1267578 * bsc#1267579 * bsc#1267580 Cross-References: * CVE-2026-35193 * CVE-2026-48587 * CVE-2026-6873 * CVE-2026-7666 * CVE-2026-8404 CVSS scores: * CVE-2026-35193 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-35193 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-48587 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-48587 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6873 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6873 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-7666 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-7666 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-8404 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-8404 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed. Description: This update for python-Django fixes the following issues: Changes in python-Django: - CVE-2026-6873: Signed cookie salt namespace collision (bsc#1267578) - CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend (bsc#1267579) - CVE-2026-8404: Potential exposure of private data via case-sensitive Cache-Control directives (bsc#1267580) - CVE-2026-35193: Potential exposure of private data via missing Vary: Authorization (bsc#1267576) -CVE-2026-48587: Potential exposure of private data via whitespace padding in Vary header (bsc#1267577) Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-305=1 Package List: - openSUSE Leap 16.0: python313-Django-5.2.4-bp160.9.1 References: * https://www.suse.com/security/cve/CVE-2026-35193.html * https://www.suse.com/security/cve/CVE-2026-48587.html * https://www.suse.com/security/cve/CVE-2026-6873.html * https://www.suse.com/security/cve/CVE-2026-7666.html * https://www.suse.com/security/cve/CVE-2026-8404.html . This update addresses five vulnerabilities in python-Django with important fixes for potential data exposure and email security.. openSUSE python-Django update important vulnerabilities data exposure. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 12, 2026 Important OpenSUSE
89

Fedora 44 vaultwarden-web Update 2026.4.1 Addresses Critical Access Issues

update to 2026.4.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-111cf6d28f 2026-06-12 00:58:37.608012+00:00 -------------------------------------------------------------------------------- Name : vaultwarden-web Product : Fedora 44 Version : 2026.4.1 Release : 1.fc44 URL : https://github.com/dani-garcia/bw_web_builds Summary : Web vault for vaultwarden Description : Web vault for vaultwarden. -------------------------------------------------------------------------------- Update Information: update to 2026.4.1 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 3 2026 Jonathan Wright - 2026.4.1-1 - update to 2026.4.1 rhbz#2387335 - Fixes CVE-2026-27803 Unauthorized collection management operations due to improper access control - Fixes CVE-2026-27801 Two-factor authentication bypass allows unauthorized access and data deletion - Fixes CVE-2026-27802 Privilege Escalation via Unauthorized Bulk Permission Update - Fixes CVE-2026-27898 Information disclosure via API partial update -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-111cf6d28f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical updates to Fedora 44 vaultwarden-web enhance security and accessibility with crucial fixes and improvements.. Fedora 44 updates, vaultwarden-web security, unauthorized access fixes, data exposure vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 11, 2026 Important Fedora
100

openSUSE Python-Django Important Data Exposure Vuln 2026-2318-1

An update that solves five vulnerabilities can now be installed.. # Security update for python-Django Announcement ID: SUSE-SU-2026:2318-1 Release Date: 2026-06-09T13:22:05Z Rating: important References: * bsc#1267576 * bsc#1267577 * bsc#1267578 * bsc#1267579 * bsc#1267580 Cross-References: * CVE-2026-35193 * CVE-2026-48587 * CVE-2026-6873 * CVE-2026-7666 * CVE-2026-8404 CVSS scores: * CVE-2026-35193 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-35193 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-35193 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-35193 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-48587 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-48587 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-48587 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-48587 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-48587 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6873 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-6873 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6873 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6873 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6873 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-7666 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-7666 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-7666 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-7666 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-8404 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-8404 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-8404 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-8404 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-8404 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for python-Django fixes the following issues * CVE-2026-6873: signed cookie salt namespace collision in `django.http.HttpRequest.get_signed_cookie` (bsc#1267578). * CVE-2026-7666: potential unencrypted email transmission via `STARTTLS` in the SMTP backend (bsc#1267579). * CVE-2026-8404: potential exposure of private data via case-sensitive `Cache- Control` directives in `UpdateCacheMiddleware` (bsc#1267580). * CVE-2026-35193: potential exposure of private data via missing `Vary: Authorization` in `UpdateCacheMiddleware` (bsc#1267576). * CVE-2026-48587: potential exposure of private data via whitespace padding in `Vary` header (bsc#1267577). ## Patch Instructions: Toinstall this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2318=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2318=1 ## Package List: * openSUSE Leap 15.6 (noarch) * python311-Django-4.2.11-150600.3.59.1 * SUSE Package Hub 15 15-SP7 (noarch) * python311-Django-4.2.11-150600.3.59.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35193.html * https://www.suse.com/security/cve/CVE-2026-48587.html * https://www.suse.com/security/cve/CVE-2026-6873.html * https://www.suse.com/security/cve/CVE-2026-7666.html * https://www.suse.com/security/cve/CVE-2026-8404.html * https://bugzilla.suse.com/show_bug.cgi?id=1267576 * https://bugzilla.suse.com/show_bug.cgi?id=1267577 * https://bugzilla.suse.com/show_bug.cgi?id=1267578 * https://bugzilla.suse.com/show_bug.cgi?id=1267579 * https://bugzilla.suse.com/show_bug.cgi?id=1267580 . A critical security update for python-Django addresses five important vulnerabilities in openSUSE systems.. openSUSE security update python-Django vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 10, 2026 Important SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200