Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -6 articles for you...
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisoryimportantOpenSUSE

openSUSE cargo-auditable Important Stack Exhaustion Issue 2026-0505-1

An update that solves one vulnerability can now be installed.. # Security update for cargo-auditable Announcement ID: SUSE-SU-2026:0505-1 Release Date: 2026-02-13T14:32:06Z Rating: important References: * bsc#1257906 Cross-References: * CVE-2026-25727 CVSS scores: * CVE-2026-25727 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25727 ( NVD ): 6.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for cargo-auditable fixes the following issues: Update to version 0.7.2~0. Security issues fixed: * CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257906). Other updates and bugfixes: * Update to version 0.7.2~0: * mention cargo-dist in README * commit Cargo.lock * bump which dev-dependency to 8.0.0 * bump object to 0.37 * Upgrade cargo_metadata to 0.23 * Expand the set of dist platforms in config * Update to version 0.7.1~0: * Out out of unhelpful clippy lint * Satisfy clippy * Do not assume --crate-name and --out-dir are present in the rustc command, but show warnings if they aren't * Runapt-get update before trying to install packages * run `cargo dist init` on dist 0.30 * Drop allow-dirty from dist config, should no longer be needed * Reorder paragraphs in README * Note the maintenance transition for the go extraction library * Editing pass on the adopters: scanners * clarify Docker support * Cargo clippy fix * Add Wolfi OS and Chainguard to adopters * Update mentions around Anchore tooling * README and documentation updates for nightly * Bump dependency version in rust-audit-info * More work on docs * Nicer formatting on format revision documentation * Bump versions * regenerate JSON schema * cargo fmt * Document format field * Make it more clear that RawVersionInfo is private * Add format field to the serialized data * cargo clippy fix * Add special handling for proc macros to treat them as the build dependencies they are * Add a test to ensure proc macros are reported as build dependencies * Add a test fixture for a crate with a proc macro dependency * parse fully qualified package ID specs from SBOMs * select first discovered SBOM file * cargo sbom integration * Get rid of unmaintained wee_alloc in test code to make people's scanners misled by GHSA chill out * Don't fail plan workflow due to manually changed release.yml * Bump Ubuntu version to hopefully fix release.yml workflow * Add test for stripped binary * Bump version to 0.6.7 * Populate changelog * README.md: add auditable2cdx, more consistency in text * Placate clippy * Do not emit -Wl if a bare linker is in use * Get rid of a compiler warning * Add bare linker detection function * drop boilerplate from test that's no longer relevant * Add support for recovering rustc codegen options * More lenient parsing of rustc arguments * More descriptive error message in case rustc is killed abruptly * change formatting to fit rustfmt * More descriptive error message in case cargo is killed * Update REPLACING_CARGO.md to fix #195 * Clarifyosv-scanner support in README * Include the command required to view metadata * Mention wasm-tools support * Switch from broken generic cache action to a Rust-specific one * Fill in various fields in auditable2cdx Cargo.toml * Include osv-scanner in the list, with a caveat * Add link to blint repo to README * Mention that blint supports our data * Consolidate target definitions * Account for WASM test dependencies changing, commit the Cargo.lock so they would stop doing that * Migrate to a maintained toolchain action * Fix author specification * Add link to repository to resolverver Cargo.toml * Bump resolverver to 0.1.0 * Add resolverver crate to the tree * Update to version 0.6.6~0: * Note the `object` upgrade in the changelog * Upgrade cyclonedx-bom from 0.5 to 0.8 in auditable-cyclonedx * Upgrade object crate from 0.30 to 0.36 to reduce dependency footprint * Update dependencies in the lock file * Populate changelog * apply clippy lint * add another --emit parsing test * shorter code with cargo fmt * Actually fix cargo-c compatibility * Attempt to fix cargo-capi incompatibility * Refactoring in preparation for fixes * Also read the --emit flag to rustc * Fill in changelogs * Bump versions * Drop cfg'd out tests * Drop obsolete doc line * Move dependency cycle tests from auditable-serde to cargo-auditable crate * Remove cargo_metadata from auditable-serde API surface. * Apply clippy lint * Upgrade miniz_oxide to 0.8.0 * Insulate our semver from miniz_oxide semver * Add support for Rust 2024 edition * Update tests * More robust OS detection for riscv feature detection * bump version * update changelog for auditable-extract 0.3.5 * Fix wasm component auditable data extraction * Update blocker description in README.md * Add openSUSE to adopters * Update list of know adopters * Fix detection of `riscv64-linux-android` target features * Silence noisy lint * Bump version requirement in rust-audit-info * Fill inchangelogs * Bump semver of auditable-info * Drop obsolete comment now that wasm is enabled by default * Remove dependency on cargo-lock * Brag about adoption in the README * Don't use LTO for cargo-dist builds to make them consistent with `cargo install` etc * Also build musl binaries * dist: update dist config for future releases * dist(cargo-auditable): ignore auditable2cdx for now * chore: add cargo-dist ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-505=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-505=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-505=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-505=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-505=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-505=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-505=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-505=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * cargo-auditable-debuginfo-0.7.2~0-150500.12.6.1 * cargo-auditable-0.7.2~0-150500.12.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * cargo-auditable-debuginfo-0.7.2~0-150500.12.6.1 * cargo-auditable-0.7.2~0-150500.12.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * cargo-auditable-debuginfo-0.7.2~0-150500.12.6.1 *cargo-auditable-0.7.2~0-150500.12.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * cargo-auditable-debuginfo-0.7.2~0-150500.12.6.1 * cargo-auditable-0.7.2~0-150500.12.6.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * cargo-auditable-debuginfo-0.7.2~0-150500.12.6.1 * cargo-auditable-0.7.2~0-150500.12.6.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * cargo-auditable-debuginfo-0.7.2~0-150500.12.6.1 * cargo-auditable-0.7.2~0-150500.12.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * cargo-auditable-debuginfo-0.7.2~0-150500.12.6.1 * cargo-auditable-0.7.2~0-150500.12.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * cargo-auditable-debuginfo-0.7.2~0-150500.12.6.1 * cargo-auditable-0.7.2~0-150500.12.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25727.html * https://bugzilla.suse.com/show_bug.cgi?id=1257906 . An update for cargo-auditable on openSUSE addressing a critical security issue regarding stack exhaustion.. cargo-auditable update openSUSE security important. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Feb 13, 2026 Important OpenSUSE
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycritical issuesoftware update

Debian Bookworm: DSA-5780-1 critical: PHP 8.2 security issues detected

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in incorrect parsing of multipart/form-data, bypass of the cgi.force_direct directive or incorrect logging. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5780-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff October 02, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php8.2 CVE ID : CVE-2024-8925 CVE-2024-8926 CVE-2024-8927 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in incorrect parsing of multipart/form-data, bypass of the cgi.force_direct directive or incorrect logging. For the stable distribution (bookworm), these problems have been fixed in version 8.2.24-1~deb12u1. We recommend that you upgrade your php8.2 packages. For the detailed security status of php8.2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/php8.2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Various vulnerabilities identified in PHP might result in severe malfunctions. Update to php8.2 to guarantee system protection and reliability.. Debian Security Advisory, php8.2 Update, Data Parsing Issues, Software Security Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 02, 2024 Critical Debian
Banner 4 1028x280 1708121825 1771600306
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianinput validation

Debian: DSA-4190-1 Critical: Jackson-Databind Input Validation Issue

It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing because of an incomplete fix for CVE-2017-7525. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4190-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Sebastien Delafond May 03, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jackson-databind CVE ID : CVE-2018-7489 Debian Bug : 891614 It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing because of an incomplete fix for CVE-2017-7525. For the oldstable distribution (jessie), this problem has been fixed in version 2.4.2-2+deb8u4. For the stable distribution (stretch), this problem has been fixed in version 2.8.6-1+deb9u4. We recommend that you upgrade your jackson-databind packages. For the detailed security status of jackson-databind please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/jackson-databind Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Ubuntu Security Notice USN-2860-1 addresses the resolution for jackson-databind's input processing vulnerability.. jackson-databind, java library, json parsing. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 03, 2018 Critical Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here