Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":100,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 9,991 articles for you...
219

Rocky Linux 8 PHP Important Security Fixes RLSA-2026-34354

Important: php:7.4 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:34354", "synopsis": "Important: php:7.4 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for module.libzip, php-pear, php-pecl-xdebug, libzip, module.php-pecl-xdebug, php-pecl-rrd, module.php-pecl-apcu, module.php-pecl-rrd, php-pecl-zip, module.php-pecl-zip, module.php-pear, php-pecl-apcu.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* php: php-soap: php-src: PHP SOAP extension: Remote Code Execution via use-after-free vulnerability (CVE-2026-6722)\n\n* PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions (CVE-2026-7258)\n\n* PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation (CVE-2026-6735)\n\n* PHP: PHP SoapServer: Memory corruption and information disclosure via incorrect persistence handling (CVE-2026-7261)\n\n* php: NULL pointer dereference in SOAP apache:Map decoder with missing (CVE-2026-7262)\n\n* php: signed integer overflow in metaphone() (CVE-2026-7568)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2468560", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468560", "description": ""}, {"ticket": "2468561", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468561", "description": ""}, {"ticket": "2468562", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468562", "description": ""}, {"ticket": "2468563","sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468563", "description": ""}, {"ticket": "2468565", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468565", "description": ""}, {"ticket": "2468566", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468566", "description": ""}], "cves": [{"name": "CVE-2026-6722", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6722", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "cvss3BaseScore": "7.7", "cwe": "CWE-825"}, {"name": "CVE-2026-6735", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6735", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss3BaseScore": "5.4", "cwe": "CWE-79"}, {"name": "CVE-2026-7258", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7258", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-839"}, {"name": "CVE-2026-7261", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7261", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss3BaseScore": "5.6", "cwe": "CWE-825"}, {"name": "CVE-2026-7262", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7262", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-476"}, {"name": "CVE-2026-7568", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7568", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-190"}], "references": [], "publishedAt": "2026-07-02T00:01:04.334825Z", "rpms": {"Rocky Linux 8": {"nvras": ["apcu-panel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.noarch.rpm","apcu-panel-0:5.1.18-1.module+el8.10.0+1912+72767185.noarch.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.src.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.src.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1604+6558efc7.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1912+72767185.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1605+02e07af7.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1605+02e07af7.src.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1912+72767185.src.rpm","php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm","php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm","php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important updates for PHP affecting Rocky Linux 8 include security fixes for remote code execution and denial of service issues.. PHP security updates, Rocky Linux security, Remote Code Execution, Denial of Service. . LinuxSecurity.com Team

Calendar%202 Jul 02, 2026 Rocky Linux
219

Rocky Linux 8 PHP Important Remote Code Exec DoS RLSA-2026-34354

Important: php:7.4 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:34354", "synopsis": "Important: php:7.4 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for module.libzip, php-pear, php-pecl-xdebug, libzip, module.php-pecl-xdebug, php-pecl-rrd, module.php-pecl-apcu, module.php-pecl-rrd, php-pecl-zip, module.php-pecl-zip, module.php-pear, php-pecl-apcu.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* php: php-soap: php-src: PHP SOAP extension: Remote Code Execution via use-after-free vulnerability (CVE-2026-6722)\n\n* PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions (CVE-2026-7258)\n\n* PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation (CVE-2026-6735)\n\n* PHP: PHP SoapServer: Memory corruption and information disclosure via incorrect persistence handling (CVE-2026-7261)\n\n* php: NULL pointer dereference in SOAP apache:Map decoder with missing (CVE-2026-7262)\n\n* php: signed integer overflow in metaphone() (CVE-2026-7568)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2468560", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468560", "description": ""}, {"ticket": "2468561", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468561", "description": ""}, {"ticket": "2468562", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468562", "description": ""}, {"ticket": "2468563","sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468563", "description": ""}, {"ticket": "2468565", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468565", "description": ""}, {"ticket": "2468566", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468566", "description": ""}], "cves": [{"name": "CVE-2026-6722", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6722", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "cvss3BaseScore": "7.7", "cwe": "CWE-825"}, {"name": "CVE-2026-6735", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6735", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss3BaseScore": "5.4", "cwe": "CWE-79"}, {"name": "CVE-2026-7258", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7258", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "5.9", "cwe": "CWE-839"}, {"name": "CVE-2026-7261", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7261", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss3BaseScore": "5.6", "cwe": "CWE-825"}, {"name": "CVE-2026-7262", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7262", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-476"}, {"name": "CVE-2026-7568", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7568", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-190"}], "references": [], "publishedAt": "2026-07-02T00:01:04.334825Z", "rpms": {"Rocky Linux 8": {"nvras": ["apcu-panel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.noarch.rpm","apcu-panel-0:5.1.18-1.module+el8.10.0+1912+72767185.noarch.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.src.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.src.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-debugsource-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-devel-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "libzip-tools-0:1.6.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1604+6558efc7.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1912+72767185.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1605+02e07af7.noarch.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1605+02e07af7.src.rpm", "php-pear-1:1.10.13-1.module+el8.10.0+1912+72767185.src.rpm","php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm","php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm", "php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.src.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.src.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-0:1.18.2-1.module+el8.10.0+1604+6558efc7.x86_64.rpm", "php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm","php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1604+6558efc7.aarch64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm", "php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Essential PHP security updates for Rocky Linux address critical vulnerabilities affecting systems. Ensure your installation is protected.. Rocky Linux PHP security update, critical PHP vulnerabilities, PHP remote code execution, server security advisory, PHP denial of service. . LinuxSecurity.com Team

Calendar%202 Jul 02, 2026 Rocky Linux
89

Fedora 43 Caddy Important Security Update 22 CVEs Advisory 2026-3dc324bd9a

Security update resolving 22 CVEs across both caddy itself and its vendored libraries.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3dc324bd9a 2026-07-02 01:07:29.332017+00:00 -------------------------------------------------------------------------------- Name : caddy Product : Fedora 43 Version : 2.10.2 Release : 9.fc43 URL : https://caddyserver.com Summary : Web server with automatic HTTPS Description : Caddy is an extensible server platform that uses TLS by default. -------------------------------------------------------------------------------- Update Information: Security update resolving 22 CVEs across both caddy itself and its vendored libraries. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 23 2026 Carl George - 2.10.2-9 - Port to new golang packaging guidelines - Backport upstream fix for CVE-2026-27585 - Backport upstream fix for CVE-2026-27586 - Backport upstream fix for CVE-2026-27587 - Backport upstream fix for CVE-2026-27588 - Backport upstream fix for CVE-2026-27589 - Backport upstream fix for CVE-2026-27590 - Backport upstream fix for CVE-2026-30851 - Backport upstream fix for CVE-2026-30852 - Update vendored github.com/quic-go/quic-go to v0.57.0 for CVE-2025-64702 - Update vendored golang.org/x/crypto to v0.52.0 for CVE-2025-47913, CVE-2026-39828, CVE-2026-39829, and CVE-2026-39830 - Update vendored github.com/smallstep/certificates to v0.30.0 for CVE-2025-44005 and CVE-2026-40097 - Update vendored github.com/go-chi/chi/v5 to v5.2.5 for CVE-2025-69725 - Update vendored github.com/yuin/goldmark/renderer/html to v1.7.17 for CVE-2026-5160 * Mon Feb 2 2026 Maxwell G - 2.10.2-5 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 * Fri Jan 16 2026 Fedora Release Engineering - 2.10.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering - 2.10.2-3 -Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Oct 10 2025 Alejandro Sáez - 2.10.2-2 - rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2488094 - CVE-2026-30851 caddy: Caddy: Privilege escalation via identity injection due to unstripped client headers [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488094 [ 2 ] Bug #2488095 - CVE-2026-30852 caddy: Caddy: Information disclosure via double-expansion of user-controlled input [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488095 [ 3 ] Bug #2488141 - CVE-2026-40097 caddy: Step CA: Denial of Service via crafted attestation key certificate [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488141 [ 4 ] Bug #2488502 - CVE-2026-27585 caddy: Caddy: Path security bypass due to unsanitized backslashes [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488502 [ 5 ] Bug #2488503 - CVE-2026-27586 caddy: Caddy: Authentication bypass via mTLS client certificate validation failure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488503 [ 6 ] Bug #2488514 - CVE-2026-27587 caddy: Caddy: Access control bypass due to improper handling of percent-escape sequences in HTTP path matcher [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488514 [ 7 ] Bug #2488516 - CVE-2026-27588 caddy: Caddy: Access control bypass due to case-sensitive host matching [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488516 [ 8 ] Bug #2488517 - CVE-2026-27589 caddy: Caddy: Unauthorized configuration modification via cross-origin requests to the admin API [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488517 [ 9 ] Bug #2488518 - CVE-2026-27590 caddy: Caddy: Remote Code Execution via FastCGI path confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488518 [ 10 ] Bug #2488572 - CVE-2025-47910 caddy: CrossOriginProtection bypass in net/http[fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2488572 [ 11 ] Bug #2488575 - CVE-2025-58185 caddy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2488575 [ 12 ] Bug #2488578 - CVE-2025-58188 caddy: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2488578 [ 13 ] Bug #2488580 - CVE-2025-58189 caddy: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2488580 [ 14 ] Bug #2488582 - CVE-2025-61723 caddy: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2488582 [ 15 ] Bug #2488661 - CVE-2025-64702 caddy: quic-go HTTP/3 QPACK Header Expansion DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488661 [ 16 ] Bug #2488663 - CVE-2025-47913 caddy: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488663 [ 17 ] Bug #2488665 - CVE-2025-44005 caddy: github.com/smallstep/certificates: Authorization bypass allows unauthorized certificate creation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488665 [ 18 ] Bug #2488666 - CVE-2025-69725 caddy: Go-chi/chi: Open Redirect vulnerability allows redirection to malicious websites [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488666 [ 19 ] Bug #2488667 - CVE-2026-5160 caddy: github.com/yuin/goldmark/renderer/html: Cross-site Scripting due to improper URL validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488667 [ 20 ] Bug #2489962 - CVE-2026-39828 caddy: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489962 [ 21 ] Bug #2490067 -CVE-2026-39829 caddy: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490067 [ 22 ] Bug #2490486 - CVE-2026-39830 caddy: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3dc324bd9a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 43 security advisory updating Caddy addressing 22 CVEs with critical risks including DoS and information leaks.. Fedora 43, security advisory, Caddy update, CVE patching, web server security. . LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 Fedora
89

Fedora 43 rclone Important Denial of Service Updates 2026-e1d1b349cd

Update to 1.74.3. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e1d1b349cd 2026-07-02 01:07:29.331996+00:00 -------------------------------------------------------------------------------- Name : rclone Product : Fedora 43 Version : 1.74.3 Release : 1.fc43 URL : https://github.com/rclone/rclone Summary : Rsync for cloud storage Description : "rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files. -------------------------------------------------------------------------------- Update Information: Update to 1.74.3 -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 6 2026 Packit - 1.74.3-1 - Update to 1.74.3 upstream release - Resolves: rhbz#2485621 * Sat May 23 2026 Packit - 1.74.2-1 - Update to 1.74.2 upstream release - Resolves: rhbz#2468412 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2486295 - CVE-2026-45287 rclone: OpenTelemetry-Go: Denial of Service due to file descriptor leak [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486295 [ 2 ] Bug #2489905 - CVE-2026-39828 rclone: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489905 [ 3 ] Bug #2490091 - CVE-2026-39829 rclone: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490091 [ 4 ] Bug #2490402 - CVE-2026-39830 rclone: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490402 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e1d1b349cd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fedora 43 advises on critical updates for rclone addressing security issues related to denial of service risks.. Fedora 43,rclone update,security fix,cloud storage,denial of service. . LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 Fedora
89

Fedora 43 opkssh Important Update CVE-2026-39828 CVE-2026-39830

Update bundled golang.org/x/crypto to 0.53.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-12d4cde449 2026-07-02 01:07:29.331951+00:00 -------------------------------------------------------------------------------- Name : opkssh Product : Fedora 43 Version : 0.14.0 Release : 3.fc43 URL : https://github.com/openpubkey/opkssh Summary : OpenPubkey SSH Description : OpenPubkey SSH is a tool which enables ssh to be used with OpenID Connect allowing SSH access to be managed via identities like This email address is being protected from spambots. You need JavaScript enabled to view it. instead of long-lived SSH keys. -------------------------------------------------------------------------------- Update Information: Update bundled golang.org/x/crypto to 0.53.0 -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 22 2026 Till Hofmann - 0.14.0-3 - Update bundled golang.org/x/crypto to 0.53.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2489950 - CVE-2026-39828 opkssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489950 [ 2 ] Bug #2490498 - CVE-2026-39830 opkssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490498 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-12d4cde449' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Learn about the Fedora 43 opkssh update fixing critical issues with denial of service risks and unauthorized commands.. OpenPubkey SSH, Fedora 43, security advisory, golang.org crypto, denial of service. . LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 Fedora
89

Fedora 44 ipp-usb Critical DoS Security Fix FEDORA-2026-00901a5e8f

0.9.34 - security fix for CVE-2026-27145. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-00901a5e8f 2026-07-02 01:05:29.984014+00:00 -------------------------------------------------------------------------------- Name : ipp-usb Product : Fedora 44 Version : 0.9.34 Release : 2.fc44 URL : https://github.com/OpenPrinting/ipp-usb Summary : HTTP reverse proxy, backed by IPP-over-USB connection to device Description : HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol. -------------------------------------------------------------------------------- Update Information: 0.9.34 - security fix for CVE-2026-27145 -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 30 2026 Zdenek Dohnal - 0.9.34-2 - ipp-usb-0.9.34 is available (fedora#2463247, fedora#2484207, fedora#2494316) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2484207 - CVE-2026-27145 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries https://bugzilla.redhat.com/show_bug.cgi?id=2484207 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-00901a5e8f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical security fix for ipp-usb in Fedora 44 to address denial of service via CVE-2026-27145. Immediate update advised.. ipp-usb security fix, fedora advisory, CVE-2026-27145. . LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 Fedora
89

Fedora 44 Caddy Critical Access Control and DoS Fix 2026-950cac64f2

Security update resolving 17 CVEs across both caddy itself and its vendored libraries.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-950cac64f2 2026-07-02 01:05:29.983957+00:00 -------------------------------------------------------------------------------- Name : caddy Product : Fedora 44 Version : 2.10.2 Release : 9.fc44 URL : https://caddyserver.com Summary : Web server with automatic HTTPS Description : Caddy is an extensible server platform that uses TLS by default. -------------------------------------------------------------------------------- Update Information: Security update resolving 17 CVEs across both caddy itself and its vendored libraries. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 23 2026 Carl George - 2.10.2-9 - Port to new golang packaging guidelines - Backport upstream fix for CVE-2026-27585 - Backport upstream fix for CVE-2026-27586 - Backport upstream fix for CVE-2026-27587 - Backport upstream fix for CVE-2026-27588 - Backport upstream fix for CVE-2026-27589 - Backport upstream fix for CVE-2026-27590 - Backport upstream fix for CVE-2026-30851 - Backport upstream fix for CVE-2026-30852 - Update vendored github.com/quic-go/quic-go to v0.57.0 for CVE-2025-64702 - Update vendored golang.org/x/crypto to v0.52.0 for CVE-2025-47913, CVE-2026-39828, CVE-2026-39829, and CVE-2026-39830 - Update vendored github.com/smallstep/certificates to v0.30.0 for CVE-2025-44005 and CVE-2026-40097 - Update vendored github.com/go-chi/chi/v5 to v5.2.5 for CVE-2025-69725 - Update vendored github.com/yuin/goldmark/renderer/html to v1.7.17 for CVE-2026-5160 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2488094 - CVE-2026-30851 caddy: Caddy: Privilege escalation via identity injection due to unstripped client headers [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488094 [ 2 ] Bug #2488095 - CVE-2026-30852 caddy: Caddy: Information disclosure via double-expansion of user-controlled input [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488095 [ 3 ] Bug #2488141 - CVE-2026-40097 caddy: Step CA: Denial of Service via crafted attestation key certificate [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488141 [ 4 ] Bug #2488502 - CVE-2026-27585 caddy: Caddy: Path security bypass due to unsanitized backslashes [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488502 [ 5 ] Bug #2488503 - CVE-2026-27586 caddy: Caddy: Authentication bypass via mTLS client certificate validation failure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488503 [ 6 ] Bug #2488514 - CVE-2026-27587 caddy: Caddy: Access control bypass due to improper handling of percent-escape sequences in HTTP path matcher [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488514 [ 7 ] Bug #2488516 - CVE-2026-27588 caddy: Caddy: Access control bypass due to case-sensitive host matching [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488516 [ 8 ] Bug #2488517 - CVE-2026-27589 caddy: Caddy: Unauthorized configuration modification via cross-origin requests to the admin API [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488517 [ 9 ] Bug #2488518 - CVE-2026-27590 caddy: Caddy: Remote Code Execution via FastCGI path confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488518 [ 10 ] Bug #2488661 - CVE-2025-64702 caddy: quic-go HTTP/3 QPACK Header Expansion DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488661 [ 11 ] Bug #2488663 - CVE-2025-47913 caddy: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488663 [ 12 ] Bug #2488665 - CVE-2025-44005 caddy:github.com/smallstep/certificates: Authorization bypass allows unauthorized certificate creation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488665 [ 13 ] Bug #2488666 - CVE-2025-69725 caddy: Go-chi/chi: Open Redirect vulnerability allows redirection to malicious websites [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488666 [ 14 ] Bug #2488667 - CVE-2026-5160 caddy: github.com/yuin/goldmark/renderer/html: Cross-site Scripting due to improper URL validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488667 [ 15 ] Bug #2489962 - CVE-2026-39828 caddy: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489962 [ 16 ] Bug #2490067 - CVE-2026-39829 caddy: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490067 [ 17 ] Bug #2490486 - CVE-2026-39830 caddy: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-950cac64f2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. FedoraCode of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . The latest Fedora security update for Caddy addresses 17 critical CVEs, ensuring enhanced security for users.. Caddy Security Update, Fedora 44, Critical CVEs, Server Security, Denial of Service Fix. . LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 Fedora
89

Fedora 44 Rclone Critical Denial of Service Issues 2026-6145ae14ca

Update to 1.74.3. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-6145ae14ca 2026-07-02 01:05:29.983954+00:00 -------------------------------------------------------------------------------- Name : rclone Product : Fedora 44 Version : 1.74.3 Release : 1.fc44 URL : https://github.com/rclone/rclone Summary : Rsync for cloud storage Description : "rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files. -------------------------------------------------------------------------------- Update Information: Update to 1.74.3 -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 6 2026 Packit - 1.74.3-1 - Update to 1.74.3 upstream release - Resolves: rhbz#2485621 * Sat May 23 2026 Packit - 1.74.2-1 - Update to 1.74.2 upstream release - Resolves: rhbz#2468412 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2486295 - CVE-2026-45287 rclone: OpenTelemetry-Go: Denial of Service due to file descriptor leak [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486295 [ 2 ] Bug #2489905 - CVE-2026-39828 rclone: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489905 [ 3 ] Bug #2490091 - CVE-2026-39829 rclone: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490091 [ 4 ] Bug #2490402 - CVE-2026-39830 rclone: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490402 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6145ae14ca' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update to rclone 1.74.3 addresses multiple critical issues, including denial of service vulnerabilities.. Fedora rclone update, cloud storage security, software advisory, application vulnerabilities. . LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":100,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Your message here