Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
100
security advisorySuSEremote executionSUSE 2026 rubygem-bundler Important Remote Execution Threat 1355-1
An update that solves two vulnerabilities can now be installed.. # Security update for rubygem-bundler Announcement ID: SUSE-SU-2026:1355-1 Release Date: 2026-04-15T13:37:50Z Rating: important References: * bsc#1185842 * bsc#1193578 Cross-References: * CVE-2020-36327 * CVE-2021-43809 CVSS scores: * CVE-2020-36327 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2020-36327 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2021-43809 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2021-43809 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2021-43809 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for rubygem-bundler fixes the following issues: Updated to version 2.2.34. * CVE-2020-36327: Bundler chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen (bsc#1185842) * CVE-2021-43809: rubygem-bundler: remote execution via Gemfile argument injection (bsc#1193578) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1355=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-bundler-2.2.34-150700.21.3.1 ## References: * https://www.suse.com/security/cve/CVE-2020-36327.html * https://www.suse.com/security/cve/CVE-2021-43809.html *https://bugzilla.suse.com/show_bug.cgi?id=1185842 * https://bugzilla.suse.com/show_bug.cgi?id=1193578 . Update for rubygem-bundler addresses critical issues, ensuring enhanced security through important fixes for two vulnerabilities.. rubygem-bundler update, SUSE security advisory, important rubygem vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Apr 15, 2026
•Important
SuSE
89
security advisoryfedoraimportantUbuntu 23: golang-github-google-wire Critical Patch CVE-2025-47906
Rebuilt for CVE-2025-47906. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-f8e5522ee0 2026-01-01 01:07:37.402506+00:00 -------------------------------------------------------------------------------- Name : golang-github-google-wire Product : Fedora 42 Version : 0.6.0 Release : 14.fc42 URL : https://github.com/google/wire Summary : Compile-time Dependency Injection for Go Description : Wire is a code generation tool that automates connecting components using dependency injection. Dependencies between components are represented in Wire as function parameters, encouraging explicit initialization instead of global variables. Because Wire operates without runtime state or reflection, code written to be used with Wire is useful even for hand-written initialization. -------------------------------------------------------------------------------- Update Information: Rebuilt for CVE-2025-47906 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2025 W. Michael Petullo - 0.6.0-14 - Rebuilt for CVE-2025-47906 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2399416 - CVE-2025-47906 golang-github-google-wire: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399416 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-f8e5522ee0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jan 01, 2026
•Important
Fedora
89
security advisorycriticalFedoraFedora 36: FEDORA-2022-ea8f4e232d Critical: Golang Multiple Threats
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-ea8f4e232d 2022-07-30 01:52:05.591840 --------------------------------------------------------------------------------Name : golang-github-google-wire Product : Fedora 36 Version : 0.5.0 Release : 4.fc36 URL : https://github.com/google/wire Summary : Compile-time Dependency Injection for Go Description : Wire is a code generation tool that automates connecting components using dependency injection. Dependencies between components are represented in Wire as function parameters, encouraging explicit initialization instead of global variables. Because Wire operates without runtime state or reflection, code written to be used with Wire is useful even for hand-written initialization. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G - 0.5.0-4 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-ea8f4e232d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key.More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 29, 2022
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!