Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 73 articles for you...
219

Rocky Linux emacs Moderate Command Execution Vulnerabilities RLSA-2023-7083

Moderate: emacs security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:7083", "synopsis": "Moderate: emacs security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for emacs.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es):\n\n* emacs: command execution via shell metacharacters (CVE-2022-48337)\n\n* emacs: command injection vulnerability in htmlfontify.el (CVE-2022-48339)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2171987", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2171987", "description": ""}, {"ticket": "2171989", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2171989", "description": ""}], "cves": [{"name": "CVE-2022-48337", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48337", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.3", "cwe": "CWE-77"}, {"name": "CVE-2022-48339", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48339", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-77"}], "references": [], "publishedAt": "2026-06-25T12:00:44.845974Z", "rpms": {"RockyLinux 8": {"nvras": ["emacs-1:26.1-11.el8.aarch64.rpm", "emacs-1:26.1-11.el8.src.rpm", "emacs-1:26.1-11.el8.x86_64.rpm", "emacs-common-1:26.1-11.el8.aarch64.rpm", "emacs-common-1:26.1-11.el8.x86_64.rpm", "emacs-common-debuginfo-1:26.1-11.el8.aarch64.rpm", "emacs-debuginfo-1:26.1-11.el8.aarch64.rpm", "emacs-debugsource-1:26.1-11.el8.aarch64.rpm", "emacs-filesystem-1:26.1-11.el8.noarch.rpm", "emacs-lucid-1:26.1-11.el8.aarch64.rpm", "emacs-lucid-1:26.1-11.el8.x86_64.rpm", "emacs-lucid-debuginfo-1:26.1-11.el8.aarch64.rpm", "emacs-nox-1:26.1-11.el8.aarch64.rpm", "emacs-nox-1:26.1-11.el8.x86_64.rpm", "emacs-nox-debuginfo-1:26.1-11.el8.aarch64.rpm", "emacs-terminal-1:26.1-11.el8.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Explore the critical security updates for emacs on Rocky Linux affecting command execution and injection vulnerabilities.. Rocky Linux emacs update, command injection vulnerability, command execution fix. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jun 25, 2026 moderate Rocky Linux
203

Mageia 9 Emacs Critical Memory Corruption Vulnern CVE-2026-6861

Security update. Publication date: 16 Jun 2026 URL: https://advisories.mageia.org/MGASA-2026-0213.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-6861 Description: Memory corruption vulnerability when processing svg css. (CVE-2026-6861) References: - https://bugs.mageia.org/show_bug.cgi?id=35444 - https://lists.opensuse.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/FVUC2CPLVVKZQ7WKCK25ML7H6WGQDCO7/ - https://bugzilla.redhat.com/show_bug.cgi?id=2459992 - https://debbugs.gnu.org/80851 - https://www.cve.org/CVERecord?id=CVE-2026-6861 SRPMS: - 9/core/emacs-29.4-1.4.mga9 . Critical security update for Mageia addressing a memory corruption issue in emacs, impacting release 9.. Mageia security update, emacs memory issue, CVE-2026-6861 advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 16, 2026 Critical Mageia
202

openSUSE Leap 16.0 Emacs Moderate Memory Corruption CVE-2026-6861 20759-1

An update that solves one vulnerability and has 2 bug fixes can now be installed.. openSUSE security update: security update for emacs ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20759-1 Rating: moderate References: * bsc#1262007 * bsc#1262611 Cross-References: * CVE-2026-6861 CVSS scores: * CVE-2026-6861 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2026-6861 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has 2 bug fixes can now be installed. Description: This update for emacs fixes the following issue: - CVE-2026-6861: memory corruption when processing specially crafted SVG CSS data (bsc#1262611). - Build with tree-sitter-0.26.8 security update (bsc#1262007). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-755=1 Package List: - openSUSE Leap 16.0: emacs-30.2-160000.2.1 emacs-el-30.2-160000.2.1 emacs-eln-30.2-160000.2.1 emacs-games-30.2-160000.2.1 emacs-info-30.2-160000.2.1 emacs-nox-30.2-160000.2.1 emacs-x11-30.2-160000.2.1 etags-30.2-160000.2.1 References: * https://www.suse.com/security/cve/CVE-2026-6861.html . Critical memory corruption in Emacs resolved with moderate update ensuring system stability on openSUSE Leap 16.0.. Emacs Security Update, openSUSE Leap, Memory Corruption Fix, Software Patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 19, 2026 Important OpenSUSE
89

Fedora 44 Emacs Important Memory Corruption CVE-2026-6861 Advisory

Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-49b8ca7981 2026-05-01 03:11:02.715739+00:00 -------------------------------------------------------------------------------- Name : emacs Product : Fedora 44 Version : 30.2 Release : 23.fc44 URL : https://www.gnu.org/software/emacs/ Summary : GNU Emacs text editor Description : GNU Emacs is a powerful, customizable, self-documenting, modeless text editor. It contains special code editing features, a scripting language (elisp), and the capability to read mail, news, and more without leaving the editor. -------------------------------------------------------------------------------- Update Information: Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2026 Peter Oliver - 1:30.2-23 - Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS. * Tue Mar 31 2026 Peter Oliver - 1:30.2-22 - Fix bad backport of Tree-sitter 0.26 compatibility patch. * Mon Mar 30 2026 Andreas Schneider - 1:30.2-21 - Rebuild against tree-sitter-0.26.7-2.fc45 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2460586 - CVE-2026-6861 emacs: Emacs: Memory corruption vulnerability when processing SVG CSS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2460586 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-49b8ca7981' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with theFedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fix for Emacs in Fedora 44 addressing memory corruption due to SVG CSS vulnerabilities before they can be exploited.. Fedora updates, Emacs vulnerability, memory corruption, software security, software patching. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 01, 2026 Important Fedora
89

Fedora 43 emacs Important Memory Corruption Fix CVE-2026-6861

Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-290753da75 2026-05-01 03:01:50.286544+00:00 -------------------------------------------------------------------------------- Name : emacs Product : Fedora 43 Version : 30.2 Release : 7.fc43 URL : https://www.gnu.org/software/emacs/ Summary : GNU Emacs text editor Description : GNU Emacs is a powerful, customizable, self-documenting, modeless text editor. It contains special code editing features, a scripting language (elisp), and the capability to read mail, news, and more without leaving the editor. -------------------------------------------------------------------------------- Update Information: Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2026 Peter Oliver - 1:30.2-7 - Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2460585 - CVE-2026-6861 emacs: Emacs: Memory corruption vulnerability when processing SVG CSS [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2460585 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-290753da75' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Patch for memory corruption issue in Emacs on Fedora 43. Update to enhance application security against CVE-2026-6861.. Emacs Update CVE-2026-6861 Fedora Security. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 01, 2026 Important Fedora
89

Fedora 42 Emacs Important Memory Corruption Fix CVE-2026-6861 Advisory

Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-52dad6273a 2026-05-01 01:22:47.586700+00:00 -------------------------------------------------------------------------------- Name : emacs Product : Fedora 42 Version : 30.2 Release : 2.fc42 URL : https://www.gnu.org/software/emacs/ Summary : GNU Emacs text editor Description : GNU Emacs is a powerful, customizable, self-documenting, modeless text editor. It contains special code editing features, a scripting language (elisp), and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for Wayland, using the GTK toolkit. -------------------------------------------------------------------------------- Update Information: Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2026 Peter Oliver - 1:30.2-2 - Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2460584 - CVE-2026-6861 emacs: Emacs: Memory corruption vulnerability when processing SVG CSS [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2460584 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-52dad6273a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fix critical memory corruption issue in Emacs processing SVG CSS on Fedora 42 with this latest advisory update.. Fedora 42, Emacs, Memory Corruption, Update Advisory, SVG CSS. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 01, 2026 Important Fedora
202

openSUSE Tumbleweed emacs-30.2 Moderate Level Threat CVE-2026-6861

An update that solves one vulnerability can now be installed.. # emacs-30.2-8.1 on GA media Announcement ID: openSUSE-SU-2026:10619-1 Rating: moderate Cross-References: * CVE-2026-6861 CVSS scores: * CVE-2026-6861 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2026-6861 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the emacs-30.2-8.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * emacs 30.2-8.1 * emacs-el 30.2-8.1 * emacs-eln 30.2-8.1 * emacs-games 30.2-8.1 * emacs-info 30.2-8.1 * emacs-nox 30.2-8.1 * emacs-x11 30.2-8.1 * etags 30.2-8.1 ## References: * https://www.suse.com/security/cve/CVE-2026-6861.html . An update for emacs-30.2-8.1 on openSUSE addressing moderate severity issue CVE-2026-6861.. openSUSE update emacs security. . LinuxSecurity.com Team

Calendar%202 Apr 27, 2026 OpenSUSE
172

Ubuntu 24.04 LTS Emacs Moderately Unsafe Code Execution Flaw USN-8011-1

Several security issues were fixed in Emacs.. ========================================================================== Ubuntu Security Notice USN-8011-1 February 04, 2026 emacs vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Emacs. Software Description: - emacs: An extensible, customizable, free/libre text editor \u2014 and more. Details: It was discovered that Emacs could trigger unsafe Lisp macro expansion, when a user invoked elisp-completion-at-point on untrusted Emacs Lisp source code. An attacker could possibly use this issue to execute arbitrary code. (CVE-2024-53920) It was discovered that Emacs did not properly sanitize input when handling certain URI schemes. An attacker could possibly use this issue to execute arbitrary shell commands by tricking a user into opening a specially crafted URL. (CVE-2025-1244) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS emacs 1:29.3+1-1ubuntu2+esm3 Available with Ubuntu Pro emacs-bin-common 1:29.3+1-1ubuntu2+esm3 Available with Ubuntu Pro emacs-common 1:29.3+1-1ubuntu2+esm3 Available with Ubuntu Pro emacs-el 1:29.3+1-1ubuntu2+esm3 Available with Ubuntu Pro emacs-gtk 1:29.3+1-1ubuntu2+esm3 Available with Ubuntu Pro emacs-lucid 1:29.3+1-1ubuntu2+esm3 Available with Ubuntu Pro emacs-nox 1:29.3+1-1ubuntu2+esm3 Available with Ubuntu Pro emacs-pgtk 1:29.3+1-1ubuntu2+esm3 Available with Ubuntu Pro Ubuntu 22.04 LTS emacs 1:27.1+1-3ubuntu5.2+esm1 Available with Ubuntu Pro emacs-bin-common 1:27.1+1-3ubuntu5.2+esm1 Available with Ubuntu Pro emacs-common 1:27.1+1-3ubuntu5.2+esm1 Available with Ubuntu Pro emacs-el 1:27.1+1-3ubuntu5.2+esm1 Available with Ubuntu Pro emacs-gtk 1:27.1+1-3ubuntu5.2+esm1 Available with Ubuntu Pro emacs-lucid 1:27.1+1-3ubuntu5.2+esm1 Available with Ubuntu Pro emacs-nox 1:27.1+1-3ubuntu5.2+esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS emacs 1:26.3+1-1ubuntu2+esm2 Available with Ubuntu Pro emacs-bin-common 1:26.3+1-1ubuntu2+esm2 Available with Ubuntu Pro emacs-common 1:26.3+1-1ubuntu2+esm2 Available with Ubuntu Pro emacs-el 1:26.3+1-1ubuntu2+esm2 Available with Ubuntu Pro emacs-gtk 1:26.3+1-1ubuntu2+esm2 Available with Ubuntu Pro emacs-lucid 1:26.3+1-1ubuntu2+esm2 Available with Ubuntu Pro emacs-nox 1:26.3+1-1ubuntu2+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8011-1 CVE-2024-53920, CVE-2025-1244 . Multiple security issues were resolved in Emacs, affecting several Ubuntu distributions with potentialarbitrary code execution risks.. Emacs security, arbitrary code execution, Ubuntu updates, Emacs vulnerabilities, Ubuntu security fixes. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 04, 2026 Important Ubuntu
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200