Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 515
Alerts This Week
Warning Icon 1 515

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 119 articles for you...
89

Fedora 43 python-django5 Low Threat Data Exposure Fixes 2026-f140cb16b6

Fixes five low-severity CVEs CVE-2026-6873: Signed cookie salt namespace collision CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend CVE-2026-8404: Potential exposure of private data via case-sensitive Cache-. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f140cb16b6 2026-06-15 01:10:25.755889+00:00 -------------------------------------------------------------------------------- Name : python-django5 Product : Fedora 43 Version : 5.2.15 Release : 1.fc43 URL : https://www.djangoproject.com/ Summary : A high-level Python Web framework Description : Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. -------------------------------------------------------------------------------- Update Information: Fixes five low-severity CVEs CVE-2026-6873: Signed cookie salt namespace collision CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend CVE-2026-8404: Potential exposure of private data via case-sensitive Cache- Control directives CVE-2026-35193: Potential exposure of private data via missing Vary: Authorization CVE-2026-48587: Potential exposure of private data via whitespace padding in Vary header -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 5 2026 Michel Lind - 5.2.15-1 - Update to version 5.2.15; Resolves RHBZ#2484354 - Fixes five low-severity CVEs - CVE-2026-6873: Signed cookie salt namespace collision - CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend - CVE-2026-8404: Potential exposure of private data via case-sensitive Cache-Control directives - CVE-2026-35193: Potential exposure of private data via missing Vary: Authorization - CVE-2026-48587: Potential exposure of private data via whitespace padding in Vary header * Fri Jun 5 2026 Python Maint - 5.2.14-3 - Rebuilt for Python 3.15 * Thu Jun 4 2026 Python Maint - 5.2.14-2 - Bootstrap for Python 3.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2484354 - python-django5-5.2.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=2484354 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f140cb16b6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fedora 43 patch resolves low-severity issues in python-django5, enhancing security and data protection.. Fedora 43, python-django5, low severity fixes, data exposure. . Severity: Low. LinuxSecurity.com Team

Calendar%202 Jun 14, 2026 Low Fedora
87

Debian libgcrypt Denial of Service Security Advisory DSA-6294-1

It was discovered that an incorrect implementation of ECDH encryption (with NIST, Brainpool, X448, or X25519 curves) within Libgcrypt could result in denial of service. For the oldstable distribution (bookworm), this problem has been fixed in version 1.10.1-3+deb12u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6294-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso May 22, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgcrypt20 CVE ID : CVE-2026-41989 It was discovered that an incorrect implementation of ECDH encryption (with NIST, Brainpool, X448, or X25519 curves) within Libgcrypt could result in denial of service. For the oldstable distribution (bookworm), this problem has been fixed in version 1.10.1-3+deb12u1. For the stable distribution (trixie), this problem has been fixed in version 1.11.0-7+deb13u1. We recommend that you upgrade your libgcrypt20 packages. For the detailed security status of libgcrypt20 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libgcrypt20 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . An advisory for Debian DSA-6294-1 regarding a denial of service issue with Libgcrypt ECDH encryption implementation.. Debian advisory, libgcrypt security, ECDH encryption, denial of service, security update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 22, 2026 Important Debian
89

Fedora 42 OpenSSL Critical Update Validate RSA Encryption 2026-7af660d639

Validate RSA_public_encrypt() result in RSASVE. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-7af660d639 2026-05-08 01:24:13.569769+00:00 -------------------------------------------------------------------------------- Name : openssl Product : Fedora 42 Version : 3.2.6 Release : 4.fc42 URL : http://www.openssl.org/ Summary : Utilities from the general purpose cryptography library with TLS implementation Description : The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. -------------------------------------------------------------------------------- Update Information: Validate RSA_public_encrypt() result in RSASVE -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 20 2026 Pavol \u017d\u010dik - 1:3.2.6-4 - Validate RSA_public_encrypt() result in RSASVE Resolves: CVE-2026-31790 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-7af660d639' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . OpenSSL update for Fedora 42 addresses critical security issue related to RSA encryption validation.. OpenSSL security, Fedora updates, RSA encryption, critical security risks, encryption flaws. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 08, 2026 Critical Fedora
89

Fedora 44 Plasma Vault Update 2026-fe3d8d4767 Security Advisory

Frameworks 6.25.0 + KDE Plasma 6.6.4. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-fe3d8d4767 2026-04-16 23:40:54.273526+00:00 -------------------------------------------------------------------------------- Name : plasma-vault Product : Fedora 44 Version : 6.6.4 Release : 1.fc44 URL : https://invent.kde.org/plasma/plasma-vault Summary : Plasma Vault offers strong encryption features in a user-friendly way Description : Plasma Vault allows to lock and encrypt sets of documents and hide them from prying eyes even when the user is logged in. -------------------------------------------------------------------------------- Update Information: Frameworks 6.25.0 + KDE Plasma 6.6.4 -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 10 2026 Steve Cossette - 6.6.4-1 - 6.6.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2455469 - Configuring WifI network via Network pane appears to not work https://bugzilla.redhat.com/show_bug.cgi?id=2455469 [ 2 ] Bug #2457573 - FE: KDE Frameworks 6.25.0 + Plasma 6.6.4 https://bugzilla.redhat.com/show_bug.cgi?id=2457573 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-fe3d8d4767' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Enhance document security with plasma-vault update on Fedora 44, featuring strong encryption and user-friendly access.. plasma vault, fedora 44, KDE Plasma, encryption, security update. . Severity: Informational. LinuxSecurity.com Team

Calendar%202 Apr 16, 2026 Informational Fedora
197

Debian: HTTPS Everywhere Critical Malware Risk Advisory DLA-4331-1

The Firefox extension HTTPS Everywhere used to enforce encryption over HTTPS in major web browsers, a feature which has become obsolete because a HTTPS-only mode is built-in nowadays. Consequently HTTPS Everywhere has been removed from Debian in 2023. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4331-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany October 14, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : https-everywhere Version : 2025.10.14-0+deb11u1 Debian Bug : 1118030 1118045 The Firefox extension HTTPS Everywhere used to enforce encryption over HTTPS in major web browsers, a feature which has become obsolete because a HTTPS-only mode is built-in nowadays. Consequently HTTPS Everywhere has been removed from Debian in 2023. The extension requires up-to-date https rules which are obtained from the domain https-rulesets.org. This domain is no longer controlled by the original upstream developers and registered by a third party now. Requests are redirected to a known malware site. This poses a severe risk for users of HTTPS Everywhere. As a first step to remedy this problem, version 2025.10.14-0+deb11u1 will completely remove all files associated with HTTPS Everywhere and only install a README file to raise the awareness for this security problem. The Debian packages parl-desktop and progress-linux-desktop will no longer depend on webext-https-everywhere. The source package https-everywhere and the binary package webext-https- everywhere will be removed from Debian in a subsequent step. We recommend to avoid using HTTPS Everywhere and to use web browsers, e.g. Firefox, which support HTTPS only instead. For more information, please refer to Debian bugs #1118030 and #1118045. For Debian 11 bullseye, this problem has been fixed inversion 2025.10.14-0+deb11u1. We recommend that you upgrade your https-everywhere packages. For the detailed security status of https-everywhere please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/https-everywhere Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . HTTPS Everywhere was removed from Debian due to security risks. Upgrade your system to enhance protection.. Debian, HTTPS Everywhere, security risks, encryption, critical updates. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Oct 14, 2025 Critical Debian LTS
89

Fedora 42: krb5 2025-3de9fe91ff critical: message spoofing risk

Disallowing use of the arcfour-hmac(-md5) encryption type for session keys Add support for the PKINIT paChecksum2 sequence, required for Active Directory interoperability on Windows Server 2025 Fix generation of RADIUS Message-Authenticator in FIPS mode. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-3de9fe91ff 2025-06-09 02:34:27.502391+00:00 -------------------------------------------------------------------------------- Name : krb5 Product : Fedora 42 Version : 1.21.3 Release : 6.fc42 URL : https://web.mit.edu/kerberos/www/ Summary : The Kerberos network authentication system Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form. -------------------------------------------------------------------------------- Update Information: Disallowing use of the arcfour-hmac(-md5) encryption type for session keys Add support for the PKINIT paChecksum2 sequence, required for Active Directory interoperability on Windows Server 2025 Fix generation of RADIUS Message-Authenticator in FIPS mode -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 4 2025 Julien Rische - 1.21.3-6 - Do not block HMAC-MD4/5 in FIPS mode Resolves: rhbz#2370259 - PKINIT: implement paChecksum2 from MS-PKCA v20230920 Resolves: rhbz#2357215 - Disallow RC4 HMAC-MD5 session keys by default (CVE-2025-3576) Resolves: rhbz#2359705 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2357215 - PKINIT: implement paChecksum2 from MS-PKCA v20230920 [fedora] https://bugzilla.redhat.com/show_bug.cgi?id=2357215 [ 2 ] Bug #2359705 - CVE-2025-3576 krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5Collisions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2359705 [ 3 ] Bug #2370259 - Do not block HMAC-MD4/5 in FIPS mode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2370259 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-3de9fe91ff' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Fedora 42 brings improvements to krb5, boosting both Kerberos authentication security and its interoperability with Windows Server.. krb5 security update, Fedora security advisory, encryption updates. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 09, 2025 Critical Fedora
202

openSUSE 15.4/15.6: 2025:01816-1 important: libcryptopp key leak

An update that solves one vulnerability can now be installed.. # Security update for libcryptopp Announcement ID: SUSE-SU-2025:01816-1 Release Date: 2025-06-04T17:04:07Z Rating: important References: * bsc#1224280 Cross-References: * CVE-2024-28285 CVSS scores: * CVE-2024-28285 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for libcryptopp fixes the following issues: * CVE-2024-28285: Fixed potential leak of secret key of ElGamal encryption via fault injection (bsc#1224280) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1816=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1816=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1816=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-1816=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1816=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1816=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1816=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1816=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1816=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1816=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1816=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1816=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1816=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2025-1816=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1816=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libcryptopp8_6_0-debuginfo-8.6.0-150400.3.9.1 * libcryptopp-devel-8.6.0-150400.3.9.1 * libcryptopp8_6_0-8.6.0-150400.3.9.1 *libcryptopp-debugsource-8.6.0-150400.3.9.1 * openSUSE Leap 15.4 (x86_64) * libcryptopp8_6_0-32bit-8.6.0-150400.3.9.1 * libcryptopp8_6_0-32bit-debuginfo-8.6.0-150400.3.9.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libcryptopp8_6_0-64bit-8.6.0-150400.3.9.1 * libcryptopp8_6_0-64bit-debuginfo-8.6.0-150400.3.9.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libcryptopp8_6_0-debuginfo-8.6.0-150400.3.9.1 * libcryptopp-devel-8.6.0-150400.3.9.1 * libcryptopp8_6_0-8.6.0-150400.3.9.1 * libcryptopp-debugsource-8.6.0-150400.3.9.1 * openSUSE Leap 15.6 (x86_64) * libcryptopp8_6_0-32bit-8.6.0-150400.3.9.1 * libcryptopp8_6_0-32bit-debuginfo-8.6.0-150400.3.9.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libcryptopp8_6_0-debuginfo-8.6.0-150400.3.9.1 * libcryptopp-devel-8.6.0-150400.3.9.1 * libcryptopp8_6_0-8.6.0-150400.3.9.1 * libcryptopp-debugsource-8.6.0-150400.3.9.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libcryptopp8_6_0-debuginfo-8.6.0-150400.3.9.1 * libcryptopp-devel-8.6.0-150400.3.9.1 * libcryptopp8_6_0-8.6.0-150400.3.9.1 * libcryptopp-debugsource-8.6.0-150400.3.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libcryptopp8_6_0-debuginfo-8.6.0-150400.3.9.1 * libcryptopp-devel-8.6.0-150400.3.9.1 * libcryptopp8_6_0-8.6.0-150400.3.9.1 * libcryptopp-debugsource-8.6.0-150400.3.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libcryptopp8_6_0-debuginfo-8.6.0-150400.3.9.1 * libcryptopp-devel-8.6.0-150400.3.9.1 * libcryptopp8_6_0-8.6.0-150400.3.9.1 * libcryptopp-debugsource-8.6.0-150400.3.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libcryptopp8_6_0-debuginfo-8.6.0-150400.3.9.1 * libcryptopp-devel-8.6.0-150400.3.9.1 * libcryptopp8_6_0-8.6.0-150400.3.9.1 * libcryptopp-debugsource-8.6.0-150400.3.9.1 * SUSE Linux Enterprise HighPerformance Computing LTSS 15 SP5 (aarch64 x86_64) * libcryptopp8_6_0-debuginfo-8.6.0-150400.3.9.1 * libcryptopp-devel-8.6.0-150400.3.9.1 * libcryptopp8_6_0-8.6.0-150400.3.9.1 * libcryptopp-debugsource-8.6.0-150400.3.9.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libcryptopp8_6_0-debuginfo-8.6.0-150400.3.9.1 * libcryptopp-devel-8.6.0-150400.3.9.1 * libcryptopp8_6_0-8.6.0-150400.3.9.1 * libcryptopp-debugsource-8.6.0-150400.3.9.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libcryptopp8_6_0-debuginfo-8.6.0-150400.3.9.1 * libcryptopp-devel-8.6.0-150400.3.9.1 * libcryptopp8_6_0-8.6.0-150400.3.9.1 * libcryptopp-debugsource-8.6.0-150400.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libcryptopp8_6_0-debuginfo-8.6.0-150400.3.9.1 * libcryptopp-devel-8.6.0-150400.3.9.1 * libcryptopp8_6_0-8.6.0-150400.3.9.1 * libcryptopp-debugsource-8.6.0-150400.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libcryptopp8_6_0-debuginfo-8.6.0-150400.3.9.1 * libcryptopp-devel-8.6.0-150400.3.9.1 * libcryptopp8_6_0-8.6.0-150400.3.9.1 * libcryptopp-debugsource-8.6.0-150400.3.9.1 * SUSE Manager Proxy 4.3 (x86_64) * libcryptopp8_6_0-debuginfo-8.6.0-150400.3.9.1 * libcryptopp-devel-8.6.0-150400.3.9.1 * libcryptopp8_6_0-8.6.0-150400.3.9.1 * libcryptopp-debugsource-8.6.0-150400.3.9.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libcryptopp8_6_0-debuginfo-8.6.0-150400.3.9.1 * libcryptopp-devel-8.6.0-150400.3.9.1 * libcryptopp8_6_0-8.6.0-150400.3.9.1 * libcryptopp-debugsource-8.6.0-150400.3.9.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libcryptopp8_6_0-debuginfo-8.6.0-150400.3.9.1 * libcryptopp-devel-8.6.0-150400.3.9.1 * libcryptopp8_6_0-8.6.0-150400.3.9.1 * libcryptopp-debugsource-8.6.0-150400.3.9.1 ## References: *https://www.suse.com/security/cve/CVE-2024-28285.html * https://bugzilla.suse.com/show_bug.cgi?id=1224280 . Canonical has released an urgent security update for the libssl package to fix a potential data disclosure flaw caused by side-channel attacks. Critical fix ready for deployment.. Linux Security, Cybersecurity, Open Source Software, Encryption Issues. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 04, 2025 Important OpenSUSE
89

Fedora 42 OpenVPN 2.6.14 Update: CVE-2025-2704 Security Advisory

Update to upstream OpenVPN 2.6.14 Fixes CVE-2025-2704. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-e439589b9d 2025-04-11 18:19:12.062451+00:00 -------------------------------------------------------------------------------- Name : openvpn Product : Fedora 42 Version : 2.6.14 Release : 1.fc42 URL : Summary : A full-featured TLS VPN solution Description : OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compression. -------------------------------------------------------------------------------- Update Information: Update to upstream OpenVPN 2.6.14 Fixes CVE-2025-2704 -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 2 2025 Frank Lichtenheld - 2.6.14-1 - Update to upstream OpenVPN 2.6.14 - Fixes CVE-2025-2704 * Tue Feb 11 2025 Zbigniew Jędrzejewski-Szmek - 2.6.13-2 - Add sysusers.d config file to allow rpm to create users/groups automatically -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e439589b9d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . OpenVPN 2.6.14 on Fedora 42 resolves a critical vulnerability identified as CVE-2025-2704 and introduces upgraded security capabilities.. Fedora OpenVPN 2.6.14security advisory CVE-2025-2704. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 11, 2025 Important Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200