Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -7 articles for you...
202

openSUSE Python-Pillow Important Memory Allocation Issues Vuln 2026-2875-1

An update that solves four vulnerabilities can now be installed.. # Security update for python-Pillow Announcement ID: SUSE-SU-2026:2875-1 Release Date: 2026-07-13T09:12:44Z Rating: important References: * bsc#1270409 * bsc#1270410 * bsc#1270411 * bsc#1270412 Cross-References: * CVE-2026-54059 * CVE-2026-54060 * CVE-2026-55379 * CVE-2026-55380 CVSS scores: * CVE-2026-54059 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-54059 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-54060 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-54060 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55379 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55379 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55380 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55380 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves four vulnerabilities can now be installed. ## Description: This update for python-Pillow fixes the following issues * CVE-2026-54059: crafted PCF font data can cause excessive memory allocation (bsc#1270409). * CVE-2026-54060: a font can trigger excessive allocation during conversion or saving (bsc#1270410). * CVE-2026-55379: bypass of decompression bomb protection, allowing excessive memory allocation (bsc#1270411). * CVE-2026-55380: crafted .gd file can trigger excessive C-heap allocation when loaded (bsc#1270412). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the commandlisted for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2875=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-2875=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * python-Pillow-debuginfo-7.2.0-150300.3.27.1 * python3-Pillow-debuginfo-7.2.0-150300.3.27.1 * python-Pillow-debugsource-7.2.0-150300.3.27.1 * python3-Pillow-7.2.0-150300.3.27.1 * openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64) * python-Pillow-debuginfo-7.2.0-150300.3.27.1 * python3-Pillow-tk-debuginfo-7.2.0-150300.3.27.1 * python3-Pillow-debuginfo-7.2.0-150300.3.27.1 * python3-Pillow-7.2.0-150300.3.27.1 * python3-Pillow-tk-7.2.0-150300.3.27.1 * python-Pillow-debugsource-7.2.0-150300.3.27.1 ## References: * https://www.suse.com/security/cve/CVE-2026-54059.html * https://www.suse.com/security/cve/CVE-2026-54060.html * https://www.suse.com/security/cve/CVE-2026-55379.html * https://www.suse.com/security/cve/CVE-2026-55380.html * https://bugzilla.suse.com/show_bug.cgi?id=1270409 * https://bugzilla.suse.com/show_bug.cgi?id=1270410 * https://bugzilla.suse.com/show_bug.cgi?id=1270411 * https://bugzilla.suse.com/show_bug.cgi?id=1270412 . # Security update for python-Pillow Announcement ID: SUSE-SU-2026:2875-1 Release Date: 2026-07-13T09. update, solves, vulnerabilities, installed, security, python-pillow. . LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 OpenSUSE
202

openSUSE python-Pillow Important Memory Allocation Risk Vuln 2026-21296-1

An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed.. openSUSE security update: security update for python-pillow ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21296-1 Rating: important References: * bsc#1270404 * bsc#1270409 * bsc#1270410 * bsc#1270411 * bsc#1270412 Cross-References: * CVE-2026-42311 * CVE-2026-54059 * CVE-2026-54060 * CVE-2026-55379 * CVE-2026-55380 CVSS scores: * CVE-2026-42311 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-42311 ( SUSE ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-54059 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-54060 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55379 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-55380 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed. Description: This update for python-Pillow fixes the following issues - CVE-2026-42311: malicious PSD file processing can lead to arbitrary code execution (bsc#1270404). - CVE-2026-54059: crafted PCF font data can cause excessive memory allocation (bsc#1270409). - CVE-2026-54060: fonts can trigger excessive memory allocation during conversion or saving (bsc#1270410). - CVE-2026-55379: bypass of decompression bomb protection allows excessive memory allocation (bsc#1270411). - CVE-2026-55380: crafted `.gd` file can trigger excessive C-heap allocation when loaded (bsc#1270412). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1207=1 Package List: - openSUSE Leap 16.0: python313-Pillow-11.3.0-160000.6.1 python313-Pillow-tk-11.3.0-160000.6.1 References: * https://www.suse.com/security/cve/CVE-2026-42311.html * https://www.suse.com/security/cve/CVE-2026-54059.html * https://www.suse.com/security/cve/CVE-2026-54060.html * https://www.suse.com/security/cve/CVE-2026-55379.html * https://www.suse.com/security/cve/CVE-2026-55380.html . An important update for openSUSE addresses various security issues in python-Pillow, recommending immediate patch installation.. python-Pillow security, openSUSE update, code execution risk, memory allocation flaw. . LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 OpenSUSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200