Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 144 articles for you...
172

Ubuntu 26.04 LTS cifs-utils Critical Remote Code Execution USN-8496-3

cifs-utils could be made to run programs as an administrator.. ========================================================================== Ubuntu Security Notice USN-8496-3 July 13, 2026 cifs-utils vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: cifs-utils could be made to run programs as an administrator. Software Description: - cifs-utils: Common Internet File System utilities Details: USN-8496-1 fixed vulnerabilities in cifs-utils. The update caused a regression and was backed out in USN-8496-2. This update reintroduces the security fix, along with a fix for the regression. Original advisory details: It was discovered that cifs-utils incorrectly dropped root privileges before looking up user information. A local attacker could possibly use this issue to execute arbitrary code as the root user. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS cifs-utils 2:7.4-1ubuntu0.26.04.3 Ubuntu 24.04 LTS cifs-utils 2:7.0-2ubuntu0.5 Ubuntu 22.04 LTS cifs-utils 2:6.14-1ubuntu0.6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8496-3 https://ubuntu.com/security/notices/USN-8496-2 https://ubuntu.com/security/notices/USN-8496-1 CVE-2026-12505 Package Information: https://launchpad.net/ubuntu/+source/cifs-utils/2:7.4-1ubuntu0.26.04.3 https://launchpad.net/ubuntu/+source/cifs-utils/2:7.0-2ubuntu0.5 https://launchpad.net/ubuntu/+source/cifs-utils/2:6.14-1ubuntu0.6 . A critical security advisory for Ubuntu addresses a cifs-utils issue allowing privilege escalation. Update now!. Ubuntu security,cifs-utils vulnerabilities,privilege escalation,system update. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 Critical Ubuntu
87

Debian Chromium Critical Code Exec Info Disclosure DSA-6387-1

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (trixie), these problems have been fixed in version 150.0.7871.114-1~deb13u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6387-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Andres Salomon July 11, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium CVE ID : CVE-2026-15107 CVE-2026-15108 CVE-2026-15109 CVE-2026-15110 CVE-2026-15111 CVE-2026-15112 CVE-2026-15113 CVE-2026-15114 CVE-2026-15115 CVE-2026-15116 CVE-2026-15117 CVE-2026-15118 CVE-2026-15119 CVE-2026-15120 CVE-2026-15121 CVE-2026-15122 CVE-2026-15123 CVE-2026-15124 CVE-2026-15125 CVE-2026-15126 CVE-2026-15127 CVE-2026-15128 CVE-2026-15129 CVE-2026-15130 CVE-2026-15131 CVE-2026-15132 CVE-2026-15133 Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (trixie), these problems have been fixed in version 150.0.7871.114-1~deb13u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Explore critical security issues in Chromium for Debian trixie, addressing code execution and info disclosure risks.. Debian security advisory, chromium securityupdates, Debian vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 11, 2026 Critical Debian
100

SUSE Linux Micro 6.0 Dracut Important Command Injection CVE-2026-6893

An update that solves one vulnerability can now be installed.. # Security update for dracut Announcement ID: SUSE-SU-2026:22431-1 Release Date: 2026-06-29T09:26:08Z Rating: important References: * bsc#1268322 Cross-References: * CVE-2026-6893 CVSS scores: * CVE-2026-6893 ( SUSE ): 8.7 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-6893 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for dracut fixes the following issue * CVE-2026-6893: Root code execution via DHCP options command injection (bsc#1268322). Changes for dracut: * Update to version 059+suse.609.g1a2492e: * fix(network-legacy): sanitize DHCP values in dhclient-script.sh (bsc#1268322, CVE-2026-6893) * fix(network-legacy): add input validation to RFC 3442 route parser ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-772=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * dracut-fips-059+suse.609.g1a2492e-1.1 * dracut-debugsource-059+suse.609.g1a2492e-1.1 * dracut-059+suse.609.g1a2492e-1.1 * dracut-debuginfo-059+suse.609.g1a2492e-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-6893.html * https://bugzilla.suse.com/show_bug.cgi?id=1268322 . This update for SUSE fixes a critical execution issue in dracut due to DHCP command injection. Install the patch promptly.. SUSE Linux Micro, dracut security, DHCP command injection, security update, execution risk. . Severity: Important.LinuxSecurity.com Team

Calendar%202 Jul 03, 2026 Important SuSE
100

SUSE Linux Micro 6.2 dracut Important Code Injection Vuln 2026-22273-1

An update that solves one vulnerability can now be installed.. # Security update for dracut Announcement ID: SUSE-SU-2026:22273-1 Release Date: 2026-06-24T21:38:59Z Rating: important References: * bsc#1268322 Cross-References: * CVE-2026-6893 CVSS scores: * CVE-2026-6893 ( SUSE ): 8.7 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-6893 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for dracut fixes the following issue * CVE-2026-6893: Root code execution via DHCP options command injection (bsc#1268322). Changes for dracut: * Update to version 059+suse.722.gdd9d67ff5: * fix(network-legacy): sanitize DHCP values in dhclient-script.sh (bsc#1268322, CVE-2026-6893) * fix(network-legacy): add input validation to RFC 3442 route parser ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-1067=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * dracut-debuginfo-059+suse.722.gdd9d67ff5-160000.1.1 * dracut-fips-059+suse.722.gdd9d67ff5-160000.1.1 * dracut-059+suse.722.gdd9d67ff5-160000.1.1 * dracut-debugsource-059+suse.722.gdd9d67ff5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-6893.html * https://bugzilla.suse.com/show_bug.cgi?id=1268322 . A crucial update for dracut addresses an important security flaw involving code execution via DHCP options command injection.. SUSE Dracut Security Update, Important Patch for Dracut, Linux Micro Security Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 29, 2026 Important SuSE
217

Oracle Linux 9 hplip Important Code Execution Threat ELSA-2026-26297

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-26297 http://linux.oracle.com/errata/ELSA-2026-26297.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: hplip-3.21.2-6.el9_8.4.x86_64.rpm hplip-common-3.21.2-6.el9_8.4.i686.rpm hplip-common-3.21.2-6.el9_8.4.x86_64.rpm hplip-libs-3.21.2-6.el9_8.4.i686.rpm hplip-libs-3.21.2-6.el9_8.4.x86_64.rpm libsane-hpaio-3.21.2-6.el9_8.4.i686.rpm libsane-hpaio-3.21.2-6.el9_8.4.x86_64.rpm aarch64: hplip-3.21.2-6.el9_8.4.aarch64.rpm hplip-common-3.21.2-6.el9_8.4.aarch64.rpm hplip-libs-3.21.2-6.el9_8.4.aarch64.rpm libsane-hpaio-3.21.2-6.el9_8.4.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/hplip-3.21.2-6.el9_8.4.src.rpm Related CVEs: CVE-2026-8631 CVE-2026-8632 Description of changes: [3.21.2-6.4] - Fix more leaks in hpcups [3.21.2-6.3] - OSH fixes after CVE-2026-8631 [3.21.2-6.2] - CVE-2026-8631 hplip: HPLIP: Arbitrary code execution and privilege escalation via integer overflow in hpcups [3.21.2-6.1] - CVE-2026-8632 hplip: Privilege escalation and arbitrary code execution via OS command injection in Is_Process_Running() _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 9 hplip advisory fixes critical security issues including code execution vulnerabilities. Get updated RPMs now!. Oracle Linux, hplip, code execution, security fix, privilege escalation. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 26, 2026 Important Oracle
197

Debian libhttp-daemon-perl Critical Shell Command Execution DLA-4639-1

A flaw was discovered in libhttp-daemon-perl, a simple http server class for Perl, which may result in the execution of arbitrary shell commands or file overwrite when processing specially crafted input. For Debian 11 bullseye, this problem has been fixed in version 6.12-1+deb11u2.. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4639-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Santiago Ruano Rincón June 21, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : libhttp-daemon-perl Version : 6.12-1+deb11u2 6.16-1+deb13u1~deb12u1 CVE ID : CVE-2026-8450 Debian Bug : 1138050 A flaw was discovered in libhttp-daemon-perl, a simple http server class for Perl, which may result in the execution of arbitrary shell commands or file overwrite when processing specially crafted input. For Debian 11 bullseye, this problem has been fixed in version 6.12-1+deb11u2. For Debian 12 bookworm, this problem has been fixed in version 6.16-1+deb13u1~deb12u1. We recommend that you upgrade your libhttp-daemon-perl packages. For the detailed security status of libhttp-daemon-perl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libhttp-daemon-perl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . ------------------------------------------------------------------------- Debian LTS Advisory DLA-46. libhttp-daemon-perl, simple, server, class, which. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 21, 2026 Critical Debian LTS
197

Debian LTS DLA-4637-1 libconfig-inifiles-perl Critical Arbitrary Exec

A flaw was discovered in libconfig-inifiles-perl, a Perl module to read .ini-style configuration files, which may result in the execution of arbitrary shell commands or file overwrite when processing specially crafted file names. For Debian 11 bullseye, this problem has been fixed in version. Debian LTS Advisory DLA-4637-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Salvatore Bonaccorso June 19, 2026 https://wiki.debian.org/LTS Package : libconfig-inifiles-perl Version : 3.000003-1+deb11u1 3.000003-2+deb12u1 CVE ID : CVE-2026-11527 A flaw was discovered in libconfig-inifiles-perl, a Perl module to read .ini-style configuration files, which may result in the execution of arbitrary shell commands or file overwrite when processing specially crafted file names. For Debian 11 bullseye, this problem has been fixed in version 3.000003-1+deb11u1. For Debian 12 bookworm, this problem has been fixed in version 3.000003-2+deb12u1. We recommend that you upgrade your libconfig-inifiles-perl packages. For the detailed security status of libconfig-inifiles-perl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libconfig-inifiles-perl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Address critical flaw in libconfig-inifiles-perl that allows command execution and file overwrites in Debian LTS systems.. libconfig-inifiles-perl update, Debian security, shell command execution. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 19, 2026 Critical Debian LTS
197

Debian LTS Thunderbird Critical Code Execution Advisory DLA-4636-1

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For Debian 11 bullseye, these problems have been fixed in version 1:140.12.0esr-1~deb11u1. For Debian 12 bookworm, these problems have been fixed in version. Debian LTS Advisory DLA-4636-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Emilio Pozuelo Monfort June 19, 2026 https://wiki.debian.org/LTS Package : thunderbird Version : 1:140.12.0esr-1~deb11u1 1:140.12.0esr-1~deb12u1 CVE ID : CVE-2026-12289 CVE-2026-12290 CVE-2026-12291 CVE-2026-12292 CVE-2026-12294 CVE-2026-12295 CVE-2026-12296 CVE-2026-12297 CVE-2026-12298 CVE-2026-12299 CVE-2026-12302 CVE-2026-12304 CVE-2026-12305 CVE-2026-12306 CVE-2026-12307 CVE-2026-12308 CVE-2026-12309 CVE-2026-12310 CVE-2026-12311 CVE-2026-12312 CVE-2026-12313 CVE-2026-12314 CVE-2026-12315 CVE-2026-12324 CVE-2026-12325 CVE-2026-12327 CVE-2026-12328 CVE-2026-12329 CVE-2026-12330 Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For Debian 11 bullseye, these problems have been fixed in version 1:140.12.0esr-1~deb11u1. For Debian 12 bookworm, these problems have been fixed in version 1:140.12.0esr-1~deb12u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Multiple security updates for Thunderbird in Debian LTS prevent execution of arbitrary code, enhancing system integrity.. Debian LTS security updates, Thunderbird security patch, arbitrary codeexecution fix, Debian package updates. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 19, 2026 Critical Debian LTS
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200