Explore top 10 tips to secure your open-source projects now. Read More
×cifs-utils could be made to run programs as an administrator.. ========================================================================== Ubuntu Security Notice USN-8496-3 July 13, 2026 cifs-utils vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: cifs-utils could be made to run programs as an administrator. Software Description: - cifs-utils: Common Internet File System utilities Details: USN-8496-1 fixed vulnerabilities in cifs-utils. The update caused a regression and was backed out in USN-8496-2. This update reintroduces the security fix, along with a fix for the regression. Original advisory details: It was discovered that cifs-utils incorrectly dropped root privileges before looking up user information. A local attacker could possibly use this issue to execute arbitrary code as the root user. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS cifs-utils 2:7.4-1ubuntu0.26.04.3 Ubuntu 24.04 LTS cifs-utils 2:7.0-2ubuntu0.5 Ubuntu 22.04 LTS cifs-utils 2:6.14-1ubuntu0.6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8496-3 https://ubuntu.com/security/notices/USN-8496-2 https://ubuntu.com/security/notices/USN-8496-1 CVE-2026-12505 Package Information: https://launchpad.net/ubuntu/+source/cifs-utils/2:7.4-1ubuntu0.26.04.3 https://launchpad.net/ubuntu/+source/cifs-utils/2:7.0-2ubuntu0.5 https://launchpad.net/ubuntu/+source/cifs-utils/2:6.14-1ubuntu0.6 . A critical security advisory for Ubuntu addresses a cifs-utils issue allowing privilege escalation. Update now!. Ubuntu security,cifs-utils vulnerabilities,privilege escalation,system update. . Severity: Critical. LinuxSecurity.com Team
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (trixie), these problems have been fixed in version 150.0.7871.114-1~deb13u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6387-1
An update that solves one vulnerability can now be installed.. # Security update for dracut Announcement ID: SUSE-SU-2026:22431-1 Release Date: 2026-06-29T09:26:08Z Rating: important References: * bsc#1268322 Cross-References: * CVE-2026-6893 CVSS scores: * CVE-2026-6893 ( SUSE ): 8.7 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-6893 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for dracut fixes the following issue * CVE-2026-6893: Root code execution via DHCP options command injection (bsc#1268322). Changes for dracut: * Update to version 059+suse.609.g1a2492e: * fix(network-legacy): sanitize DHCP values in dhclient-script.sh (bsc#1268322, CVE-2026-6893) * fix(network-legacy): add input validation to RFC 3442 route parser ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-772=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * dracut-fips-059+suse.609.g1a2492e-1.1 * dracut-debugsource-059+suse.609.g1a2492e-1.1 * dracut-059+suse.609.g1a2492e-1.1 * dracut-debuginfo-059+suse.609.g1a2492e-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-6893.html * https://bugzilla.suse.com/show_bug.cgi?id=1268322 . This update for SUSE fixes a critical execution issue in dracut due to DHCP command injection. Install the patch promptly.. SUSE Linux Micro, dracut security, DHCP command injection, security update, execution risk. . Severity: Important.LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for dracut Announcement ID: SUSE-SU-2026:22273-1 Release Date: 2026-06-24T21:38:59Z Rating: important References: * bsc#1268322 Cross-References: * CVE-2026-6893 CVSS scores: * CVE-2026-6893 ( SUSE ): 8.7 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-6893 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for dracut fixes the following issue * CVE-2026-6893: Root code execution via DHCP options command injection (bsc#1268322). Changes for dracut: * Update to version 059+suse.722.gdd9d67ff5: * fix(network-legacy): sanitize DHCP values in dhclient-script.sh (bsc#1268322, CVE-2026-6893) * fix(network-legacy): add input validation to RFC 3442 route parser ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-1067=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * dracut-debuginfo-059+suse.722.gdd9d67ff5-160000.1.1 * dracut-fips-059+suse.722.gdd9d67ff5-160000.1.1 * dracut-059+suse.722.gdd9d67ff5-160000.1.1 * dracut-debugsource-059+suse.722.gdd9d67ff5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-6893.html * https://bugzilla.suse.com/show_bug.cgi?id=1268322 . A crucial update for dracut addresses an important security flaw involving code execution via DHCP options command injection.. SUSE Dracut Security Update, Important Patch for Dracut, Linux Micro Security Fix. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-26297 http://linux.oracle.com/errata/ELSA-2026-26297.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: hplip-3.21.2-6.el9_8.4.x86_64.rpm hplip-common-3.21.2-6.el9_8.4.i686.rpm hplip-common-3.21.2-6.el9_8.4.x86_64.rpm hplip-libs-3.21.2-6.el9_8.4.i686.rpm hplip-libs-3.21.2-6.el9_8.4.x86_64.rpm libsane-hpaio-3.21.2-6.el9_8.4.i686.rpm libsane-hpaio-3.21.2-6.el9_8.4.x86_64.rpm aarch64: hplip-3.21.2-6.el9_8.4.aarch64.rpm hplip-common-3.21.2-6.el9_8.4.aarch64.rpm hplip-libs-3.21.2-6.el9_8.4.aarch64.rpm libsane-hpaio-3.21.2-6.el9_8.4.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/hplip-3.21.2-6.el9_8.4.src.rpm Related CVEs: CVE-2026-8631 CVE-2026-8632 Description of changes: [3.21.2-6.4] - Fix more leaks in hpcups [3.21.2-6.3] - OSH fixes after CVE-2026-8631 [3.21.2-6.2] - CVE-2026-8631 hplip: HPLIP: Arbitrary code execution and privilege escalation via integer overflow in hpcups [3.21.2-6.1] - CVE-2026-8632 hplip: Privilege escalation and arbitrary code execution via OS command injection in Is_Process_Running() _______________________________________________ El-errata mailing list
A flaw was discovered in libhttp-daemon-perl, a simple http server class for Perl, which may result in the execution of arbitrary shell commands or file overwrite when processing specially crafted input. For Debian 11 bullseye, this problem has been fixed in version 6.12-1+deb11u2.. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4639-1
A flaw was discovered in libconfig-inifiles-perl, a Perl module to read .ini-style configuration files, which may result in the execution of arbitrary shell commands or file overwrite when processing specially crafted file names. For Debian 11 bullseye, this problem has been fixed in version. Debian LTS Advisory DLA-4637-1
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For Debian 11 bullseye, these problems have been fixed in version 1:140.12.0esr-1~deb11u1. For Debian 12 bookworm, these problems have been fixed in version. Debian LTS Advisory DLA-4636-1
Get the latest Linux and open source security news straight to your inbox.