Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 518
Alerts This Week
Warning Icon 1 518

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 61 articles for you...
172

Ubuntu 24.04 LTS age Important Execution Flaw USN-8372-1 CVE-2024-56327

age could be made to crash or run programs as your login if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-8372-1 June 02, 2026 age vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS Summary: age could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - age: A simple, modern and secure file encryption tool, format, and Go library. Details: It was discovered that age did not properly validate plugin names. An attacker could possibly use this issue to cause execution of an arbitrary program by supplying a crafted recipient or identity string. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS age 1.1.1-1ubuntu0.24.04.3+esm1 Available with Ubuntu Pro golang-filippo-age-dev 1.1.1-1ubuntu0.24.04.3+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8372-1 CVE-2024-56327 . Ubuntu 24.04 LTS addresses an important age security flaw allowing program crashes and arbitrary code execution.. Ubuntu Security Notice, age application, security patch, arbitrary code execution, vulnerability alert. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 02, 2026 Important Ubuntu
197

Debian 11 Thunderbird Security Fix DLA-4594-1 Multiple Code Execution

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For Debian 11 bullseye, these problems have been fixed in version 1:140.11.0esr-1~deb11u1. We recommend that you upgrade your thunderbird packages.. Debian LTS Advisory DLA-4594-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 22, 2026 https://wiki.debian.org/LTS Package : thunderbird Version : 1:140.11.0esr-1~deb11u1 CVE ID : CVE-2026-8388 CVE-2026-8391 CVE-2026-8401 CVE-2026-8946 CVE-2026-8947 CVE-2026-8950 CVE-2026-8953 CVE-2026-8954 CVE-2026-8955 CVE-2026-8956 CVE-2026-8957 CVE-2026-8958 CVE-2026-8961 CVE-2026-8962 CVE-2026-8968 CVE-2026-8970 CVE-2026-8974 CVE-2026-8975 Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For Debian 11 bullseye, these problems have been fixed in version 1:140.11.0esr-1~deb11u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Upgrade Thunderbird in Debian 11 bullseye to fix multiple security issues and avoid code execution risks.. Debian package security, thunderbird update, arbitrary code execution, software patch, Debian security advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 22, 2026 Critical Debian LTS
197

Debian 11 DLA-4526-1 Firefox-esr Critical Exec Code Threat

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 11 bullseye, these problems have been fixed in version 140.9.1esr-1~deb11u1.. Debian LTS Advisory DLA-4526-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 11, 2026 https://wiki.debian.org/LTS Package : firefox-esr Version : 140.9.1esr-1~deb11u1 CVE ID : CVE-2026-5731 CVE-2026-5732 CVE-2026-5734 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 11 bullseye, these problems have been fixed in version 140.9.1esr-1~deb11u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/firefox-esr Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Critical security issues in Firefox-esr for Debian 11 addressed in advisory DLA-4526-1. Upgrade now to protect your system.. firefox-esr security update, Debian LTS advisory, code execution risk, system security patch. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 11, 2026 Critical Debian LTS
197

Debian 11 Thunderbird Critical Code Execution Info Disclosure DLA-4495-1

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. For Debian 11 bullseye, these problems have been fixed in version 1:140.8.0esr-1~deb11u1. We recommend that you upgrade your thunderbird packages.. Debian LTS Advisory DLA-4495-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 28, 2026 https://wiki.debian.org/LTS Package : thunderbird Version : 1:140.8.0esr-1~deb11u1 CVE ID : CVE-2026-2757 CVE-2026-2758 CVE-2026-2759 CVE-2026-2761 CVE-2026-2762 CVE-2026-2763 CVE-2026-2764 CVE-2026-2765 CVE-2026-2766 CVE-2026-2767 CVE-2026-2768 CVE-2026-2769 CVE-2026-2770 CVE-2026-2771 CVE-2026-2772 CVE-2026-2773 CVE-2026-2774 CVE-2026-2775 CVE-2026-2776 CVE-2026-2777 CVE-2026-2778 CVE-2026-2779 CVE-2026-2780 CVE-2026-2781 CVE-2026-2782 CVE-2026-2783 CVE-2026-2784 CVE-2026-2785 CVE-2026-2786 CVE-2026-2787 CVE-2026-2788 CVE-2026-2789 CVE-2026-2790 CVE-2026-2791 CVE-2026-2792 CVE-2026-2793 Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. For Debian 11 bullseye, these problems have been fixed in version 1:140.8.0esr-1~deb11u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Multiple security issues in Thunderbird lead to code execution or info disclosure. Upgrade recommended for Debian 11.. Debian LTS, Thunderbird security, code execution, info disclosure. .Severity: Critical. LinuxSecurity.com Team

Calendar%202 Feb 28, 2026 Critical Debian LTS
87

Debian: Valkey DSA-6022-1 Critical Execution and DoS Risk

Multiple security issues were discovered in the Lua scripting interface of Valkey, a persistent key-value database, which could result in the execution of arbitrary code or denial of service. For the stable distribution (trixie), these problems have been fixed in version 8.1.1+dfsg1-3+deb13u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6022-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff October 09, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : valkey CVE ID : CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 CVE-2025-49844 Multiple security issues were discovered in the Lua scripting interface of Valkey, a persistent key-value database, which could result in the execution of arbitrary code or denial of service. For the stable distribution (trixie), these problems have been fixed in version 8.1.1+dfsg1-3+deb13u1. We recommend that you upgrade your valkey packages. For the detailed security status of valkey please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/valkey Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Discover the critical security issues in Valkey that permit arbitrary code execution and denial of service on Debian.. Debian Security, Valkey Update, Code Execution Risk, Denial of Service, Security Advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Oct 09, 2025 Critical Debian
202

openSUSE: Trivy Important Execution Fix CVE-2025-53547 Advisory 2025:0303-1

An update that fixes three vulnerabilities is now available. . openSUSE Security Update: Security update for trivy ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0303-1 Rating: important References: #1232948 #1235265 #1246151 Cross-References: CVE-2024-45338 CVE-2024-51744 CVE-2025-53547 CVSS scores: CVE-2024-45338 (SUSE): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2024-51744 (SUSE): 2.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2025-53547 (SUSE): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for trivy fixes the following issues: - CVE-2025-53547: Fixed code execution in Helm Chart (boo#1246151) - Update to version 0.64.1: * release: v0.64.1 [release/v0.64] (#9122) * fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#9127) * fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64] (#9124) * fix(rootio): check full version to detect `root.io` packages [backport: release/v0.64] (#9120) * fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (#9119) * release: v0.64.0 [main] (#8955) * docs(python): fix type with METADATA file name (#9090) * feat: reject unsupported artifact types in remote image retrieval (#9052) * chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 (#9088) * refactor(misconf): rewrite Rego module filtering using functional filters (#9061) * feat(terraform): add partial evaluation for policy templates (#8967) *feat(vuln): add Root.io support for container image scanning (#9073) * feat(sbom): add manufacturer field to CycloneDX tools metadata (#9019) * fix(cli): add some values to the telemetry call (#9056) * feat(ubuntu): add end of life date for Ubuntu 25.04 (#9077) * refactor: centralize HTTP transport configuration (#9058) * test: include integration tests in linting and fix all issues (#9060) * chore(deps): bump the common group across 1 directory with 26 updates (#9063) * feat(java): dereference all maven settings.xml env placeholders (#9024) * fix(misconf): reduce log noise on incompatible check (#9029) * fix(misconf): .Config.User always takes precedence over USER in .History (#9050) * chore(deps): update Docker to v28.2.2 and fix compatibility issues (#9037) * docs(misconf): simplify misconfiguration docs (#9030) * fix(misconf): move disabled checks filtering after analyzer scan (#9002) * docs: add PR review policy for maintainers (#9032) * fix(sbom): remove unnecessary OS detection check in SBOM decoding (#9034) * test: improve and extend tests for iac/adapters/arm (#9028) * chore: bump up Go version to 1.24.4 (#9031) * feat(cli): add version constraints to annoucements (#9023) * fix(misconf): correct Azure value-to-time conversion in AsTimeValue (#9015) * feat(ubuntu): add eol date for 20.04-ESM (#8981) * fix(report): don't panic when report contains vulns, but doesn't contain packages for `table` format (#8549) * fix(nodejs): correctly parse `packages` array of `bun.lock` file (#8998) * refactor: use strings.SplitSeq instead of strings.Split in for-loop (#8983) * docs: change --disable-metrics to --disable-telemetry in example (#8999) (#9003) * feat(misconf): add OpenTofu file extension support (#8747) * refactor(misconf): set Trivy version by default in Rego scanner (#9001) * docs: fix assets with versioning(#8996) * docs: add partners page (#8988) * chore(alpine): add EOL date for Alpine 3.22 (#8992) * fix: don't show corrupted trivy-db warning for first run (#8991) * Update installation.md (#8979) * feat(misconf): normalize CreatedBy for buildah and legacy docker builder (#8953) * chore(k8s): update comments with deprecated command format (#8964) * chore: fix errors and typos in docs (#8963) * fix: Add missing version check flags (#8951) * feat(redhat): Add EOL date for RHEL 10. (#8910) * fix: Correctly check for semver versions for trivy version check (#8948) * refactor(server): change custom advisory and vulnerability data types fr… (#8923) * ci(helm): bump Trivy version to 0.63.0 for Trivy Helm Chart 0.15.0 (#8946) * release: v0.63.0 [main] (#8809) * fix(misconf): use argument value in WithIncludeDeprecatedChecks (#8942) * chore(deps): Bump trivy-checks (#8934) * fix(julia): add `Relationship` field support (#8939) * feat(minimos): Add support for MinimOS (#8792) * feat(alpine): add maintainer field extraction for APK packages (#8930) * feat(echo): Add Echo Support (#8833) * fix(redhat): Also try to find buildinfo in root layer (layer 0) (#8924) * fix(wolfi): support new APK database location (#8937) * feat(k8s): get components from namespaced resources (#8918) * refactor(cloudformation): remove unused ScanFile method from Scanner (#8927) * refactor(terraform): remove result sorting from scanner (#8928) * feat(misconf): Add support for `Minimum Trivy Version` (#8880) * docs: improve skipping files documentation (#8749) * feat(cli): Add available version checking (#8553) * feat(nodejs): add a bun.lock analyzer (#8897) * feat: terraform parser option to set current working directory (#8909) * perf(secret): only match secrets of meaningful length, allow example strings to not be matched (#8602) * feat(misconf):export raw Terraform data to Rego (#8741) * refactor(terraform): simplify AllReferences method signature in Attribute (#8906) * fix: check post-analyzers for StaticPaths (#8904) * feat: add Bottlerocket OS package analyzer (#8653) * feat(license): improve work text licenses with custom classification (#8888) * chore(deps): bump github.com/containerd/containerd/v2 from 2.1.0 to 2.1.1 (#8901) * chore(deps): bump the common group across 1 directory with 9 updates (#8887) * refactor(license): simplify compound license scanning (#8896) * feat(license): Support compound licenses (licenses using SPDX operators) (#8816) * fix(k8s): use in-memory cache backend during misconfig scanning (#8873) * feat(nodejs): add bun.lock parser (#8851) * feat(license): improve work with custom classification of licenses from config file (#8861) * fix(cli): disable `--skip-dir` and `--skip-files` flags for `sbom` command (#8886) * fix: julia parser panicing (#8883) * refactor(db): change logic to detect wrong DB (#8864) * fix(cli): don't use allow values for `--compliance` flag (#8881) * docs(misconf): Reorganize misconfiguration scan pages (#8206) * fix(server): add missed Relationship field for `rpc` (#8872) * feat: add JSONC support for comments and trailing commas (#8862) * fix(vex): use `lo.IsNil` to check `VEX` from OCI artifact (#8858) * feat(go): support license scanning in both GOPATH and vendor (#8843) * fix(redhat): save contentSets for OS packages in fs/vm modes (#8820) * fix: filter all files when processing files installed from package managers (#8842) * feat(misconf): add misconfiguration location to junit template (#8793) * docs(vuln): remove OSV for Python from data sources (#8841) * chore: add an issue template for maintainers (#8838) * chore: enable staticcheck (#8815) * ci(helm): bump Trivy version to 0.62.1 for Trivy Helm Chart0.14.1 (#8836) * feat(license): scan vendor directory for license for go.mod files (#8689) * docs(java): Update info about dev deps in gradle lock (#8830) * chore(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 in the common group (#8822) * fix(java): exclude dev dependencies in gradle lockfile (#8803) * fix: octalLiteral from go-critic (#8811) * fix(redhat): trim invalid suffix from content_sets in manifest parsing (#8818) * chore(deps): bump the common group across 1 directory with 10 updates (#8817) * fix: use-any from revive (#8810) * fix: more revive rules (#8814) * docs: change in java.md: fix the Trity -to-> Trivy typo (#8813) * fix(misconf): check if for-each is known when expanding dyn block (#8808) * ci(helm): bump Trivy version to 0.62.0 for Trivy Helm Chart 0.14.0 (#8802) - Update to version 0.62.1: * release: v0.62.1 [release/v0.62] (#8825) * chore(deps): bump the common group across 1 directory with 10 updates [backport: release/v0.62] (#8831) * fix(misconf): check if for-each is known when expanding dyn block [backport: release/v0.62] (#8826) * fix(redhat): trim invalid suffix from content_sets in manifest parsing [backport: release/v0.62] (#8824) * release: v0.62.0 [main] (#8669) * feat(nodejs): add root and workspace for `yarn` packages (#8535) * fix: unused-parameter rule from revive (#8794) * chore(deps): Update trivy-checks (#8798) * fix: early-return, indent-error-flow and superfluous-else rules from revive (#8796) * fix(k8s): remove using `last-applied-configuration` (#8791) * refactor(misconf): remove unused methods from providers (#8781) * refactor(misconf): remove unused methods from iac types (#8782) * fix(misconf): filter null nodes when parsing json manifest (#8785) * fix: testifylint last issues (#8768) * fix(misconf): perform operations on attribute safely(#8774) * refactor(ubuntu): update time handling for fixing time (#8780) * chore(deps): bump golangci-lint to v2.1.2 (#8766) * feat(image): save layers metadata into report (#8394) * feat(misconf): convert AWS managed policy to document (#8757) * chore(deps): bump the docker group across 1 directory with 3 updates (#8762) * ci(helm): bump Trivy version to 0.61.1 for Trivy Helm Chart 0.13.1 (#8753) * ci(helm): create a helm branch for patches from main (#8673) * fix(terraform): hcl object expressions to return references (#8271) * chore(terraform): option to pass in instanced logger (#8738) * ci: use `Skitionek/notify-microsoft-teams` instead of `aquasecurity` fork (#8740) * chore(terraform): remove os.OpenPath call from terraform file functions (#8737) * chore(deps): bump the common group across 1 directory with 23 updates (#8733) * feat(rust): add root and workspace relationships/package for `cargo` lock files (#8676) * refactor(misconf): remove module outputs from parser.EvaluateAll (#8587) * fix(misconf): populate context correctly for module instances (#8656) * fix(misconf): check if metadata is not nil (#8647) * refactor(misconf): switch to x/json (#8719) * fix(report): clean buffer after flushing (#8725) * ci: improve PR title validation workflow (#8720) * refactor(flag): improve flag system architecture and extensibility (#8718) * fix(terraform): `evaluateStep` to correctly set `EvalContext` for multiple instances of blocks (#8555) * refactor: migrate from `github.com/aquasecurity/jfather` to `github.com/go-json-experiment/json` (#8591) * feat(misconf): support auto_provisioning_defaults in google_container_cluster (#8705) * ci: use `github.event.pull_request.user.login` for release PR check workflow (#8702) * refactor: add hook interface for extended functionality (#8585) * fix(misconf): addmissing variable as unknown (#8683) * docs: Update maintainer docs (#8674) * ci(vuln): reduce github action script injection attack risk (#8610) * fix(secret): ignore .dist-info directories during secret scanning (#8646) * fix(server): fix redis key when trying to delete blob (#8649) * chore(deps): bump the testcontainers group with 2 updates (#8650) * test: use `aquasecurity` repository for test images (#8677) * chore(deps): bump the aws group across 1 directory with 5 updates (#8652) * fix(k8s): skip passed misconfigs for the summary report (#8684) * fix(k8s): correct compare artifact versions (#8682) * chore: update Docker lib (#8681) * refactor(misconf): remove unused terraform attribute methods (#8657) * feat(misconf): add option to pass Rego scanner to IaC scanner (#8369) * chore: typo fix to replace `rego` with `repo` on the RepoFlagGroup options error output (#8643) * docs: Add info about helm charts release (#8640) * ci(helm): bump Trivy version to 0.61.0 for Trivy Helm Chart 0.13.0 (#8638) - Update to version 0.61.1: * release: v0.61.1 [release/v0.61] (#8704) * fix(k8s): skip passed misconfigs for the summary report [backport: release/v0.61] (#8748) * fix(k8s): correct compare artifact versions [backport: release/v0.61] (#8699) * test: use `aquasecurity` repository for test images [backport: release/v0.61] (#8698) * release: v0.61.0 [main] (#8507) * fix(misconf): Improve logging for unsupported checks (#8634) * feat(k8s): add support for controllers (#8614) * fix(debian): don't include empty licenses for `dpkgs` (#8623) * fix(misconf): Check values wholly prior to evalution (#8604) * chore(deps): Bump trivy-checks (#8619) * fix(k8s): show report for `--report all` (#8613) * chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#8597) * refactor: rename scanner to service (#8584) *fix(misconf): do not skip loading documents from subdirectories (#8526) * refactor(misconf): get a block or attribute without calling HasChild (#8586) * fix(misconf): identify the chart file exactly by name (#8590) * test: use table-driven tests in Helm scanner tests (#8592) * refactor(misconf): Simplify misconfig checks bundle parsing (#8533) * chore(deps): bump the common group across 1 directory with 10 updates (#8566) * fix(misconf): do not use cty.NilVal for non-nil values (#8567) * docs(cli): improve flag value display format (#8560) * fix(misconf): set default values for AWS::EKS::Cluster.ResourcesVpcConfig (#8548) * docs: remove slack (#8565) * fix: use `--file-patterns` flag for all post analyzers (#7365) * docs(python): Mention pip-compile (#8484) * feat(misconf): adapt aws_opensearch_domain (#8550) * feat(misconf): adapt AWS::EC2::VPC (#8534) * docs: fix a broken link (#8546) * fix(fs): check postAnalyzers for StaticPaths (#8543) * refactor(misconf): remove unused methods for ec2.Instance (#8536) * feat(misconf): adapt aws_default_security_group (#8538) * feat(fs): optimize scanning performance by direct file access for known paths (#8525) * feat(misconf): adapt AWS::DynamoDB::Table (#8529) * style: Fix MD syntax in self-hosting.md (#8523) * perf(misconf): retrieve check metadata from annotations once (#8478) * feat(misconf): Add support for aws_ami (#8499) * fix(misconf): skip Azure CreateUiDefinition (#8503) * refactor(misconf): use OPA v1 (#8518) * fix(misconf): add ephemeral block type to config schema (#8513) * perf(misconf): parse input for Rego once (#8483) * feat: replace TinyGo with standard Go for WebAssembly modules (#8496) * chore: replace deprecated tenv linter with usetesting (#8504) * fix(spdx): save text licenses into `otherLicenses` without normalize (#8502) * chore(deps): bump the common group across 1directory with 13 updates (#8491) * chore: use go.mod for managing Go tools (#8493) * ci(helm): bump Trivy version to 0.60.0 for Trivy Helm Chart 0.12.0 (#8494) * release: v0.60.0 [main] (#8327) * fix(sbom): improve logic for binding direct dependency to parent component (#8489) * chore(deps): remove missed replace of `trivy-db` (#8492) * chore(deps): bump alpine from 3.21.0 to 3.21.3 in the docker group across 1 directory (#8490) * chore(deps): update Go to 1.24 and switch to go-version-file (#8388) * docs: add abbreviation list (#8453) * chore(terraform): assign *terraform.Module 'parent' field (#8444) * feat: add report summary table (#8177) * chore(deps): bump the github-actions group with 3 updates (#8473) * refactor(vex): improve SBOM reference handling with project standards (#8457) * ci: update GitHub Actions cache to v4 (#8475) * feat: add `--vuln-severity-source` flag (#8269) * fix(os): add mapping OS aliases (#8466) * chore(deps): bump the aws group across 1 directory with 7 updates (#8468) * chore(deps): Bump trivy-checks to v1.7.1 (#8467) * refactor(report): write tables after rendering all results (#8357) * docs: update VEX documentation index page (#8458) * fix(db): fix case when 2 trivy-db were copied at the same time (#8452) * feat(misconf): render causes for Terraform (#8360) * fix(misconf): fix incorrect k8s locations due to JSON to YAML conversion (#8073) * feat(cyclonedx): Add initial support for loading external VEX files from SBOM references (#8254) * chore(deps): update go-rustaudit location (#8450) * fix: update all documentation links (#8045) * chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 (#8443) * chore(deps): bump the common group with 6 updates (#8411) * fix(k8s): add missed option `PkgRelationships` (#8442) * fix(sbom): add SBOM file's filePath asApplication FilePath if we can't detect its path (#8346) * feat(go): fix parsing main module version for go > = 1.24 (#8433) * refactor(misconf): make Rego scanner independent of config type (#7517) * fix(image): disable AVD-DS-0007 for history scanning (#8366) * fix(server): secrets inspectation for the config analyzer in client server mode (#8418) * chore: remove mockery (#8417) * test(server): replace mock driver with memory cache in server tests (#8416) * test: replace mock with memory cache and fix non-deterministic tests (#8410) * test: replace mock with memory cache in scanner tests (#8413) * test: use memory cache (#8403) * fix(spdx): init `pkgFilePaths` map for all formats (#8380) * chore(deps): bump the common group across 1 directory with 11 updates (#8381) * docs: correct Ruby documentation (#8402) * chore: bump `mockery` to update v2.52.2 version and rebuild mock files (#8390) * fix: don't use `scope` for `trivy registry login` command (#8393) * fix(go): merge nested flags into string for ldflags for Go binaries (#8368) * chore(terraform): export module path on terraform modules (#8374) * fix(terraform): apply parser options to submodule parsing (#8377) * docs: Fix typos in documentation (#8361) * docs: fix navigate links (#8336) * ci(helm): bump Trivy version to 0.59.1 for Trivy Helm Chart 0.11.1 (#8354) * ci(spdx): add `aqua-installer` step to fix `mage` error (#8353) * chore: remove debug prints (#8347) * fix(misconf): do not log scanners when misconfig scanning is disabled (#8345) * fix(report): remove html escaping for `shortDescription` and `fullDescription` fields for sarif reports (#8344) * chore(deps): bump Go to `v1.23.5` (#8341) * fix(python): add `poetry` v2 support (#8323) * chore(deps): bump the github-actions group across 1 directory with 4 updates (#8331) * fix(misconf):ecs include enhanced for container insights (#8326) * fix(sbom): preserve OS packages from multiple SBOMs (#8325) * ci(helm): bump Trivy version to 0.59.0 for Trivy Helm Chart 0.11.0 (#8311) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2025-303=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): trivy-0.64.1-bp156.2.12.1 References: https://www.suse.com/security/cve/CVE-2024-45338.html https://www.suse.com/security/cve/CVE-2024-51744.html https://www.suse.com/security/cve/CVE-2025-53547.html https://bugzilla.suse.com/1232948 https://bugzilla.suse.com/1235265 https://bugzilla.suse.com/1246151 . A critical patch for openSUSE has been released, targeting several flaws found in trivy, and it is ready for deployment.. openSUSE,trivy,security update,patch,vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Aug 19, 2025 Important OpenSUSE
87

Debian Bookworm: DSA-5932-1 Moderate: Thunderbird Arbitrary Code Execution

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the stable distribution (bookworm), these problems have been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5932-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff May 30, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : thunderbird CVE ID : CVE-2025-4918 CVE-2025-4919 CVE-2025-5263 CVE-2025-5264 CVE-2025-5266 CVE-2025-5267 CVE-2025-5268 CVE-2025-5269 CVE-2025-5283 Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the stable distribution (bookworm), these problems have been fixed in version 1:128.11.0esr-1~deb12u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . New security patches issued for Thunderbird in Debian Bookworm. Users urged to update to mitigate potential exploitation threats.. Debian Security Advisory, Thunderbird Update, Code Execution Risk, Patch Release. . LinuxSecurity.com Team

Calendar%202 May 30, 2025 Debian
100

openSUSE: 2025:01702-1 critical: glibc code execution risk

* bsc#1243317 Cross-References: * CVE-2025-4802 . # Security update for glibc Announcement ID: SUSE-SU-2025:01702-1 Release Date: 2025-05-24T09:51:05Z Rating: important References: * bsc#1243317 Cross-References: * CVE-2025-4802 CVSS scores: * CVE-2025-4802 ( SUSE ): 9.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-4802 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-4802 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for glibc fixes the following issues: * CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-1702=1 openSUSE-SLE-15.6-2025-1702=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1702=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-1702=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586 i686) * glibc-devel-debuginfo-2.38-150600.14.32.1 * glibc-locale-base-2.38-150600.14.32.1 * glibc-profile-2.38-150600.14.32.1 * glibc-locale-2.38-150600.14.32.1 * libnsl1-debuginfo-2.38-150600.14.32.1 * glibc-locale-base-debuginfo-2.38-150600.14.32.1 *glibc-devel-2.38-150600.14.32.1 * glibc-debuginfo-2.38-150600.14.32.1 * glibc-debugsource-2.38-150600.14.32.1 * glibc-devel-static-2.38-150600.14.32.1 * libnsl1-2.38-150600.14.32.1 * glibc-2.38-150600.14.32.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * nscd-debuginfo-2.38-150600.14.32.1 * glibc-extra-2.38-150600.14.32.1 * glibc-utils-debuginfo-2.38-150600.14.32.1 * nscd-2.38-150600.14.32.1 * glibc-utils-src-debugsource-2.38-150600.14.32.1 * glibc-utils-2.38-150600.14.32.1 * glibc-extra-debuginfo-2.38-150600.14.32.1 * openSUSE Leap 15.6 (noarch) * glibc-lang-2.38-150600.14.32.1 * glibc-html-2.38-150600.14.32.1 * glibc-i18ndata-2.38-150600.14.32.1 * glibc-info-2.38-150600.14.32.1 * openSUSE Leap 15.6 (x86_64) * glibc-profile-32bit-2.38-150600.14.32.1 * libnsl1-32bit-2.38-150600.14.32.1 * libnsl1-32bit-debuginfo-2.38-150600.14.32.1 * glibc-devel-static-32bit-2.38-150600.14.32.1 * glibc-devel-32bit-2.38-150600.14.32.1 * glibc-32bit-2.38-150600.14.32.1 * glibc-utils-32bit-debuginfo-2.38-150600.14.32.1 * glibc-locale-base-32bit-2.38-150600.14.32.1 * glibc-utils-32bit-2.38-150600.14.32.1 * glibc-locale-base-32bit-debuginfo-2.38-150600.14.32.1 * glibc-devel-32bit-debuginfo-2.38-150600.14.32.1 * glibc-32bit-debuginfo-2.38-150600.14.32.1 * openSUSE Leap 15.6 (aarch64_ilp32) * glibc-utils-64bit-debuginfo-2.38-150600.14.32.1 * libnsl1-64bit-2.38-150600.14.32.1 * glibc-utils-64bit-2.38-150600.14.32.1 * glibc-profile-64bit-2.38-150600.14.32.1 * libnsl1-64bit-debuginfo-2.38-150600.14.32.1 * glibc-locale-base-64bit-debuginfo-2.38-150600.14.32.1 * glibc-devel-64bit-debuginfo-2.38-150600.14.32.1 * glibc-64bit-2.38-150600.14.32.1 * glibc-devel-64bit-2.38-150600.14.32.1 * glibc-locale-base-64bit-2.38-150600.14.32.1 * glibc-64bit-debuginfo-2.38-150600.14.32.1 * glibc-devel-static-64bit-2.38-150600.14.32.1 * Basesystem Module 15-SP6 (aarch64 ppc64les390x x86_64) * nscd-debuginfo-2.38-150600.14.32.1 * glibc-devel-debuginfo-2.38-150600.14.32.1 * glibc-extra-2.38-150600.14.32.1 * glibc-locale-base-2.38-150600.14.32.1 * glibc-locale-2.38-150600.14.32.1 * glibc-profile-2.38-150600.14.32.1 * libnsl1-debuginfo-2.38-150600.14.32.1 * nscd-2.38-150600.14.32.1 * glibc-locale-base-debuginfo-2.38-150600.14.32.1 * glibc-devel-2.38-150600.14.32.1 * glibc-debuginfo-2.38-150600.14.32.1 * glibc-debugsource-2.38-150600.14.32.1 * libnsl1-2.38-150600.14.32.1 * glibc-2.38-150600.14.32.1 * glibc-extra-debuginfo-2.38-150600.14.32.1 * Basesystem Module 15-SP6 (noarch) * glibc-info-2.38-150600.14.32.1 * glibc-i18ndata-2.38-150600.14.32.1 * glibc-lang-2.38-150600.14.32.1 * Basesystem Module 15-SP6 (x86_64) * libnsl1-32bit-2.38-150600.14.32.1 * libnsl1-32bit-debuginfo-2.38-150600.14.32.1 * glibc-32bit-2.38-150600.14.32.1 * glibc-locale-base-32bit-2.38-150600.14.32.1 * glibc-locale-base-32bit-debuginfo-2.38-150600.14.32.1 * glibc-32bit-debuginfo-2.38-150600.14.32.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * glibc-utils-debuginfo-2.38-150600.14.32.1 * glibc-utils-src-debugsource-2.38-150600.14.32.1 * glibc-devel-static-2.38-150600.14.32.1 * glibc-debuginfo-2.38-150600.14.32.1 * glibc-debugsource-2.38-150600.14.32.1 * glibc-utils-2.38-150600.14.32.1 * Development Tools Module 15-SP6 (x86_64) * glibc-devel-32bit-debuginfo-2.38-150600.14.32.1 * glibc-devel-32bit-2.38-150600.14.32.1 * glibc-32bit-debuginfo-2.38-150600.14.32.1 ## References: * https://www.suse.com/security/cve/CVE-2025-4802.html * https://bugzilla.suse.com/show_bug.cgi?id=1243317 . A significant patch for libc addressing vulnerabilities linked to unauthorized command execution alongside an in-depth risk evaluation.. glibc update, openSUSE security, code execution, security advisory, Linux vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 26, 2025 Important SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200