Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 221 articles for you...
202

openSUSE Python Pip Moderate Fix for Execution Risks CVE-2026-3219

An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed.. openSUSE security update: security update for python-pip ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20880-1 Rating: moderate References: * bsc#1262429 * bsc#1263442 Cross-References: * CVE-2026-1703 * CVE-2026-3219 * CVE-2026-6357 CVSS scores: * CVE-2026-1703 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-1703 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3219 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-3219 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-6357 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N * CVE-2026-6357 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed. Description: This update for python-pip fixes the following issues: - CVE-2026-3219: concatenated tar and ZIP files are handled as ZIP files, resulting in possibly obfuscated malicious code (bsc#1262429). - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation, resulting in potential arbitrary code execution (bsc#1263442). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-872=1 Package List: - openSUSE Leap 16.0: python313-pip-25.0.1-160000.4.1 python313-pip-wheel-25.0.1-160000.4.1 References: * https://www.suse.com/security/cve/CVE-2026-1703.html * https://www.suse.com/security/cve/CVE-2026-3219.html *https://www.suse.com/security/cve/CVE-2026-6357.html . Update for python-pip on openSUSE addresses three issues, allowing installation of both security and bug fix patches.. openSUSE Update, Python Pip Security, Vulnerability Fixes, Software Patch Management, Open Source Security. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jun 03, 2026 moderate OpenSUSE
202

openSUSE python-pip Moderate Zip Handling Risk CVE-2026-1703

An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed.. openSUSE security update: security update for python-pip ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20880-1 Rating: moderate References: * bsc#1262429 * bsc#1263442 Cross-References: * CVE-2026-1703 * CVE-2026-3219 * CVE-2026-6357 CVSS scores: * CVE-2026-1703 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-1703 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3219 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-3219 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-6357 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N * CVE-2026-6357 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed. Description: This update for python-pip fixes the following issues: - CVE-2026-3219: concatenated tar and ZIP files are handled as ZIP files, resulting in possibly obfuscated malicious code (bsc#1262429). - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation, resulting in potential arbitrary code execution (bsc#1263442). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-872=1 Package List: - openSUSE Leap 16.0: python313-pip-25.0.1-160000.4.1 python313-pip-wheel-25.0.1-160000.4.1 References: * https://www.suse.com/security/cve/CVE-2026-1703.html * https://www.suse.com/security/cve/CVE-2026-3219.html *https://www.suse.com/security/cve/CVE-2026-6357.html . An openSUSE security advisory for python-pip addressing 3 vulnerabilities and bug fixes with moderate severity.. openSUSE security, python-pip update, moderate execution risk. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jun 03, 2026 moderate OpenSUSE
100

SUSE Linux Micro Kernel Important Fix CVE-2026-46333 Advisory 2026-21734-1

An update that solves one vulnerability can now be installed.. # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21734-1 Release Date: 2026-05-19T15:51:11Z Rating: important References: * bsc#1265308 Cross-References: * CVE-2026-46333 CVSS scores: * CVE-2026-46333 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46333 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46333 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2026-46333:ptrace: slightly saner 'get_dumpable()' logic (bsc#1265308). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-431=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * kernel-source-rt-6.4.0-46.1 * kernel-devel-rt-6.4.0-46.1 * SUSE Linux Micro 6.1 (aarch64 nosrc x86_64) * kernel-rt-6.4.0-46.1 * SUSE Linux Micro 6.1 (aarch64 x86_64) * kernel-rt-debugsource-6.4.0-46.1 * kernel-rt-devel-6.4.0-46.1 * kernel-rt-debuginfo-6.4.0-46.1 * SUSE Linux Micro 6.1 (x86_64) * kernel-rt-livepatch-6.4.0-46.1 * kernel-rt-devel-debuginfo-6.4.0-46.1 ## References: * https://www.suse.com/security/cve/CVE-2026-46333.html * https://bugzilla.suse.com/show_bug.cgi?id=1265308 . Important update available for SUSE Linux Micro kernels addressing CVE-2026-46333 with potential execution risks. Reboot required.. SUSE Linux Micro,kernelupdate,CVE-2026-46333,security patch,execution risk. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 22, 2026 Important SuSE
87

Debian Bookworm Firefox-esr Security Advisory DSA-6283-1

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, bypass of the same-origin policy, privilege escalation, information disclosure, spoofing or sandbox escape. For the oldstable distribution (bookworm), these problems have been fixed. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6283-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff May 20, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2026-8388 CVE-2026-8391 CVE-2026-8401 CVE-2026-8946 CVE-2026-8947 CVE-2026-8950 CVE-2026-8953 CVE-2026-8954 CVE-2026-8955 CVE-2026-8956 CVE-2026-8957 CVE-2026-8958 CVE-2026-8961 CVE-2026-8962 CVE-2026-8968 CVE-2026-8970 CVE-2026-8974 CVE-2026-8975 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, bypass of the same-origin policy, privilege escalation, information disclosure, spoofing or sandbox escape. For the oldstable distribution (bookworm), these problems have been fixed in version 140.11.0esr-1~deb12u1. For the stable distribution (trixie), these problems have been fixed in version 140.11.0esr-1~deb13u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Multiple security issues in Mozilla Firefox-esr could leadto arbitrary code execution and privilege escalation in Debian.. Mozilla Firefox Debian Security Arbitrary Code. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 20, 2026 Critical Debian
100

SUSE Docker-Compose Key Security Update for Multiple CVEs in 2026

An update that solves three vulnerabilities can now be installed.. # Security update for docker-compose Announcement ID: SUSE-SU-2026:20976-1 Release Date: 2026-03-27T10:04:45Z Rating: important References: * bsc#1252752 * bsc#1253584 * bsc#1254041 Cross-References: * CVE-2025-47913 * CVE-2025-47914 * CVE-2025-62725 CVSS scores: * CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47914 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47914 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-62725 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-62725 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-62725 ( NVD ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for docker-compose fixes the following issues: * CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253584). * CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1254041). * CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files (bsc#1252752). ## Patch Instructions: To install this SUSE update use the SUSE recommendedinstallation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-455=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * docker-compose-2.33.1-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-47913.html * https://www.suse.com/security/cve/CVE-2025-47914.html * https://www.suse.com/security/cve/CVE-2025-62725.html * https://bugzilla.suse.com/show_bug.cgi?id=1252752 * https://bugzilla.suse.com/show_bug.cgi?id=1253584 * https://bugzilla.suse.com/show_bug.cgi?id=1254041 . An important update for docker-compose addresses three security issues in SUSE products.. docker-compose vulnerabilities SUSE update important. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 09, 2026 Important SuSE
87

Debian libpng1.6 Critical DDoS Exec Vulnerability DSA-6189-1 Alert

Two security vulnerabilities were discovered in libpng, a library implementing an interface for reading and writing PNG (Portable Network Graphics) files, which could result in denial of service or potentially the execution of arbitrary code. For the oldstable distribution (bookworm), these problems have been fixed. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6189-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff March 31, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libpng1.6 CVE ID : CVE-2026-33416 CVE-2026-33636 Two security vulnerabilities were discovered in libpng, a library implementing an interface for reading and writing PNG (Portable Network Graphics) files, which could result in denial of service or potentially the execution of arbitrary code. For the oldstable distribution (bookworm), these problems have been fixed in version 1.6.39-2+deb12u4. For the stable distribution (trixie), these problems have been fixed in version 1.6.48-1+deb13u4. We recommend that you upgrade your libpng1.6 packages. For the detailed security status of libpng1.6 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/libpng1.6 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Two critical vulnerabilities in libpng fixed for Debian distributions, address potential execution risks. Upgrade recommended.. libpng security, Debian DSA, denial of service, code execution risk, security advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Mar 31, 2026 Critical Debian
202

openSUSE Tumbleweed python311-asgiref Moderate Threat CVE-2025-14550

An update that solves one vulnerability can now be installed.. # python311-asgiref-3.11.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10216-1 Rating: moderate Cross-References: * CVE-2025-14550 CVSS scores: * CVE-2025-14550 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the python311-asgiref-3.11.1-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * python311-asgiref 3.11.1-1.1 * python312-asgiref 3.11.1-1.1 * python313-asgiref 3.11.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14550.html . Critical updates enhance security by resolving an issue in python311-asgiref, improving overall system integrity.. openSUSE updates, python security, moderate severity issues. . LinuxSecurity.com Team

Calendar%202 Feb 18, 2026 OpenSUSE
172

Ubuntu 25.10 OpenJDK-21-crac Important Remote Access Threat USN-8003-1

Several security issues were fixed in CRaC JDK 21.. ========================================================================== Ubuntu Security Notice USN-8003-1 February 02, 2026 openjdk-21-crac vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 Summary: Several security issues were fixed in CRaC JDK 21. Software Description: - openjdk-21-crac: Open Source Java implementation with Coordinated Restore at Checkpoints Details: It was discovered that the RMI component of CRaC JDK 21 would establish RMI TCP endpoint connections to a remote host without setting an endpoint identification algorithm. An unauthenticated remote attacker could possibly use this issue to steal sensitive information. (CVE-2026-21925) Mingijung discovered that the AWT and JavaFX componenets of CRaC JDK 21 could run programs if Desktop.browse() was supplied a filename as a URI. An unauthenticated remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-21932) Zhihui Chen discovered that the Networking component of CRaC JDK 21 was suceptible to a CRLF injection vulnerability via the HttpServer class. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. (CVE-2026-21933) Ireneusz Pastusiak discovered that the Security component of CRaC JDK 21 failed to verify provided URIs point to a legitimate source when AIA is enabled. An unauthenticated remote attacker could possibly use this issue to redirect users to malicious hosts. (CVE-2026-21945) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2026-01-20 Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 openjdk-21-crac-demo 21.0.10+7-0ubuntu1~25.10 openjdk-21-crac-doc 21.0.10+7-0ubuntu1~25.10 openjdk-21-crac-jdk 21.0.10+7-0ubuntu1~25.10 openjdk-21-crac-jdk-headless 21.0.10+7-0ubuntu1~25.10 openjdk-21-crac-jre 21.0.10+7-0ubuntu1~25.10 openjdk-21-crac-jre-headless 21.0.10+7-0ubuntu1~25.10 openjdk-21-crac-jre-zero 21.0.10+7-0ubuntu1~25.10 openjdk-21-crac-source 21.0.10+7-0ubuntu1~25.10 openjdk-21-crac-testsupport 21.0.10+7-0ubuntu1~25.10 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart Java applications to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8003-1 CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945 Package Information: https://launchpad.net/ubuntu/+source/openjdk-21-crac/21.0.10+7-0ubuntu1~25.10 . Critical issues in Ubuntu's openjdk-21-crac could lead to remote attacks or arbitrary code execution risks.. OpenJDK, Security Advisory, Ubuntu 25.10, Remote Attack, Java Security Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 03, 2026 Important Ubuntu
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200