Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed.. openSUSE security update: security update for python-pip ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20880-1 Rating: moderate References: * bsc#1262429 * bsc#1263442 Cross-References: * CVE-2026-1703 * CVE-2026-3219 * CVE-2026-6357 CVSS scores: * CVE-2026-1703 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-1703 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3219 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-3219 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-6357 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N * CVE-2026-6357 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed. Description: This update for python-pip fixes the following issues: - CVE-2026-3219: concatenated tar and ZIP files are handled as ZIP files, resulting in possibly obfuscated malicious code (bsc#1262429). - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation, resulting in potential arbitrary code execution (bsc#1263442). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-872=1 Package List: - openSUSE Leap 16.0: python313-pip-25.0.1-160000.4.1 python313-pip-wheel-25.0.1-160000.4.1 References: * https://www.suse.com/security/cve/CVE-2026-1703.html * https://www.suse.com/security/cve/CVE-2026-3219.html *https://www.suse.com/security/cve/CVE-2026-6357.html . Update for python-pip on openSUSE addresses three issues, allowing installation of both security and bug fix patches.. openSUSE Update, Python Pip Security, Vulnerability Fixes, Software Patch Management, Open Source Security. . Severity: moderate. LinuxSecurity.com Team
An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed.. openSUSE security update: security update for python-pip ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20880-1 Rating: moderate References: * bsc#1262429 * bsc#1263442 Cross-References: * CVE-2026-1703 * CVE-2026-3219 * CVE-2026-6357 CVSS scores: * CVE-2026-1703 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-1703 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3219 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-3219 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-6357 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N * CVE-2026-6357 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed. Description: This update for python-pip fixes the following issues: - CVE-2026-3219: concatenated tar and ZIP files are handled as ZIP files, resulting in possibly obfuscated malicious code (bsc#1262429). - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation, resulting in potential arbitrary code execution (bsc#1263442). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-872=1 Package List: - openSUSE Leap 16.0: python313-pip-25.0.1-160000.4.1 python313-pip-wheel-25.0.1-160000.4.1 References: * https://www.suse.com/security/cve/CVE-2026-1703.html * https://www.suse.com/security/cve/CVE-2026-3219.html *https://www.suse.com/security/cve/CVE-2026-6357.html . An openSUSE security advisory for python-pip addressing 3 vulnerabilities and bug fixes with moderate severity.. openSUSE security, python-pip update, moderate execution risk. . Severity: moderate. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21734-1 Release Date: 2026-05-19T15:51:11Z Rating: important References: * bsc#1265308 Cross-References: * CVE-2026-46333 CVSS scores: * CVE-2026-46333 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46333 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46333 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2026-46333:ptrace: slightly saner 'get_dumpable()' logic (bsc#1265308). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-431=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * kernel-source-rt-6.4.0-46.1 * kernel-devel-rt-6.4.0-46.1 * SUSE Linux Micro 6.1 (aarch64 nosrc x86_64) * kernel-rt-6.4.0-46.1 * SUSE Linux Micro 6.1 (aarch64 x86_64) * kernel-rt-debugsource-6.4.0-46.1 * kernel-rt-devel-6.4.0-46.1 * kernel-rt-debuginfo-6.4.0-46.1 * SUSE Linux Micro 6.1 (x86_64) * kernel-rt-livepatch-6.4.0-46.1 * kernel-rt-devel-debuginfo-6.4.0-46.1 ## References: * https://www.suse.com/security/cve/CVE-2026-46333.html * https://bugzilla.suse.com/show_bug.cgi?id=1265308 . Important update available for SUSE Linux Micro kernels addressing CVE-2026-46333 with potential execution risks. Reboot required.. SUSE Linux Micro,kernelupdate,CVE-2026-46333,security patch,execution risk. . Severity: Important. LinuxSecurity.com Team
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, bypass of the same-origin policy, privilege escalation, information disclosure, spoofing or sandbox escape. For the oldstable distribution (bookworm), these problems have been fixed. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6283-1
An update that solves three vulnerabilities can now be installed.. # Security update for docker-compose Announcement ID: SUSE-SU-2026:20976-1 Release Date: 2026-03-27T10:04:45Z Rating: important References: * bsc#1252752 * bsc#1253584 * bsc#1254041 Cross-References: * CVE-2025-47913 * CVE-2025-47914 * CVE-2025-62725 CVSS scores: * CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47914 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47914 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-62725 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-62725 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-62725 ( NVD ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for docker-compose fixes the following issues: * CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253584). * CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1254041). * CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files (bsc#1252752). ## Patch Instructions: To install this SUSE update use the SUSE recommendedinstallation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-455=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * docker-compose-2.33.1-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-47913.html * https://www.suse.com/security/cve/CVE-2025-47914.html * https://www.suse.com/security/cve/CVE-2025-62725.html * https://bugzilla.suse.com/show_bug.cgi?id=1252752 * https://bugzilla.suse.com/show_bug.cgi?id=1253584 * https://bugzilla.suse.com/show_bug.cgi?id=1254041 . An important update for docker-compose addresses three security issues in SUSE products.. docker-compose vulnerabilities SUSE update important. . Severity: Important. LinuxSecurity.com Team
Two security vulnerabilities were discovered in libpng, a library implementing an interface for reading and writing PNG (Portable Network Graphics) files, which could result in denial of service or potentially the execution of arbitrary code. For the oldstable distribution (bookworm), these problems have been fixed. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6189-1
An update that solves one vulnerability can now be installed.. # python311-asgiref-3.11.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10216-1 Rating: moderate Cross-References: * CVE-2025-14550 CVSS scores: * CVE-2025-14550 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the python311-asgiref-3.11.1-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * python311-asgiref 3.11.1-1.1 * python312-asgiref 3.11.1-1.1 * python313-asgiref 3.11.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14550.html . Critical updates enhance security by resolving an issue in python311-asgiref, improving overall system integrity.. openSUSE updates, python security, moderate severity issues. . LinuxSecurity.com Team
Several security issues were fixed in CRaC JDK 21.. ========================================================================== Ubuntu Security Notice USN-8003-1 February 02, 2026 openjdk-21-crac vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 Summary: Several security issues were fixed in CRaC JDK 21. Software Description: - openjdk-21-crac: Open Source Java implementation with Coordinated Restore at Checkpoints Details: It was discovered that the RMI component of CRaC JDK 21 would establish RMI TCP endpoint connections to a remote host without setting an endpoint identification algorithm. An unauthenticated remote attacker could possibly use this issue to steal sensitive information. (CVE-2026-21925) Mingijung discovered that the AWT and JavaFX componenets of CRaC JDK 21 could run programs if Desktop.browse() was supplied a filename as a URI. An unauthenticated remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-21932) Zhihui Chen discovered that the Networking component of CRaC JDK 21 was suceptible to a CRLF injection vulnerability via the HttpServer class. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. (CVE-2026-21933) Ireneusz Pastusiak discovered that the Security component of CRaC JDK 21 failed to verify provided URIs point to a legitimate source when AIA is enabled. An unauthenticated remote attacker could possibly use this issue to redirect users to malicious hosts. (CVE-2026-21945) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2026-01-20 Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 openjdk-21-crac-demo 21.0.10+7-0ubuntu1~25.10 openjdk-21-crac-doc 21.0.10+7-0ubuntu1~25.10 openjdk-21-crac-jdk 21.0.10+7-0ubuntu1~25.10 openjdk-21-crac-jdk-headless 21.0.10+7-0ubuntu1~25.10 openjdk-21-crac-jre 21.0.10+7-0ubuntu1~25.10 openjdk-21-crac-jre-headless 21.0.10+7-0ubuntu1~25.10 openjdk-21-crac-jre-zero 21.0.10+7-0ubuntu1~25.10 openjdk-21-crac-source 21.0.10+7-0ubuntu1~25.10 openjdk-21-crac-testsupport 21.0.10+7-0ubuntu1~25.10 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart Java applications to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8003-1 CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945 Package Information: https://launchpad.net/ubuntu/+source/openjdk-21-crac/21.0.10+7-0ubuntu1~25.10 . Critical issues in Ubuntu's openjdk-21-crac could lead to remote attacks or arbitrary code execution risks.. OpenJDK, Security Advisory, Ubuntu 25.10, Remote Attack, Java Security Fix. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.