Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 135 articles for you...
172

Ubuntu 25.10 NNCP Important File Access Threat USN-8359-1

NNCP could allow unintended access to files.. ========================================================================== Ubuntu Security Notice USN-8359-1 June 01, 2026 nncp vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: NNCP could allow unintended access to files. Software Description: - nncp: package facilitating secure store-and-forward file and mail exchange Details: It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote attacker could possibly use this issue to read or write arbitrary files outside of the intended directory. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 nncp 8.11.0-4+deb13u1build0.25.10.1 Ubuntu 24.04 LTS nncp 8.10.0-8ubuntu0.3+esm3 Available with Ubuntu Pro Ubuntu 22.04 LTS nncp 8.5.0-1ubuntu0.1+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8359-1 CVE-2025-60020 Package Information: https://launchpad.net/ubuntu/+source/nncp/8.11.0-4+deb13u1build0.25.10.1 . NNCP flaw in Ubuntu allows unauthorized file access. Update to protect against potential remote attacks now.. Ubuntu NNCP security Threat Protection File Access Remote Attacks. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 01, 2026 Important Ubuntu
172

Ubuntu 25.10 NNCP Critical File Access Issue USN-8359-1

NNCP could allow unintended access to files.. ========================================================================== Ubuntu Security Notice USN-8359-1 June 01, 2026 nncp vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: NNCP could allow unintended access to files. Software Description: - nncp: package facilitating secure store-and-forward file and mail exchange Details: It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote attacker could possibly use this issue to read or write arbitrary files outside of the intended directory. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 nncp 8.11.0-4+deb13u1build0.25.10.1 Ubuntu 24.04 LTS nncp 8.10.0-8ubuntu0.3+esm3 Available with Ubuntu Pro Ubuntu 22.04 LTS nncp 8.5.0-1ubuntu0.1+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8359-1 CVE-2025-60020 Package Information: https://launchpad.net/ubuntu/+source/nncp/8.11.0-4+deb13u1build0.25.10.1 . NNCP vulnerability on Ubuntu allows unintended file access. Update your system to mitigate risks from CVE-2025-60020.. file access control, remote access security, NNCP update instructions. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 01, 2026 Critical Ubuntu
89

Fedora 43 docker-compose Security Flaw Allows Code Execution File Access

Update to release v5.1.4 Resolves: rhbz#2480186 Upstream fixes Update to release v5.1.3 Resolves rhbz#2458697. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-951a6725b8 2026-05-30 01:07:34.273912+00:00 -------------------------------------------------------------------------------- Name : docker-compose Product : Fedora 43 Version : 5.1.4 Release : 1.fc43 URL : https://github.com/docker/compose Summary : Define and run multi-container applications with Docker Description : Define and run multi-container applications with Docker. -------------------------------------------------------------------------------- Update Information: Update to release v5.1.4 Resolves: rhbz#2480186 Upstream fixes Update to release v5.1.3 Resolves rhbz#2458697 Resolves CVE-2026-33747: rhbz#2452188, rhbz#2452199 Resolves CVE-2026-33748: rhbz#2453089 Upstream fixes -------------------------------------------------------------------------------- ChangeLog: * Wed May 20 2026 Bradley G Smith - 5.1.4-1 - Update to release v5.1.4 - Resolves: rhbz#2480186 - Upstream fixes * Wed Apr 15 2026 Bradley G Smith - 5.1.3-1 - Update to release v5.1.3 - Resolves rhbz#2458697 - Resolves CVE-2026-33747: rhbz#2452188, rhbz#2452199 - Resolves CVE-2026-33748: rhbz#2453089 - Upstream fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #2452188 - CVE-2026-33747 docker-compose: BuildKit: Arbitrary file write and code execution via untrusted frontend [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2452188 [ 2 ] Bug #2452199 - CVE-2026-33747 docker-compose: BuildKit: Arbitrary file write and code execution via untrusted frontend [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2452199 [ 3 ] Bug #2453089 - CVE-2026-33748 docker-compose: BuildKit: Unauthorized file access via Git URL fragment subdir components[fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453089 [ 4 ] Bug #2458697 - docker-compose-5.1.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2458697 [ 5 ] Bug #2480186 - docker-compose-5.1.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2480186 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-951a6725b8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fedora 43 docker-compose security advisory details critical risks. Fixes for file access and code execution vulnerabilities enhance system safety.. docker-compose Fedora security fixes code execution vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 30, 2026 Critical Fedora
172

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Several security issues were fixed in Docker.. ========================================================================== Ubuntu Security Notice USN-8230-1 May 06, 2026 docker.io-app vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Docker. Software Description: - docker.io-app: Linux container runtime Details: It was discovered that BuildKit, contained within Docker, incorrectly handled file path validation when processing frontend API messages. An attacker could possibly use this issue to write files outside of the intended state directory. (CVE-2026-33747) It was discovered that BuildKit, contained within Docker, incorrectly validated the subdir component of Git URL fragments. An attacker could possibly use this issue to access files outside of the checked-out repository root. (CVE-2026-33748) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS docker.io 29.1.3-0ubuntu4.1 Ubuntu 24.04 LTS docker.io 29.1.3-0ubuntu3~24.04.2 Ubuntu 22.04 LTS docker.io 29.1.3-0ubuntu3~22.04.2 Ubuntu 20.04 LTS docker.io 26.1.3-0ubuntu1~20.04.1+esm2 Available with Ubuntu Pro After a standard system update you need to restart Docker to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8230-1 CVE-2026-33747, CVE-2026-33748 Package Information: https://launchpad.net/ubuntu/+source/docker.io-app/29.1.3-0ubuntu4.1 https://launchpad.net/ubuntu/+source/docker.io-app/29.1.3-0ubuntu3~24.04.2 https://launchpad.net/ubuntu/+source/docker.io-app/29.1.3-0ubuntu3~22.04.2 . ==========================================================================Ubuntu Security Notice US. security, docker, ======================================================. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 06, 2026 Critical Ubuntu
100

SUSE Flatpak Important Code Execution and File Access Flaws 2026-1541-1

An update that solves two vulnerabilities can now be installed.. # Security update for flatpak Announcement ID: SUSE-SU-2026:1541-1 Release Date: 2026-04-22T07:22:36Z Rating: important References: * bsc#1261769 * bsc#1261770 Cross-References: * CVE-2026-34078 * CVE-2026-34079 CVSS scores: * CVE-2026-34078 ( SUSE ): 6.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2026-34078 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34078 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N * CVE-2026-34079 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L * CVE-2026-34079 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for flatpak fixes the following issues: * CVE-2026-34078: improper processing of app-controlled symlinks by sandbox- expose can lead to sandbox escape, host file access and code execution in the host context (bsc#1261769). * CVE-2026-34079: improper removal of outdated cache filesallows for arbitrary file deletion on the host filesystem (bsc#1261770). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1541=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1541=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1541=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1541=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1541=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libflatpak0-1.16.0-150500.3.18.1 * flatpak-debuginfo-1.16.0-150500.3.18.1 * flatpak-debugsource-1.16.0-150500.3.18.1 * flatpak-devel-1.16.0-150500.3.18.1 * flatpak-1.16.0-150500.3.18.1 * libflatpak0-debuginfo-1.16.0-150500.3.18.1 * typelib-1_0-Flatpak-1_0-1.16.0-150500.3.18.1 * openSUSE Leap 15.5 (noarch) * flatpak-zsh-completion-1.16.0-150500.3.18.1 * flatpak-remote-flathub-1.16.0-150500.3.18.1 * system-user-flatpak-1.16.0-150500.3.18.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libflatpak0-1.16.0-150500.3.18.1 * flatpak-debuginfo-1.16.0-150500.3.18.1 * flatpak-debugsource-1.16.0-150500.3.18.1 * flatpak-devel-1.16.0-150500.3.18.1 * flatpak-1.16.0-150500.3.18.1 * libflatpak0-debuginfo-1.16.0-150500.3.18.1 * typelib-1_0-Flatpak-1_0-1.16.0-150500.3.18.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * flatpak-zsh-completion-1.16.0-150500.3.18.1 * flatpak-remote-flathub-1.16.0-150500.3.18.1 *system-user-flatpak-1.16.0-150500.3.18.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libflatpak0-1.16.0-150500.3.18.1 * flatpak-debuginfo-1.16.0-150500.3.18.1 * flatpak-debugsource-1.16.0-150500.3.18.1 * flatpak-devel-1.16.0-150500.3.18.1 * flatpak-1.16.0-150500.3.18.1 * libflatpak0-debuginfo-1.16.0-150500.3.18.1 * typelib-1_0-Flatpak-1_0-1.16.0-150500.3.18.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * flatpak-zsh-completion-1.16.0-150500.3.18.1 * flatpak-remote-flathub-1.16.0-150500.3.18.1 * system-user-flatpak-1.16.0-150500.3.18.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libflatpak0-1.16.0-150500.3.18.1 * flatpak-debuginfo-1.16.0-150500.3.18.1 * flatpak-debugsource-1.16.0-150500.3.18.1 * flatpak-devel-1.16.0-150500.3.18.1 * flatpak-1.16.0-150500.3.18.1 * libflatpak0-debuginfo-1.16.0-150500.3.18.1 * typelib-1_0-Flatpak-1_0-1.16.0-150500.3.18.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * flatpak-zsh-completion-1.16.0-150500.3.18.1 * flatpak-remote-flathub-1.16.0-150500.3.18.1 * system-user-flatpak-1.16.0-150500.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libflatpak0-1.16.0-150500.3.18.1 * flatpak-debuginfo-1.16.0-150500.3.18.1 * flatpak-debugsource-1.16.0-150500.3.18.1 * flatpak-devel-1.16.0-150500.3.18.1 * flatpak-1.16.0-150500.3.18.1 * libflatpak0-debuginfo-1.16.0-150500.3.18.1 * typelib-1_0-Flatpak-1_0-1.16.0-150500.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * flatpak-zsh-completion-1.16.0-150500.3.18.1 * flatpak-remote-flathub-1.16.0-150500.3.18.1 * system-user-flatpak-1.16.0-150500.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34078.html * https://www.suse.com/security/cve/CVE-2026-34079.html * https://bugzilla.suse.com/show_bug.cgi?id=1261769 *https://bugzilla.suse.com/show_bug.cgi?id=1261770 . Critical update for flatpak addresses important security issues in SUSE, enhancing host system protection against exploits.. flatpak security update,suse vulnerabilities,suse flatpak patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 22, 2026 Important SuSE
100

SUSE StrongSwan Integer Underflow Vulnerability Leads to File Access Risk

An update that solves two vulnerabilities can now be installed.. # Security update for strongswan Announcement ID: SUSE-SU-2026:21203-1 Release Date: 2026-04-16T09:06:50Z Rating: important References: * bsc#1257359 * bsc#1259472 Cross-References: * CVE-2025-9615 * CVE-2026-25075 CVSS scores: * CVE-2025-9615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-9615 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-25075 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25075 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25075 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25075 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for strongswan fixes the following issues: Update to strongswan 6.0.4: * CVE-2025-9615: NetworkManager File Access (bsc#1257359). * CVE-2026-25075: Integer Underflow When Handling EAP-TTLS AVP (bsc#1259472). Changes for strongswan: * Fixed a vulnerability in the NetworkManager plugin that potentially allows using credentials of other local users. This vulnerability has been registered as CVE-2025-9615. * The maximum supported length for section names in swanctl.conf has been increased to the upper limit of 256 characters that's enforced by VICI. * Prevent a crash if a confused peer rekeys a Child SA twice before sending a delete. * Fixed a memory leak if a peer's self-signed certificate is untrusted. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypperpatch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-570=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-570=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * strongswan-sqlite-6.0.4-160000.1.1 * strongswan-fips-6.0.4-160000.1.1 * strongswan-6.0.4-160000.1.1 * strongswan-ipsec-debuginfo-6.0.4-160000.1.1 * strongswan-mysql-6.0.4-160000.1.1 * strongswan-nm-6.0.4-160000.1.1 * strongswan-ipsec-6.0.4-160000.1.1 * strongswan-nm-debuginfo-6.0.4-160000.1.1 * strongswan-sqlite-debuginfo-6.0.4-160000.1.1 * strongswan-mysql-debuginfo-6.0.4-160000.1.1 * strongswan-debugsource-6.0.4-160000.1.1 * strongswan-debuginfo-6.0.4-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * strongswan-doc-6.0.4-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * strongswan-sqlite-6.0.4-160000.1.1 * strongswan-fips-6.0.4-160000.1.1 * strongswan-6.0.4-160000.1.1 * strongswan-ipsec-debuginfo-6.0.4-160000.1.1 * strongswan-mysql-6.0.4-160000.1.1 * strongswan-nm-6.0.4-160000.1.1 * strongswan-ipsec-6.0.4-160000.1.1 * strongswan-nm-debuginfo-6.0.4-160000.1.1 * strongswan-sqlite-debuginfo-6.0.4-160000.1.1 * strongswan-mysql-debuginfo-6.0.4-160000.1.1 * strongswan-debugsource-6.0.4-160000.1.1 * strongswan-debuginfo-6.0.4-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * strongswan-doc-6.0.4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-9615.html * https://www.suse.com/security/cve/CVE-2026-25075.html * https://bugzilla.suse.com/show_bug.cgi?id=1257359 * https://bugzilla.suse.com/show_bug.cgi?id=1259472 . Update for strongswan resolves important vulnerabilities related to file access and integer underflow in SUSE.. SUSE Update, strongswan,vulnerability fix, security update, important patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 21, 2026 Important SuSE
172

Ubuntu 25.10 Accessing Important Files in Internet Archive Python Library

The Internet Archive Python Library would allow unintended access to files.. ========================================================================== Ubuntu Security Notice USN-7989-1 February 02, 2026 python-internetarchive vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: The Internet Archive Python Library would allow unintended access to files. Software Description: - python-internetarchive: A Python and Command-Line Interface to Archive.org Details: Pengo Wray discovered that The Internet Archive Python Library incorrectly handled certain file paths when downloading files. An attacker could possibly use this issue to write files to arbitrary locations on the file system. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 internetarchive 5.4.0-1ubuntu0.1 python3-internetarchive 5.4.0-1ubuntu0.1 Ubuntu 24.04 LTS internetarchive 3.5.0-1ubuntu0.1~esm1 Available with Ubuntu Pro python3-internetarchive 3.5.0-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS internetarchive 1.9.9-1ubuntu0.1 python3-internetarchive 1.9.9-1ubuntu0.1 Ubuntu 20.04 LTS internetarchive 1.9.0-3ubuntu0.1~esm1 Available with Ubuntu Pro python3-internetarchive 1.9.0-3ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7989-1 CVE-2025-58438 Package Information: https://launchpad.net/ubuntu/+source/python-internetarchive/5.4.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/python-internetarchive/1.9.9-1ubuntu0.1 . The Internet Archive Python Library has a security issue allowing unintended file access in multiple Ubuntu releases. Update necessary.. Python Library, Internet Archive, Ubuntu Security, File Access Issue, Ubuntu Update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 04, 2026 Important Ubuntu
100

SUSE: kubevirt Important Security Fix Multiple Issues 2025:4330-1

* bsc#1241772 * bsc#1250683 * bsc#1253181 * bsc#1253185 * bsc#1253186 . # Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t Announcement ID: SUSE-SU-2025:4330-1 Release Date: 2025-12-09T11:34:00Z Rating: important References: * bsc#1241772 * bsc#1250683 * bsc#1253181 * bsc#1253185 * bsc#1253186 * bsc#1253194 * bsc#1253384 * bsc#1253748 Cross-References: * CVE-2025-22872 * CVE-2025-64324 * CVE-2025-64432 * CVE-2025-64433 * CVE-2025-64434 * CVE-2025-64437 CVSS scores: * CVE-2025-22872 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2025-22872 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-22872 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-64324 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-64324 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-64324 ( NVD ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-64324 ( NVD ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-64432 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-64432 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-64432 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-64432 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-64433 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-64433 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N *CVE-2025-64433 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-64434 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-64434 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-64434 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-64434 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-64437 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-64437 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L * CVE-2025-64437 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L Affected Products: * Containers Module 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves six vulnerabilities and has two security fixes can now be installed. ## Description: This update for kubevirt, virt-api-container, virt-controller-container, virt- exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator- container, virt-pr-helper-container fixes the following issues: Updated kubevirt to version 1.6.3: * CVE-2025-22872: Fixed incorrect interpretation of tags leading content to be placed wrong scope during DOM construction in golang.org/x/net/html (bsc#1241772) * CVE-2025-64432: Fixed bypass of RBAC controls due to incorrect validation of certain fields in the client TLS certificate (bsc#1253181) * CVE-2025-64433: Fixed arbitrary files read via improper symlink handling (bsc#1253185) * CVE-2025-64434: Fixed privilege escalation via virt-api impersonification due to compromise virt-handler instance (bsc#1253186) * CVE-2025-64437: Fixed mishandling of symlinks (bsc#1253194) * CVE-2025-64324: Fixed a logic bug that allows an attacker to read and write arbitrary files owned by more privilegedusers (bsc#1253748) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2025-4330=1 ## Package List: * Containers Module 15-SP7 (aarch64 x86_64) * kubevirt-virtctl-debuginfo-1.6.3-150700.3.13.1 * kubevirt-virtctl-1.6.3-150700.3.13.1 * kubevirt-manifests-1.6.3-150700.3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2025-22872.html * https://www.suse.com/security/cve/CVE-2025-64324.html * https://www.suse.com/security/cve/CVE-2025-64432.html * https://www.suse.com/security/cve/CVE-2025-64433.html * https://www.suse.com/security/cve/CVE-2025-64434.html * https://www.suse.com/security/cve/CVE-2025-64437.html * https://bugzilla.suse.com/show_bug.cgi?id=1241772 * https://bugzilla.suse.com/show_bug.cgi?id=1250683 * https://bugzilla.suse.com/show_bug.cgi?id=1253181 * https://bugzilla.suse.com/show_bug.cgi?id=1253185 * https://bugzilla.suse.com/show_bug.cgi?id=1253186 * https://bugzilla.suse.com/show_bug.cgi?id=1253194 * https://bugzilla.suse.com/show_bug.cgi?id=1253384 * https://bugzilla.suse.com/show_bug.cgi?id=1253748 . SUSE updates for kubevirt and related containers address multiple security flaws affecting container operations.. Kubevirt Security SUSE Update CVE Container. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 09, 2025 Important SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200