Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 22 articles for you...
202
security advisoryimportantpath traversalopenSUSE Leap 16.0 python-PyMuPDF Major Path Traversal Issue CVE-2026-3029
An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for python-pymupdf ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20887-1 Rating: important References: * bsc#1259921 Cross-References: * CVE-2026-3029 Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for python-PyMuPDF fixes the following issues: Changes in python-PyMuPDF: - CVE-2026-3029: Fixed path traversal and arbitrary file write via the `embedded_get` function in `_main_.py` (bsc#1259921) Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-leap-15=1 Package List: - openSUSE Leap 16.0: python313-PyMuPDF-1.21.1-lp160.5.1 References: * https://www.suse.com/security/cve/CVE-2026-3029.html . Get important fixes for openSUSE Leap 16.0's python-PyMuPDF, addressing CVE-2026-3029 vulnerability with this update.. openSUSE security, python-PyMuPDF, important update, software patch, vulnerability fix. . Severity: Important. LinuxSecurity.com Team
Jun 03, 2026
•Important
OpenSUSE
197
security advisorydebianpath traversalDebian 11 calibre DLA-4554-1 Path Traversal and File Write Risks
Multiple vulnerabilities have been discovered in calibre, an e-book manager CVE-2025-64486 calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the. Debian LTS Advisory DLA-4554-1
Apr 30, 2026
•Critical
Debian LTS
219
security advisoryimportantfile writeCentOS Stream 9 Python Security Alert Recent Issues in Data Management
Important: golang security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:5941", "synopsis": "Important: golang security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for golang.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The golang packages provide the Go programming language compiler.\n\nSecurity Fix(es):\n\n* cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}, {"ticket": "2434433", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2434433", "description": ""}], "cves": [{"name": "CVE-2025-61731", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61731", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "cvss3BaseScore": "8.6", "cwe": "CWE-88"}, {"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}], "references": [], "publishedAt": "2026-04-09T12:07:05.484110Z", "rpms": {"Rocky Linux 10": {"nvras": ["golang-race-0:1.25.8-1.el10_1.aarch64.rpm", "golang-bin-0:1.25.8-1.el10_1.ppc64le.rpm", "go-toolset-0:1.25.8-1.el10_1.x86_64.rpm", "golang-0:1.25.8-1.el10_1.x86_64.rpm", "golang-0:1.25.8-1.el10_1.src.rpm","golang-bin-0:1.25.8-1.el10_1.s390x.rpm", "golang-race-0:1.25.8-1.el10_1.x86_64.rpm", "golang-docs-0:1.25.8-1.el10_1.noarch.rpm", "golang-race-0:1.25.8-1.el10_1.ppc64le.rpm", "golang-0:1.25.8-1.el10_1.aarch64.rpm", "golang-bin-0:1.25.8-1.el10_1.x86_64.rpm", "go-toolset-0:1.25.8-1.el10_1.aarch64.rpm", "golang-bin-0:1.25.8-1.el10_1.aarch64.rpm", "go-toolset-0:1.25.8-1.el10_1.ppc64le.rpm", "golang-0:1.25.8-1.el10_1.s390x.rpm", "golang-race-0:1.25.8-1.el10_1.s390x.rpm", "golang-tests-0:1.25.8-1.el10_1.noarch.rpm", "golang-0:1.25.8-1.el10_1.ppc64le.rpm", "golang-misc-0:1.25.8-1.el10_1.noarch.rpm", "go-toolset-0:1.25.8-1.el10_1.s390x.rpm", "golang-src-0:1.25.8-1.el10_1.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Explore the essential golang security update for Rocky Linux addressing significant threats with detailed resolutions.. golang security update, Rocky Linux advisories, important security patch, Go programming language fix. . Severity: Important. LinuxSecurity.com Team
Apr 09, 2026
•Important
Rocky Linux
219
security advisoryimportantfile writeRocky Linux 10 Go Language Security Update RLSA-2026-5941 CVEs Now Out
Important: golang security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:5941", "synopsis": "Important: golang security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for golang.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The golang packages provide the Go programming language compiler.\n\nSecurity Fix(es):\n\n* cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}, {"ticket": "2434433", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2434433", "description": ""}], "cves": [{"name": "CVE-2025-61731", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-61731", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "cvss3BaseScore": "8.6", "cwe": "CWE-88"}, {"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}], "references": [], "publishedAt": "2026-04-09T12:07:05.484110Z", "rpms": {"Rocky Linux 10": {"nvras": ["golang-race-0:1.25.8-1.el10_1.aarch64.rpm", "golang-bin-0:1.25.8-1.el10_1.ppc64le.rpm", "go-toolset-0:1.25.8-1.el10_1.x86_64.rpm", "golang-0:1.25.8-1.el10_1.x86_64.rpm", "golang-0:1.25.8-1.el10_1.src.rpm","golang-bin-0:1.25.8-1.el10_1.s390x.rpm", "golang-race-0:1.25.8-1.el10_1.x86_64.rpm", "golang-docs-0:1.25.8-1.el10_1.noarch.rpm", "golang-race-0:1.25.8-1.el10_1.ppc64le.rpm", "golang-0:1.25.8-1.el10_1.aarch64.rpm", "golang-bin-0:1.25.8-1.el10_1.x86_64.rpm", "go-toolset-0:1.25.8-1.el10_1.aarch64.rpm", "golang-bin-0:1.25.8-1.el10_1.aarch64.rpm", "go-toolset-0:1.25.8-1.el10_1.ppc64le.rpm", "golang-0:1.25.8-1.el10_1.s390x.rpm", "golang-race-0:1.25.8-1.el10_1.s390x.rpm", "golang-tests-0:1.25.8-1.el10_1.noarch.rpm", "golang-0:1.25.8-1.el10_1.ppc64le.rpm", "golang-misc-0:1.25.8-1.el10_1.noarch.rpm", "go-toolset-0:1.25.8-1.el10_1.s390x.rpm", "golang-src-0:1.25.8-1.el10_1.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Golang security update addresses important vulnerabilities impacting Rocky Linux 10; solutions and fixes available.. Rocky Linux golang security update important fixes. . Severity: Important. LinuxSecurity.com Team
Apr 09, 2026
•Important
Rocky Linux
202
security advisorymoderatefile writeopenSUSE Leap 15.6 python-poetry Severe Access Issue SUSE-SU-2026-5679-1
An update that solves one vulnerability can now be installed.. # Security update for python-poetry Announcement ID: SUSE-SU-2026:1220-1 Release Date: 2026-04-08T16:03:10Z Rating: moderate References: * bsc#1261383 Cross-References: * CVE-2026-34591 CVSS scores: * CVE-2026-34591 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34591 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-34591 ( NVD ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for python-poetry fixes the following issue: * CVE-2026-34591: From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write (bsc#1261383). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1220=1 ## Package List: * openSUSE Leap 15.6 (noarch) * python311-poetry-1.7.1-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34591.html * https://bugzilla.suse.com/show_bug.cgi?id=1261383 . Update for openSUSE addresses moderate file write issue in python-poetry, fixing CVE-2026-34591 efficiently.. python-poetry update, openSUSE security, file write risk, CVE-2026-34591. . LinuxSecurity.com Team
Apr 09, 2026
OpenSUSE
219
security advisoryimportantfile writeCentOS Stream 9 RLSB-2026-8537 Critical Security Update for Python Files
Important: golang security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:5942", "synopsis": "Important: golang security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for golang.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The golang packages provide the Go programming language compiler.\n\nSecurity Fix(es):\n\n* cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2434433", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2434433", "description": ""}, {"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}], "cves": [{"name": "CVE-2025-61731", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-61731", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "cvss3BaseScore": "8.6", "cwe": "CWE-88"}, {"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}], "references": [], "publishedAt": "2026-04-07T12:03:55.701474Z", "rpms": {"Rocky Linux 9": {"nvras": ["golang-0:1.25.8-1.el9_7.aarch64.rpm", "golang-0:1.25.8-1.el9_7.ppc64le.rpm", "golang-0:1.25.8-1.el9_7.s390x.rpm", "golang-0:1.25.8-1.el9_7.src.rpm", "golang-0:1.25.8-1.el9_7.x86_64.rpm", "golang-bin-0:1.25.8-1.el9_7.aarch64.rpm","golang-bin-0:1.25.8-1.el9_7.ppc64le.rpm", "golang-bin-0:1.25.8-1.el9_7.s390x.rpm", "golang-bin-0:1.25.8-1.el9_7.x86_64.rpm", "golang-docs-0:1.25.8-1.el9_7.noarch.rpm", "golang-misc-0:1.25.8-1.el9_7.noarch.rpm", "golang-race-0:1.25.8-1.el9_7.aarch64.rpm", "golang-race-0:1.25.8-1.el9_7.ppc64le.rpm", "golang-race-0:1.25.8-1.el9_7.s390x.rpm", "golang-race-0:1.25.8-1.el9_7.x86_64.rpm", "golang-src-0:1.25.8-1.el9_7.noarch.rpm", "golang-tests-0:1.25.8-1.el9_7.noarch.rpm", "go-toolset-0:1.25.8-1.el9_7.aarch64.rpm", "go-toolset-0:1.25.8-1.el9_7.ppc64le.rpm", "go-toolset-0:1.25.8-1.el9_7.s390x.rpm", "go-toolset-0:1.25.8-1.el9_7.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important golang security update enhances stability and mitigates risk with fixes for significant vulnerabilities. . go programming language update, golang security fix, Rocky Linux advisory. . Severity: Important. LinuxSecurity.com Team
Apr 07, 2026
•Important
Rocky Linux
219
security advisoryimportantfile writeRocky Linux 10 RLSA-2027-6051 Go-Lang Key File Migration IPv6 Fixes
Important: golang security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:5942", "synopsis": "Important: golang security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for golang.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The golang packages provide the Go programming language compiler.\n\nSecurity Fix(es):\n\n* cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2434433", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2434433", "description": ""}, {"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}], "cves": [{"name": "CVE-2025-61731", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-61731", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "cvss3BaseScore": "8.6", "cwe": "CWE-88"}, {"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}], "references": [], "publishedAt": "2026-04-07T12:03:55.701474Z", "rpms": {"Rocky Linux 9": {"nvras": ["golang-0:1.25.8-1.el9_7.aarch64.rpm", "golang-0:1.25.8-1.el9_7.ppc64le.rpm", "golang-0:1.25.8-1.el9_7.s390x.rpm", "golang-0:1.25.8-1.el9_7.src.rpm", "golang-0:1.25.8-1.el9_7.x86_64.rpm", "golang-bin-0:1.25.8-1.el9_7.aarch64.rpm","golang-bin-0:1.25.8-1.el9_7.ppc64le.rpm", "golang-bin-0:1.25.8-1.el9_7.s390x.rpm", "golang-bin-0:1.25.8-1.el9_7.x86_64.rpm", "golang-docs-0:1.25.8-1.el9_7.noarch.rpm", "golang-misc-0:1.25.8-1.el9_7.noarch.rpm", "golang-race-0:1.25.8-1.el9_7.aarch64.rpm", "golang-race-0:1.25.8-1.el9_7.ppc64le.rpm", "golang-race-0:1.25.8-1.el9_7.s390x.rpm", "golang-race-0:1.25.8-1.el9_7.x86_64.rpm", "golang-src-0:1.25.8-1.el9_7.noarch.rpm", "golang-tests-0:1.25.8-1.el9_7.noarch.rpm", "go-toolset-0:1.25.8-1.el9_7.aarch64.rpm", "go-toolset-0:1.25.8-1.el9_7.ppc64le.rpm", "go-toolset-0:1.25.8-1.el9_7.s390x.rpm", "go-toolset-0:1.25.8-1.el9_7.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Update available for golang in Rocky Linux 9 addressing security flaws, including file write and IPv6 parsing issues.. Golang Security Fixes, Rocky Linux Updates, Security Threats in Golang. . Severity: Important. LinuxSecurity.com Team
Apr 07, 2026
•Important
Rocky Linux
203
security advisoryimportantpath traversalMageia 9: wget2 Important Path Traversal Fix MGASA-2026-0002 CVE-2025-69194
MGASA-2026-0002 - Updated wget2 packages fix security vulnerability. MGASA-2026-0002 - Updated wget2 packages fix security vulnerability Publication date: 10 Jan 2026 URL: https://advisories.mageia.org/MGASA-2026-0002.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-69194 Description: Arbitrary File Write via Metalink Path Traversal in GNU Wget2. (CVE-2025-69194) References: - https://bugs.mageia.org/show_bug.cgi?id=34947 - https://www.openwall.com/lists/oss-security/2026/01/07/1 - https://www.cve.org/CVERecord?id=CVE-2025-69194 SRPMS: - 9/core/wget2-2.0.1-1.1.mga9 . Updated wget2 packages for Mageia fix critical path traversal security issue, affecting releases 9 and fix details.. wget2 security update, Mageia security advisory, file write vulnerability, path traversal exploit. . Severity: Important. LinuxSecurity.com Team
Jan 10, 2026
•Important
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!