Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 580 articles for you...
219

Rocky Linux 9 jackson-annotations Important Code Execution Risk RLSA-2026

Important: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:40895", "synopsis": "Important: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for jackson-modules-base, jackson-databind, jackson-jaxrs-providers, jackson-annotations, jackson-core.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration.\n\nSecurity Fix(es):\n\n* jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution (CVE-2026-54513)\n\n* jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass (CVE-2026-54512)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2492010", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2492010", "description": ""}, {"ticket": "2492015", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2492015", "description": ""}], "cves": [{"name": "CVE-2026-54512", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-54512", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.1", "cwe": "CWE-502"}, {"name": "CVE-2026-54513", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-54513", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.1", "cwe": "CWE-184"}], "references": [], "publishedAt": "2026-07-17T12:03:25.223367Z", "rpms": {"Rocky Linux 9": {"nvras": ["jackson-annotations-0:2.21-1.el9_8.src.rpm", "jackson-core-0:2.21.4-1.el9_8.src.rpm", "jackson-databind-0:2.21.4-1.el9_8.src.rpm", "jackson-jaxrs-providers-0:2.21.4-1.el9_8.src.rpm", "jackson-modules-base-0:2.21.4-1.el9_8.src.rpm", "pki-jackson-annotations-0:2.21-1.el9_8.noarch.rpm", "pki-jackson-core-0:2.21.4-1.el9_8.noarch.rpm", "pki-jackson-databind-0:2.21.4-1.el9_8.noarch.rpm", "pki-jackson-jaxrs-json-provider-0:2.21.4-1.el9_8.noarch.rpm", "pki-jackson-jaxrs-providers-0:2.21.4-1.el9_8.noarch.rpm", "pki-jackson-module-jaxb-annotations-0:2.21.4-1.el9_8.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Security updates for critical Jackson libraries on Rocky Linux 9 help mitigate risks of arbitrary code execution. Stay protected!. Jackson Annotations, Security Updates, Important Fixes, Rocky Linux 9, Arbitrary Code Execution. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 17, 2026 Important Rocky Linux
217

Oracle Linux 9 ELSA-2026-40751 GIMP Important CVE-2026-58380 CVE-2026-58384

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-40751 http://linux.oracle.com/errata/ELSA-2026-40751.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: gimp-3.0.4-4.el9_8.7.x86_64.rpm gimp-libs-3.0.4-4.el9_8.7.i686.rpm gimp-libs-3.0.4-4.el9_8.7.x86_64.rpm aarch64: gimp-3.0.4-4.el9_8.7.aarch64.rpm gimp-libs-3.0.4-4.el9_8.7.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/gimp-3.0.4-4.el9_8.7.src.rpm Related CVEs: CVE-2026-58380 CVE-2026-58384 Description of changes: [2:3.0.4-4.6] - fix CVE-2026-58384 - Resolves: RHEL-192536 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Updated GIMP packages address important security issues in Oracle Linux 9. Immediate action required to mitigate risks.. Oracle Linux 9 GIMP Update Security Important. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 17, 2026 Important Oracle
202

openSUSE Tomcat Moderate Security Concern - Advisory 2026-21327-1

An update that solves 6 vulnerabilities and has 6 bug fixes can now be installed.. openSUSE security update: security update for tomcat ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21327-1 Rating: moderate References: * bsc#1269791 * bsc#1269824 * bsc#1269907 * bsc#1269908 * bsc#1269909 * bsc#1269910 Cross-References: * CVE-2026-50229 * CVE-2026-53404 * CVE-2026-53434 * CVE-2026-55276 * CVE-2026-55955 * CVE-2026-55956 CVSS scores: * CVE-2026-50229 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-50229 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-53404 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-53404 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-53434 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-53434 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-55276 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-55276 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-55955 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-55955 ( SUSE ): 2.3 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-55956 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-55956 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 6 vulnerabilities and has 6 bug fixes can now be installed. Description: This update for tomcat fixes the following issues Update to Tomcat 9.0.119. Security issues fixed: - CVE-2026-50229: improper neutralization of script-related HTML tags in the number guess example (bsc#1269791). - CVE-2026-53404: always-incorrect control flowimplementation in the rewrite valve caused non-OR conditions to be skipped if the first condition in an OR chain matched (bsc#1269910). - CVE-2026-53434: error condition not handled when configuring CRLs for a FFM based connector (bsc#1269824). - CVE-2026-55276: always-incorrect control flow implementation caused special roles and empty authorization constraints to not be included when the effective web.xml was logged (bsc#1269909). - CVE-2026-55955: improper authentication allows a replay attack against the EncryptionInterceptor in the cluster component (bsc#1269908). - CVE-2026-55956: improper authorization leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint (bsc#1269907). Other updates and bugfixes: - Tomcat 9.0.119: * Catalina + Add: Add support for literal '%' characters in access log output. Based on pull request #1002 by Fabian Hahn. (markt) + Fix: Prevent duplicate log messages when clustering JARs are not present on startup. (csutherl) + Code: Remove unnecessary code from the SSI processing engine that was duplicating some of the normalisation checks. (markt) + Fix: Cleaner handling of invalid SPNEGO tokens. (remm) + Fix: Avoid some NPEs in the Connector class on an uninitialize protocol. (remm) + Fix: Incorrect session average life calculation. (remm) + Fix: Improve robustness on using Pipeline.setBasic on a running pipeline. (remm) + Fix: Avoid any init parameter updates when conflicts are found for filters, similar to what is done for servlets, as required by the servlet specification. (remm) + Fix: Fix container event cleanups in some edge cases. (remm) + Fix: Check for last-modified header in ExpiresFilter when a servlet uses addDateHeader to avoid wrongly considering it has been set. (remm) + Fix: Fix hour unit used by ExpiresFilter. (remm) + Fix: Remove exception swallowing in DataSourceStore to align itwith FileStore and avoid session loss on errors. (remm) + Fix: Add support for single-quote escaped literal as well as quoted literals in DateFormatCache. (schultz) + Fix: On JAAS logout, clear out role principals on the subject that were added on commit, as recommended by the JAAS specification. (remm) + Fix: MemoryRealm should not add a dummy role when none is specified in the configuration. (remm) + Fix: DataSourceUserDatabase should return a null principal on a non existing user. (remm) + Fix: Fix shared lock expiration in WebDAV. (remm) + Fix: Inaccurate session exipration statistics when using the persistent manager. (remm) + Fix: Skip BOM when serving files with UTF-32 encoding. (remm) + Fix: Mixup of WrapperListener and WrapperLifecycle elements in storeconfig. (remm) + Fix: Incorrect processing of modified users in DataSourceUserDatabase. (remm) + Update: Clarify behavior in the UserDatabase for user, role and group creation that it does not immediately override existing elements. Removal (or update) needs to be used instead. (remm) + Fix: 70049: Align the web application class loader with parent class loaders and swallow any errors caused by invalid paths when looking up resources and behave as if the resources were not found in that case. (markt) + Fix: Improve validation of Range and Content-Range parsers so invalid ranges trigger a 4xx response rather than a 500 response. Pull request #1012 provided by Sahana Surendra Bogar. (markt) + Fix: Fix connection leak in ProxyErrorReportValve. (remm) + Fix: When using the RewriteValve, %{SSL:HTTPS} now returns on or off rather than true or false to align with httpd. (markt) + Fix: Reset the encoding used for query string parameters between requests in case an application changed the encoding in a previous request. (markt) + Fix: When encoding URLs with the CsrfPreventionFilter, don't add thenonce to URLs that are known not to require it. (markt) + Fix: Fix CombinedRealm isAvailable, it allows authentication if at least one sub realm is available. (remm) + Fix: 70048: Correctly handle asynchronous requests in PersistentValve. (markt) + Fix: Improve the detection of cross-context dispatches when using a RequestDispatcher. (markt) + Fix: Fix various instances of double decoding of URL patterns configured either programmatically or in web.xml. (remm/markt) + Fix: Align the rewrite conditions ornext flag processing with mod_rewrite, which follows a purely sequential evaluation strategy. (remm) + Fix: Change the default for the useRedirect attribute of the ProxyErrorReportValve from true to false. (markt) + Add: Add support for the showReport attribute in JsonErrorReportValve and ProxyErrorReportValve. When set to false, detailed error information (message, description, stack trace) is suppressed from error responses. (dsoumis) + Fix: Avoid a NoClassDefFoundError at startup when catalina-tribes.jar is removed but catalina-ha.jar is present and the Cluster element is enabled in server.xml. Cluster digester rules are now fully conditional on both JARs being available. (dsoumis) + Fix: Fix a potential deadlock when copying resources using WebDAV. (markt) + Fix: Add jakarta., org.apache.catalina. and org.apache.tomcat.to the list of reserved prefixes for SSI variables and request attributes. (markt) + Fix: Missing URL decoding when processing addMapping on a Servlet registration. (remm) + Fix: The Timeout WebDAV header allows comma separated values (according to the examples in the RFC). Use the first acceptable value. (remm) + Fix: Fix various issues when logging the effective web.xml for a web application. Empty sections are no longer logged. Special roles and empty authorisation constraints are included. (markt) + Fix: Expand the write lock forthe save process in the MemoryUserDatabase to avoid concurrency issues with the file save operations. (markt) + Fix: Ensure atomic session persistence in FileStore. Based on pull request #1016 by sahvx655-wq. (markt) + Fix: Do not ignore methods configured on security constraints that map to the default servlet. (markt) * Cluster + Fix: Expand wording and increase visibility of log message when cloud membership is configured without a trust store as all certificates will be trusted in this configuration. (markt) + Fix: Ensure listeners are correctly added and removed when configuring the channel coordinator. (markt) + Fix: Fix some concurrency issues in FragmentationInterceptor. (markt) + Fix: Fix some concurrency issues in OrderInterceptor. (markt) + Fix: Fix some concurrency issues in TwoPhaseCommitInterceptor. (markt) + Fix: Fix concurrency issues generating MD5 digests in the CloudMembershipProvider implementations. (markt) + Add: Add replay protection to the EncryptInterceptor. This is a breaking change for the EncryptInterceptor. (markt) * Coyote + Add: Log a suitable warning if an encrypted PEM file is detected using an insecure form for encryption. (markt) + Fix: If TLS groups have been configured, use the configured groups rather than using OpenSSL's default TLS groups when using Tomcat Native with OpenSSL based connectors. (markt) + Fix: For HTTP/2, ensure that any in progress request body reads are cancelled if the container resets the associated stream. This prevents delays waiting for reads to time out when it is known that no more data will be received. (markt) + Fix: Ensure that malformed HTTP/2 messages that should trigger a stream reset do so, rather than triggered a connection close. (markt) + Fix: Improve enforcement of header trailer allow list for HTTP/2. (remm) + Fix: 70050: Avoid NPE when no header frame is processed in HTTP/2, following refactor clean-up of header buffer. (remm) + Fix: Properly use pollerThreadPriority for the NIO poller thread. (remm) + Fix: Fix MessageByte.equals if called on a null MB. (remm) + Fix: Call the delegate key manager in JSSE to retrieve the server key. (remm) + Fix: Avoid overflow scenarios in Asn1Parser. (remm) + Fix: 70091: Add a new attribute, allowSchemeMismatch to Http2Protocol that allows the consistency check for the scheme provided by the user agent to be bypassed. (markt) + Fix: isTrailerFieldsReady was always returning true. (remm) + Fix: Align OpenSSL/Panama TLS implementation with other implementations and throw an exception if there is an error loading the provided CRL(s). (markt) + Fix: Parsing of OpenSSL format cipher expressions incorrectly stopped if @STRENGTH was encountered, ignoring any subsequent expressions. (markt) + Fix: Handle the case where the HTTP/2 payload length is insufficient for the mandatory data required by the flags set in the header. (markt) + Fix: 70102: Correct expected size of ticket keys when calling setSessionTicketKeys with an FFM connector. (markt) + Fix: 69988: Fix post handshake authentication for TLS 1.3. It was broken by a breaking change in OpenSSL between 1.1.1 and 3.0.0. (markt) + Fix: When processing an OpenSSL cipher specification, fully align the order of the resulting ciphers with the order produced by OpenSSL. (markt) + Add: Add support for Brainpool TLS groups. Patch provided by YStankov. (schultz) + Update: Update both the minimum and recommended version for Tomcat Native 1.x to 1.3.8. (markt) * Jasper + Fix: Fix possible EL argument mismatch when it was set to null. (remm) + Fix: Fix thread safety of TagPluginManager. (remm) + Fix: Correctly use flush on JSP include. (remm) * Web applications + Add: Manager: Add checks to ensure that any uploaded files are uploaded to the expected location.(markt) + Add: Manager: Add checks to ensure that the requested context path for a deployed WAR, directory or descriptor file is valid. (markt) + Add: Documentation: Expand the description of some of the attributes of the CrawlerSessionManagerValve. (markt) + Fix: Documentation: Clearer description and correct documented default for ocspSoftFail. (markt) + Fix: Fix double escaping in the context names for the JSON mode of the manager servlet. (remm) + Fix: Manager: Ensure automatic deployment does not trigger an undeployment during a Manager triggered web application reload. (markt) + Fix: Documentation: Provide better documentation for the scheme and secure attributes of a Connector. (markt) * Websocket + Fix: Incorrect Future.isDone() return by AsyncChannelWrapperSecure. (remm) + Fix: Trigger standard WebSocket error handling if a call to Endpoint.onOpen() fails for a programmatic endpoint. (markt) + Fix: 70110: Fix memory leak if a call to Endpoint.onOpen() fails for a programmatic endpoint. Test case provided by uabdur. (markt) + Fix: If a client presents invalid parameters when negotiating a WebSocket extension, decline the negotiation offer that includes the invalid parameters rather than failing the connection. Pull request #1019 provided by sahvx655-wq. (markt) * Other + Fix: Wrong references to jakarta instead of javax. (remm) + Fix: Restore default authenticator to nullafter executing an Ant task. (remm) + Update: Update Commons Daemon to 1.6.1. (markt) + Update: Improvements to French translations. (remm) + Update: Improvements to Japanese translations provided by tak7iji. (markt) + Update: Update Tomcat Native to 1.3.8. (markt) Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSELeap 16.0 zypper in -t patch openSUSE-Leap-16.0-1231=1 Package List: - openSUSE Leap 16.0: tomcat-9.0.119-160000.1.1 tomcat-admin-webapps-9.0.119-160000.1.1 tomcat-docs-webapp-9.0.119-160000.1.1 tomcat-el-3_0-api-9.0.119-160000.1.1 tomcat-embed-9.0.119-160000.1.1 tomcat-javadoc-9.0.119-160000.1.1 tomcat-jsp-2_3-api-9.0.119-160000.1.1 tomcat-jsvc-9.0.119-160000.1.1 tomcat-lib-9.0.119-160000.1.1 tomcat-servlet-4_0-api-9.0.119-160000.1.1 tomcat-webapps-9.0.119-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2026-50229.html * https://www.suse.com/security/cve/CVE-2026-53404.html * https://www.suse.com/security/cve/CVE-2026-53434.html * https://www.suse.com/security/cve/CVE-2026-55276.html * https://www.suse.com/security/cve/CVE-2026-55955.html * https://www.suse.com/security/cve/CVE-2026-55956.html . Security update for openSUSE addresses multiple issues in Tomcat. Install patches to mitigate risks.. openSUSE tomcat update security. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 15, 2026 moderate OpenSUSE
89

Fedora 44 Kernel Significant Resolution for XFS Filesystem 2026-e8e294a7fa

The 7.1.3-101/201 builds contain an important fix for XFS filesystem users.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e8e294a7fa 2026-07-14 18:01:28.598629+00:00 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 44 Version : 7.1.3 Release : 201.fc44 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package -------------------------------------------------------------------------------- Update Information: The 7.1.3-101/201 builds contain an important fix for XFS filesystem users. -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 14 2026 Justin M. Forbes [7.1.3-1] - xfs: resample the data fork mapping after cycling ILOCK (Darrick J. Wong) - redhat: configs: fedora: Enable Sony IMX471 image sensor (Kate Hsuan) - media: i2c: imx471: Add Sony IMX471 image sensor driver (Kate Hsuan) - platform: int3472: discrete: con_id vana for Sony IMX471 as power enable (Kate Hsuan) - media: ipu-bridge: Add Sony IMX471 for Lenovo X1 Carbon G14 (Kate Hsuan) - media: ipu-bridge: Add DMI information of Lenovo X9 to the image upside-down list (Kate Hsuan) - redhat: move ynltool debuginfo to kernel-tools-debuginfo (Augusto Caringi) -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e8e294a7fa' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . An important kernel update for Fedora 44 addresses a critical XFS filesystem issue, enhancing system stability and security.. Fedora Update, XFS Issue, Kernel Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 14, 2026 Important Fedora
89

Fedora 43 HPLIP Important Incomplete Fix CVE-2026-14544 Advisory

fix CVE-2026-14544 - incomplete fix after CVE-2026-8631 (fedora#2496773, fedora#2496772). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-7d23917d90 2026-07-07 01:08:27.509772+00:00 -------------------------------------------------------------------------------- Name : hplip Product : Fedora 43 Version : 3.26.4 Release : 7.fc43 URL : https://developers.hp.com/hp-linux-imaging-and-printing Summary : HP Linux Imaging and Printing Project Description : The Hewlett-Packard Linux Imaging and Printing Project provides drivers for HP printers and multi-function peripherals. -------------------------------------------------------------------------------- Update Information: fix CVE-2026-14544 - incomplete fix after CVE-2026-8631 (fedora#2496773, fedora#2496772) -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 3 2026 Zdenek Dohnal - 3.26.4-7 - fix CVE-2026-14544 - incomplete fix after CVE-2026-8631 (fedora#2496773, fedora#2496772) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2496772 - CVE-2026-14544 HPLIP: Incomplete Fix for CVE-2026-8631 https://bugzilla.redhat.com/show_bug.cgi?id=2496772 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-7d23917d90' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Explore the security advisory for Fedora 43 addressing incomplete fixes in HP Linux Imaging and Printing due to CVE-2026-14544.. Fedora 43 HPLIP update security advisory CVE-2026-14544 incomplete fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 06, 2026 Important Fedora
89

Fedora perl-Imager Critical Security Fix CVE-2026-13708

1.032 bump- Fix CVE-2026-13708 and CVE-2026-13705. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-adbe03cd7a 2026-07-07 00:48:39.633212+00:00 -------------------------------------------------------------------------------- Name : perl-Imager Product : Fedora 44 Version : 1.032 Release : 1.fc44 URL : https://metacpan.org/release/Imager Summary : Perl extension for Generating 24 bit Images Description : Imager is a module for creating and altering images. It can read and write various image formats, draw primitive shapes like lines,and polygons, blend multiple images together in various ways, scale, crop, render text and more. -------------------------------------------------------------------------------- Update Information: 1.032 bump- Fix CVE-2026-13708 and CVE-2026-13705 -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 3 2026 Jitka Plesnikova - 1.032-1 - 1.032 bump (rhbz#2495894) - Fix CVE-2026-13708 and CVE-2026-13705 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2495894 - perl-Imager-1.032 is available https://bugzilla.redhat.com/show_bug.cgi?id=2495894 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-adbe03cd7a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update for Fedora fixes critical Perl-Imager security issues. Install CVE-2026-13708 and CVE-2026-13705 today!. perl imager security update Fedora critical fixes CVE. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 06, 2026 Critical Fedora
100

SUSE 16 Kernel Important Live Patch 6 Fixes Denial of Service 2026-22509-1

An update that solves six vulnerabilities and has one fix can now be installed.. # Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:22509-1 Release Date: 2026-06-29T10:33:17Z Rating: important References: * bsc#1261640 * bsc#1263088 * bsc#1263108 * bsc#1263902 * bsc#1266229 * bsc#1267625 * bsc#1268282 Cross-References: * CVE-2026-31402 * CVE-2026-31504 * CVE-2026-31554 * CVE-2026-31694 * CVE-2026-43503 * CVE-2026-46323 CVSS scores: * CVE-2026-31402 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31402 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31504 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31554 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31554 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31554 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31694 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43503 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43503 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-46323 ( SUSE ): 7.0CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves six vulnerabilities and has one fix can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.30.1 fixes various security issues The following security issues were fixed: * CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640). * CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088). * CVE-2026-31554: futex: Require sys_futex_requeue() to have identical flags (bsc#1263108). * CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902). * CVE-2026-43503: final dirty.frag related fixes (bsc#1266229). * CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282). * net/sched: fix pedit partial COW leading to page cache (bsc#1267625). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-1106=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-1106=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-SLE16_Update_9-debugsource-3-160000.1.1 * kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1 * kernel-livepatch-6_12_0-160000_30-default-debuginfo-3-160000.1.1 * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_9-debugsource-3-160000.1.1 * kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1 *kernel-livepatch-6_12_0-160000_30-default-debuginfo-3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31402.html * https://www.suse.com/security/cve/CVE-2026-31504.html * https://www.suse.com/security/cve/CVE-2026-31554.html * https://www.suse.com/security/cve/CVE-2026-31694.html * https://www.suse.com/security/cve/CVE-2026-43503.html * https://www.suse.com/security/cve/CVE-2026-46323.html * https://bugzilla.suse.com/show_bug.cgi?id=1261640 * https://bugzilla.suse.com/show_bug.cgi?id=1263088 * https://bugzilla.suse.com/show_bug.cgi?id=1263108 * https://bugzilla.suse.com/show_bug.cgi?id=1263902 * https://bugzilla.suse.com/show_bug.cgi?id=1266229 * https://bugzilla.suse.com/show_bug.cgi?id=1267625 * https://bugzilla.suse.com/show_bug.cgi?id=1268282 . Important update for SUSE Kernel addressing six security issues with fixes available. Stay secure with Live Patch 9!. SUSE Linux Enterprise Security Update Kernel Patches Threats. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 06, 2026 Important SuSE
100

SUSE Linux Micro 6.0 Kernel Important Security Update 2026-22475-1

An update that solves five vulnerabilities and has one fix can now be installed.. # Security update for the Linux Kernel (Live Patch 22 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:22475-1 Release Date: 2026-06-25T11:39:19Z Rating: important References: * bsc#1261640 * bsc#1263088 * bsc#1263902 * bsc#1266229 * bsc#1267625 * bsc#1268282 Cross-References: * CVE-2026-31402 * CVE-2026-31504 * CVE-2026-31694 * CVE-2026-43503 * CVE-2026-46323 CVSS scores: * CVE-2026-31402 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31402 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31504 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31694 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43503 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43503 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-46323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities andhas one fix can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-45.1 fixes various security issues The following security issues were fixed: * CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640). * CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088). * CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902). * CVE-2026-43503: final dirty.frag related fixes (bsc#1266229). * CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282). * net/sched: fix pedit partial COW leading to page cache (bsc#1267625). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-494=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_22-debugsource-2-1.1 * kernel-livepatch-6_4_0-45-default-debuginfo-2-1.1 * kernel-livepatch-6_4_0-45-default-2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31402.html * https://www.suse.com/security/cve/CVE-2026-31504.html * https://www.suse.com/security/cve/CVE-2026-31694.html * https://www.suse.com/security/cve/CVE-2026-43503.html * https://www.suse.com/security/cve/CVE-2026-46323.html * https://bugzilla.suse.com/show_bug.cgi?id=1261640 * https://bugzilla.suse.com/show_bug.cgi?id=1263088 * https://bugzilla.suse.com/show_bug.cgi?id=1263902 * https://bugzilla.suse.com/show_bug.cgi?id=1266229 * https://bugzilla.suse.com/show_bug.cgi?id=1267625 * https://bugzilla.suse.com/show_bug.cgi?id=1268282 . Important security update for SUSE Linux Micro 6.0 fixes five issues and enhances system security.. SUSE Linux Micro security update, Kernel patch for SUSE, Important kernel fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 03, 2026 Important SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200