Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 8 articles for you...
89

Fedora 43 python-urllib3 Version 2.7.0 Security Fix FEDORA-2026-6dde06a6e9

Update to 2.7.0 (rhbz#2467787). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-6dde06a6e9 2026-05-31 01:13:21.121542+00:00 -------------------------------------------------------------------------------- Name : python-urllib3 Product : Fedora 43 Version : 2.7.0 Release : 2.fc43 URL : https://github.com/urllib3/urllib3 Summary : HTTP library with thread-safe connection pooling, file post, and more Description : urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: \u2022 Thread safety. \u2022 Connection pooling. \u2022 Client-side SSL/TLS verification. \u2022 File uploads with multipart encoding. \u2022 Helpers for retrying requests and dealing with HTTP redirects. \u2022 Support for gzip, deflate, brotli, and zstd encoding. \u2022 Proxy support for HTTP and SOCKS. \u2022 100% test coverage. -------------------------------------------------------------------------------- Update Information: Update to 2.7.0 (rhbz#2467787) -------------------------------------------------------------------------------- ChangeLog: * Fri May 15 2026 Lumir Balhar - 2.7.0-2 - Remove lower bounds for trustme * Tue May 12 2026 Lumir Balhar - 2.7.0-1 - Update to 2.7.0 (rhbz#2467787) * Wed Apr 8 2026 Miro Hron\u010dok - 2.6.3-3 - Allow building with setuptools-scm 10+ * Sat Jan 17 2026 Fedora Release Engineering - 2.6.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2467787 - python-urllib3-2.7.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2467787 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6dde06a6e9' at thecommand line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update available for Fedora 43 python-urllib3 to version 2.7.0. Includes enhancements and critical features.. Fedora 43 Update, Python urllib3 2.7.0, Security Fix, HTTP Client Update. . Severity: Informational. LinuxSecurity.com Team

Calendar%202 May 31, 2026 Informational Fedora
100

SUSE Linux Python3 Important Command Injection Fix Advisory 2026-1937-1

An update that solves five vulnerabilities can now be installed.. # Security update for python3 Announcement ID: SUSE-SU-2026:1937-1 Release Date: 2026-05-18T07:42:02Z Rating: important References: * bsc#1261969 * bsc#1261970 * bsc#1262098 * bsc#1262319 * bsc#1262654 Cross-References: * CVE-2026-1502 * CVE-2026-3446 * CVE-2026-4786 * CVE-2026-6019 * CVE-2026-6100 CVSS scores: * CVE-2026-1502 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1502 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-1502 ( NVD ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3446 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-3446 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4786 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4786 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2026-4786 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6019 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6019 ( SUSE ): 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6019 ( NVD ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6100 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-6100 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6100 ( NVD ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for python3 fixes the following issue: * CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). * CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). * CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection (bsc#1262319). * CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). * CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory pressure(bsc#1262098). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1937=1 * SUSE Linux Enterprise Server 12 SP5 LTSS ExtendedSecurity zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1937=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * python3-devel-3.4.10-25.185.1 * python3-base-3.4.10-25.185.1 * python3-tk-debuginfo-3.4.10-25.185.1 * python3-3.4.10-25.185.1 * python3-curses-3.4.10-25.185.1 * python3-curses-debuginfo-3.4.10-25.185.1 * python3-debuginfo-3.4.10-25.185.1 * python3-tk-3.4.10-25.185.1 * libpython3_4m1_0-3.4.10-25.185.1 * python3-debugsource-3.4.10-25.185.1 * python3-base-debugsource-3.4.10-25.185.1 * libpython3_4m1_0-debuginfo-3.4.10-25.185.1 * python3-base-debuginfo-3.4.10-25.185.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (ppc64le s390x x86_64) * python3-devel-debuginfo-3.4.10-25.185.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libpython3_4m1_0-debuginfo-32bit-3.4.10-25.185.1 * libpython3_4m1_0-32bit-3.4.10-25.185.1 * python3-base-debuginfo-32bit-3.4.10-25.185.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpython3_4m1_0-32bit-3.4.10-25.185.1 * python3-devel-3.4.10-25.185.1 * python3-base-3.4.10-25.185.1 * python3-tk-debuginfo-3.4.10-25.185.1 * libpython3_4m1_0-debuginfo-32bit-3.4.10-25.185.1 * python3-3.4.10-25.185.1 * python3-curses-3.4.10-25.185.1 * python3-curses-debuginfo-3.4.10-25.185.1 * python3-debuginfo-3.4.10-25.185.1 * libpython3_4m1_0-3.4.10-25.185.1 * python3-base-debuginfo-32bit-3.4.10-25.185.1 * python3-tk-3.4.10-25.185.1 * python3-devel-debuginfo-3.4.10-25.185.1 * python3-debugsource-3.4.10-25.185.1 * python3-base-debugsource-3.4.10-25.185.1 * libpython3_4m1_0-debuginfo-3.4.10-25.185.1 * python3-base-debuginfo-3.4.10-25.185.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1502.html * https://www.suse.com/security/cve/CVE-2026-3446.html * https://www.suse.com/security/cve/CVE-2026-4786.html *https://www.suse.com/security/cve/CVE-2026-6019.html * https://www.suse.com/security/cve/CVE-2026-6100.html * https://bugzilla.suse.com/show_bug.cgi?id=1261969 * https://bugzilla.suse.com/show_bug.cgi?id=1261970 * https://bugzilla.suse.com/show_bug.cgi?id=1262098 * https://bugzilla.suse.com/show_bug.cgi?id=1262319 * https://bugzilla.suse.com/show_bug.cgi?id=1262654 . SUSE updates python3 with fixes for five important issues. Ensure your system is patched to safeguard against risks.. SUSE python3 security update important vulnerabilities patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 18, 2026 Important SuSE
219

Rocky Linux 9 RLSA-2026-14568 Libxml5 Low Risk Update CVE-2026-6124

Moderate: libsoup security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:13978", "synopsis": "Moderate: libsoup security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for libsoup.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libsoup packages provide an HTTP client and server library for GNOME.\n\nSecurity Fix(es):\n\n* libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment (CVE-2026-5119)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2452932", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2452932", "description": ""}], "cves": [{"name": "CVE-2026-5119", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5119", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", "cvss3BaseScore": "5.9", "cwe": "CWE-319"}], "references": [], "publishedAt": "2026-05-07T12:03:39.445016Z", "rpms": {"Rocky Linux 9": {"nvras": ["libsoup-0:2.72.0-12.el9_7.6.aarch64.rpm", "libsoup-0:2.72.0-12.el9_7.6.i686.rpm", "libsoup-0:2.72.0-12.el9_7.6.ppc64le.rpm", "libsoup-0:2.72.0-12.el9_7.6.s390x.rpm", "libsoup-0:2.72.0-12.el9_7.6.src.rpm", "libsoup-0:2.72.0-12.el9_7.6.x86_64.rpm", "libsoup-debuginfo-0:2.72.0-12.el9_7.6.aarch64.rpm", "libsoup-debuginfo-0:2.72.0-12.el9_7.6.i686.rpm", "libsoup-debuginfo-0:2.72.0-12.el9_7.6.ppc64le.rpm", "libsoup-debuginfo-0:2.72.0-12.el9_7.6.s390x.rpm", "libsoup-debuginfo-0:2.72.0-12.el9_7.6.x86_64.rpm", "libsoup-debugsource-0:2.72.0-12.el9_7.6.aarch64.rpm", "libsoup-debugsource-0:2.72.0-12.el9_7.6.i686.rpm","libsoup-debugsource-0:2.72.0-12.el9_7.6.ppc64le.rpm", "libsoup-debugsource-0:2.72.0-12.el9_7.6.s390x.rpm", "libsoup-debugsource-0:2.72.0-12.el9_7.6.x86_64.rpm", "libsoup-devel-0:2.72.0-12.el9_7.6.aarch64.rpm", "libsoup-devel-0:2.72.0-12.el9_7.6.i686.rpm", "libsoup-devel-0:2.72.0-12.el9_7.6.ppc64le.rpm", "libsoup-devel-0:2.72.0-12.el9_7.6.s390x.rpm", "libsoup-devel-0:2.72.0-12.el9_7.6.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Discover the latest libsoup security update for Rocky Linux, addressing information disclosure risks linked to cookies.. Rocky Linux Security, libsoup Update, Information Disclosure, HTTP Client Security, Security Patches. . LinuxSecurity.com Team

Calendar%202 May 07, 2026 Rocky Linux
89

Fedora 44 rust-reqsign-http-send-reqwest Update Advisory 2026-b8b59dcf44

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the networking stack used by uv. While its developers think that breakage will be rare, it is possible that these changes will result in the rejection of certificates previously trusted by uv so, they have marked the change as breaking out of an abundance of caution. The changes are largely driven by the. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b8b59dcf44 2026-03-28 00:15:26.019955+00:00 -------------------------------------------------------------------------------- Name : rust-reqsign-http-send-reqwest Product : Fedora 44 Version : 4.0.0 Release : 1.fc44 URL : https://crates.io/crates/reqsign-http-send-reqwest Summary : Reqwest-based HTTP client implementation for reqsign Description : Reqwest-based HTTP client implementation for reqsign. -------------------------------------------------------------------------------- Update Information: Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the networking stack used by uv. While its developers think that breakage will be rare, it is possible that these changes will result in the rejection of certificates previously trusted by uv so, they have marked the change as breaking out of an abundance of caution. The changes are largely driven by the upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included some breaking changes to TLS certificate verification. This update also includes updates for several of uv\u2019s Rust library dependencies. Update rust-openssl-probe to 0.2.1, including breaking changes introduced in 0.2.0, and introduce a new rust-openssl-probe0.1 compat package. Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2. Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option, added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added support for ALPN on the server side.Version 0.2.18 fixed min/max protocol selection fallback for very old OpenSSL versions. Add an initial package for rust-webpki-root-certs. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 24 2026 Benjamin A. Beasley - 4.0.0-1 - Update to version 4.0.0; Fixes RHBZ#2432772 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2425802 [ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2425819 [ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432768 [ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432769 [ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432770 [ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432771 [ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432772 [ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432773 [ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432774 [ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432775 [ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432776 [ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432777 [ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432779 [ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=2436289 [ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437941 [ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437942 [ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437976 [ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439752 [ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2450541 [ 20 ] Bug #2450582 - uv-0.11.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2450582 [ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format https://bugzilla.redhat.com/show_bug.cgi?id=2451103 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update required for rust-reqsign-http-send-reqwest due to potential certificate rejection after networking stack changes.. HTTP Client Update, Fedora Security Advisory, Certificate Management. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 28, 2026 Important Fedora
89

Fedora 43 python-aiohttp Important Security Advisory FEDORA-2026-66cb8ecfc2

https://github.com/aio-libs/aiohttp/blob/v3.13.3/CHANGES.rst. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-66cb8ecfc2 2026-02-14 01:08:36.223045+00:00 -------------------------------------------------------------------------------- Name : python-aiohttp Product : Fedora 43 Version : 3.13.3 Release : 4.fc43 URL : https://github.com/aio-libs/aiohttp Summary : Python HTTP client/server for asyncio Description : Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing. -------------------------------------------------------------------------------- Update Information: https://github.com/aio-libs/aiohttp/blob/v3.13.3/CHANGES.rst -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 3 2026 Benjamin A. Beasley - 3.13.3-4 - Skip test_send_compress_text_notakeover on s390x for now - Close RHBZ#2434949 * Tue Feb 3 2026 Benjamin A. Beasley - 3.13.3-3 - Revert "Drop s390xx for isal" * Tue Feb 3 2026 Nicolas Chauvet - 3.13.3-2 - Drop s390xx for isal * Tue Feb 3 2026 Nicolas Chauvet - 3.13.3-1 - Update to 3.13.3 * Sat Jan 17 2026 Fedora Release Engineering - 3.13.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Oct 17 2025 Benjamin A. Beasley - 3.13.1-1 - Update to 3.13.1 * Thu Oct 16 2025 Benjamin A. Beasley - 3.13.0-1 - Update to 3.13.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2434949 - python-aiohttp: FTBFS in Fedora rawhide/f44 https://bugzilla.redhat.com/show_bug.cgi?id=2434949 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2026-66cb8ecfc2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . An important security advisory addressing issues in Fedora 43's python-aiohttp, ensuring safe web interactions.. python aiohttp update, Fedora security advisory, HTTP client issues. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 14, 2026 Important Fedora
219

Rocky Linux RLSA-2026-0422 Libsoup Critical Repeated Host Header

Important: libsoup security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:0422", "synopsis": "Important: libsoup security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for libsoup.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libsoup packages provide an HTTP client and server library for GNOME.\n\nSecurity Fix(es):\n\n* libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins) (CVE-2025-14523)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2421349", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2421349", "description": ""}], "cves": [{"name": "CVE-2025-14523", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-14523", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "cvss3BaseScore": "8.2", "cwe": "CWE-444"}], "references": [], "publishedAt": "2026-01-15T09:13:58.593947Z", "rpms": {"Rocky Linux 9": {"nvras": ["libsoup-0:2.72.0-12.el9_7.3.aarch64.rpm", "libsoup-0:2.72.0-12.el9_7.3.i686.rpm", "libsoup-0:2.72.0-12.el9_7.3.ppc64le.rpm", "libsoup-0:2.72.0-12.el9_7.3.s390x.rpm", "libsoup-0:2.72.0-12.el9_7.3.src.rpm", "libsoup-0:2.72.0-12.el9_7.3.x86_64.rpm", "libsoup-debuginfo-0:2.72.0-12.el9_7.3.aarch64.rpm", "libsoup-debuginfo-0:2.72.0-12.el9_7.3.i686.rpm", "libsoup-debuginfo-0:2.72.0-12.el9_7.3.ppc64le.rpm", "libsoup-debuginfo-0:2.72.0-12.el9_7.3.s390x.rpm", "libsoup-debuginfo-0:2.72.0-12.el9_7.3.x86_64.rpm", "libsoup-debugsource-0:2.72.0-12.el9_7.3.aarch64.rpm", "libsoup-debugsource-0:2.72.0-12.el9_7.3.i686.rpm","libsoup-debugsource-0:2.72.0-12.el9_7.3.ppc64le.rpm", "libsoup-debugsource-0:2.72.0-12.el9_7.3.s390x.rpm", "libsoup-debugsource-0:2.72.0-12.el9_7.3.x86_64.rpm", "libsoup-devel-0:2.72.0-12.el9_7.3.aarch64.rpm", "libsoup-devel-0:2.72.0-12.el9_7.3.i686.rpm", "libsoup-devel-0:2.72.0-12.el9_7.3.ppc64le.rpm", "libsoup-devel-0:2.72.0-12.el9_7.3.s390x.rpm", "libsoup-devel-0:2.72.0-12.el9_7.3.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. An important libsoup security update addresses a critical issue related to host header discrepancies on Rocky Linux.. libsoup security update, Rocky Linux security, important libsoup patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jan 15, 2026 Important Rocky Linux
219

Rocky Linux 9: libsoup Important HTTP Security Fix RLSA-2025:19713

Important: libsoup security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2025:19713", "synopsis": "Important: libsoup security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for libsoup.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libsoup packages provide an HTTP client and server library for GNOME.\n\nSecurity Fix(es):\n\n* libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup (CVE-2025-4945)\n\n* libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library (CVE-2025-11021)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2367175", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2367175", "description": ""}, {"ticket": "2399627", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2399627", "description": ""}], "cves": [{"name": "CVE-2025-11021", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-11021", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3BaseScore": "7.5", "cwe": "CWE-125"}, {"name": "CVE-2025-4945", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-4945", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss3BaseScore": "3.7", "cwe": "CWE-190"}], "references": [], "publishedAt": "2025-11-06T09:06:00.631395Z", "rpms": {"Rocky Linux 9": {"nvras": ["libsoup-0:2.72.0-10.el9_6.3.aarch64.rpm", "libsoup-0:2.72.0-10.el9_6.3.i686.rpm", "libsoup-0:2.72.0-10.el9_6.3.ppc64le.rpm", "libsoup-0:2.72.0-10.el9_6.3.s390x.rpm", "libsoup-0:2.72.0-10.el9_6.3.src.rpm","libsoup-0:2.72.0-10.el9_6.3.x86_64.rpm", "libsoup-debuginfo-0:2.72.0-10.el9_6.3.aarch64.rpm", "libsoup-debuginfo-0:2.72.0-10.el9_6.3.ppc64le.rpm", "libsoup-debuginfo-0:2.72.0-10.el9_6.3.s390x.rpm", "libsoup-debuginfo-0:2.72.0-10.el9_6.3.x86_64.rpm", "libsoup-debugsource-0:2.72.0-10.el9_6.3.aarch64.rpm", "libsoup-debugsource-0:2.72.0-10.el9_6.3.ppc64le.rpm", "libsoup-debugsource-0:2.72.0-10.el9_6.3.s390x.rpm", "libsoup-debugsource-0:2.72.0-10.el9_6.3.x86_64.rpm", "libsoup-devel-0:2.72.0-10.el9_6.3.aarch64.rpm", "libsoup-devel-0:2.72.0-10.el9_6.3.i686.rpm", "libsoup-devel-0:2.72.0-10.el9_6.3.ppc64le.rpm", "libsoup-devel-0:2.72.0-10.el9_6.3.s390x.rpm", "libsoup-devel-0:2.72.0-10.el9_6.3.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. An important security update for libsoup in Rocky Linux addresses critical fixes impacting HTTP functions.. libsoup security update, Rocky Linux 9, HTTP library update, important security fixes. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Nov 06, 2025 Important Rocky Linux
89

Fedora 41: rust-reqsign-http-send-reqwest Critical Fix CVE-2025-62518

uv 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for CVE-2025-62518. ruff 0.14.2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-43a0bff5ea 2025-11-03 01:00:54.501352+00:00 -------------------------------------------------------------------------------- Name : rust-reqsign-http-send-reqwest Product : Fedora 41 Version : 2.0.0 Release : 1.fc41 URL : https://crates.io/crates/reqsign-http-send-reqwest Summary : Reqwest-based HTTP client implementation for reqsign Description : Reqwest-based HTTP client implementation for reqsign. -------------------------------------------------------------------------------- Update Information: uv 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for CVE-2025-62518. ruff 0.14.2 https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md rust-astral-tokio-tar 0.5.6 Fixed a parser desynchronization vulnerability when reading tar archives that contain mismatched size information in PAX/ustar headers. This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx and CVE-2025-62518. Initial package for python-uv-build in Fedora 42 Initial packages for a number of new dependencies for ruff and uv. Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1. Patch openapi-python-client to allow ruff 0.14 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2025 Benjamin A. Beasley - 2.0.0-1 - Update to version 2.0.0; Fixes RHBZ#2402443 * Thu Oct 2 2025 Benjamin A. Beasley - 1.0.0-1 - Initial package (close RHBZ#2400100) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2360699 - ruff-0.14.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2360699 [ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402441 [ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402442 [ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402443 [ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402881 [ 6 ] Bug #2402923 - uv-0.9.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402923 [ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2405471 [ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2405472 [ 9 ] Bug #2406135 - ruff-0.14.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2406135 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Fedora 41 update for rust-reqsign-http-send-reqwest addresses CVE-2025-62518 with critical security fix.. Fedora 41, rust-reqsign-http-send-reqwest, CVE-2025-62518. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Nov 03, 2025 Critical Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200