Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 2,604 articles for you...
172

Ubuntu 26.04 Authlib Important JWT Bypass and CSRF Vulnerities USN-8557-1

Several security issues were fixed in Authlib.. ========================================================================== Ubuntu Security Notice USN-8557-1 July 16, 2026 python-authlib vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Authlib. Software Description: - python-authlib: Python library for building OAuth and OpenID Connect servers Details: Jay Neiva and Mauro Carrillo discovered that Authlib did not properly validate cryptographic keys embedded in JWT headers. An attacker could possibly use this issue to forge trusted tokens, resulting in authentication and authorization bypass. (CVE-2026-27962) Jay Neiva and Mauro Carrillo discovered that Authlib incorrectly handled RSA1_5 encrypted tokens. An attacker could possibly use this issue to recover sensitive encrypted information, resulting in information disclosure. (CVE-2026-28490) Jay Neiva and Mauro Carrillo discovered that Authlib did not properly reject unsupported cryptographic algorithms when validating OpenID Connect ID tokens. An attacker could possibly use this issue to bypass token integrity checks, resulting in authentication bypass. (CVE-2026-28498) Johnny Deuss discovered that Authlib did not provide cross-site request forgery protection for the OAuth cache feature in its Starlette integration. An attacker could possibly use this issue to perform unauthorized OAuth actions, resulting in cross-site request forgery. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-41425) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS python3-authlib 1.6.7-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 24.04 LTS python3-authlib 1.3.0-1ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 22.04 LTS python3-authlib 0.15.5-1ubuntu0.1~esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8557-1 CVE-2026-27962, CVE-2026-28490, CVE-2026-28498, CVE-2026-41425 . Multiple security flaws in Authlib fixed, affecting several Ubuntu versions. Update recommended for safety against attacks.. python-authlib, ubuntu updates, oauth security. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 16, 2026 Important Ubuntu
197

Debian 12 Chromium Critical Code Exec Denial of Service Advisory DLA-4687-1

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For Debian 12 bookworm, these problems have been fixed in version 150.0.7871.124-1~deb12u1.. Debian LTS Advisory DLA-4687-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Emilio Pozuelo Monfort July 16, 2026 https://wiki.debian.org/LTS Package : chromium Version : 150.0.7871.124-1~deb12u1 CVE ID : CVE-2026-15764 CVE-2026-15765 CVE-2026-15766 CVE-2026-15767 CVE-2026-15768 CVE-2026-15769 CVE-2026-15770 CVE-2026-15771 CVE-2026-15772 CVE-2026-15773 CVE-2026-15774 CVE-2026-15775 CVE-2026-15776 CVE-2026-15777 CVE-2026-15778 Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For Debian 12 bookworm, these problems have been fixed in version 150.0.7871.124-1~deb12u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . A critical security update for Debian 12 bookworm addresses severe vulnerabilities in Chromium related to code execution and information exposure.. Debian Chromium Security Update, Code Execution Vulnerabilities, Denial of Service Issues. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 16, 2026 Critical Debian LTS
87

Debian Chromium Critical Denial of Service Info Disclosure DSA-6390-1

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (trixie), these problems have been fixed in version 150.0.7871.124-1~deb13u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6390-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Andres Salomon July 16, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium CVE ID : CVE-2026-15764 CVE-2026-15765 CVE-2026-15766 CVE-2026-15767 CVE-2026-15768 CVE-2026-15769 CVE-2026-15770 CVE-2026-15771 CVE-2026-15772 CVE-2026-15773 CVE-2026-15774 CVE-2026-15775 CVE-2026-15776 CVE-2026-15777 CVE-2026-15778 Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (trixie), these problems have been fixed in version 150.0.7871.124-1~deb13u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical security issues in Debian's Chromium package allow arbitrary code execution, DoS, or information leaks. Fixes available now.. Debian Security, Chromium Update, Critical Security Fix, Arbitrary Code Execution. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 16, 2026 Critical Debian
219

Rocky Linux 8 Node.js Important Security Advisory RLSA-2026-39868

Important: nodejs:24 security, bug fix, and enhancement update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:39868", "synopsis": "Important: nodejs:24 security, bug fix, and enhancement update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for nodejs, module.nodejs, nodejs-packaging, nodejs-nodemon, module.nodejs-packaging, module.nodejs-nodemon.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (CVE-2026-42338)\n\n* undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames (CVE-2026-12151)\n\n* undici: Undici: Information disclosure due to improper cache-control header parsing (CVE-2026-9678)\n\n* undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery. (CVE-2026-6733)\n\n* undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header (CVE-2026-11525)\n\n* undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy (CVE-2026-9697)\n\n* undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing (CVE-2026-6734)\n\n* nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames (CVE-2026-48619)\n\n* nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling (CVE-2026-48930)\n\n* nodejs: Node.js: Unauthorized file metadata modification (CVE-2026-48935)\n\n* nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt() (CVE-2026-48933)\n\n* nodejs: Node.js: Certification validation bypass in TLS host verification(CVE-2026-48934)\n\n* Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency (CVE-2026-48928)\n\n* nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling (CVE-2026-48615)\n\n* nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch (CVE-2026-48618)\n\nBug Fix(es) and Enhancement(s):\n\n* nodejs:24/nodejs: Rebase to the latest Node.js 24 release [rhel-8] (JIRA:Rocky Linux-168744)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2476810", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810", "description": ""}, {"ticket": "2489980", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980", "description": ""}, {"ticket": "2490000", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000", "description": ""}, {"ticket": "2490006", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2490006", "description": ""}, {"ticket": "2490008", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2490008", "description": ""}, {"ticket": "2490018", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018", "description": ""}, {"ticket": "2490024", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2490024", "description": ""}, {"ticket": "2493325", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325", "description": ""}, {"ticket": "2493326", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326", "description": ""}, {"ticket": "2493329", "sourceBy": "Red Hat", "sourceLink":"https://bugzilla.redhat.com/show_bug.cgi?id=2493329", "description": ""}, {"ticket": "2493331", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331", "description": ""}, {"ticket": "2493332", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332", "description": ""}, {"ticket": "2493333", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333", "description": ""}, {"ticket": "2493335", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335", "description": ""}, {"ticket": "2493337", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337", "description": ""}], "cves": [{"name": "CVE-2026-11525", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11525", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss3BaseScore": "3.7", "cwe": "CWE-1286"}, {"name": "CVE-2026-12151", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12151", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}, {"name": "CVE-2026-42338", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42338", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "cvss3BaseScore": "8.1", "cwe": "CWE-79"}, {"name": "CVE-2026-48615", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48615", "cvss3ScoringVector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3BaseScore": "5.9", "cwe": "CWE-209"}, {"name": "CVE-2026-48618", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48618", "cvss3ScoringVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "cvss3BaseScore": "7.7", "cwe": "CWE-289"}, {"name": "CVE-2026-48619", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48619", "cvss3ScoringVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss3BaseScore": "5.3", "cwe": "CWE-770"}, {"name": "CVE-2026-48928", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48928", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "cvss3BaseScore": "4.2", "cwe": "CWE-289"}, {"name": "CVE-2026-48930", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48930", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "cvss3BaseScore": "5.6", "cwe": "CWE-170"}, {"name": "CVE-2026-48933", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48933", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}, {"name": "CVE-2026-48934", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48934", "cvss3ScoringVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss3BaseScore": "4.3", "cwe": "CWE-295"}, {"name": "CVE-2026-48935", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48935", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss3BaseScore": "3.3", "cwe": "CWE-279"}, {"name": "CVE-2026-6733", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6733", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss3BaseScore": "3.7", "cwe": "CWE-940"}, {"name": "CVE-2026-6734", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6734", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-940"}, {"name": "CVE-2026-9678", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9678", "cvss3ScoringVector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3BaseScore": "5.9", "cwe": "CWE-1286"}, {"name": "CVE-2026-9697", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9697", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss3BaseScore": "7.4", "cwe": "CWE-295"}], "references": [], "publishedAt": "2026-07-16T00:01:09.519027Z", "rpms": {"Rocky Linux 8": {"nvras": ["nodejs-1:24.18.0-1.module+el8.10.0+40252+a58646bc.aarch64.rpm", "nodejs-1:24.18.0-1.module+el8.10.0+40252+a58646bc.src.rpm", "nodejs-1:24.18.0-1.module+el8.10.0+40252+a58646bc.x86_64.rpm", "nodejs-debuginfo-1:24.18.0-1.module+el8.10.0+40252+a58646bc.aarch64.rpm", "nodejs-debuginfo-1:24.18.0-1.module+el8.10.0+40252+a58646bc.x86_64.rpm", "nodejs-debugsource-1:24.18.0-1.module+el8.10.0+40252+a58646bc.aarch64.rpm", "nodejs-debugsource-1:24.18.0-1.module+el8.10.0+40252+a58646bc.x86_64.rpm", "nodejs-devel-1:24.18.0-1.module+el8.10.0+40252+a58646bc.aarch64.rpm", "nodejs-devel-1:24.18.0-1.module+el8.10.0+40252+a58646bc.x86_64.rpm", "nodejs-docs-1:24.18.0-1.module+el8.10.0+40252+a58646bc.noarch.rpm", "nodejs-full-i18n-1:24.18.0-1.module+el8.10.0+40252+a58646bc.aarch64.rpm", "nodejs-full-i18n-1:24.18.0-1.module+el8.10.0+40252+a58646bc.x86_64.rpm", "nodejs-libs-1:24.18.0-1.module+el8.10.0+40252+a58646bc.aarch64.rpm", "nodejs-libs-1:24.18.0-1.module+el8.10.0+40252+a58646bc.x86_64.rpm", "nodejs-libs-debuginfo-1:24.18.0-1.module+el8.10.0+40252+a58646bc.aarch64.rpm", "nodejs-libs-debuginfo-1:24.18.0-1.module+el8.10.0+40252+a58646bc.x86_64.rpm", "nodejs-nodemon-0:3.0.3-1.module+el8.10.0+2084+ab509703.noarch.rpm", "nodejs-nodemon-0:3.0.3-1.module+el8.10.0+2084+ab509703.src.rpm", "nodejs-packaging-0:2021.06-6.module+el8.10.0+40172+38f6fdd1.noarch.rpm", "nodejs-packaging-0:2021.06-6.module+el8.10.0+40048+6d99f608.noarch.rpm", "nodejs-packaging-0:2021.06-6.module+el8.10.0+40171+8fa9c325.noarch.rpm", "nodejs-packaging-0:2021.06-6.module+el8.10.0+40171+8fa9c325.src.rpm","nodejs-packaging-0:2021.06-6.module+el8.10.0+40172+38f6fdd1.src.rpm", "nodejs-packaging-0:2021.06-6.module+el8.10.0+40048+6d99f608.src.rpm", "nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+40171+8fa9c325.noarch.rpm", "nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+40048+6d99f608.noarch.rpm", "nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+40172+38f6fdd1.noarch.rpm", "npm-1:11.16.0-1.24.18.0.1.module+el8.10.0+40252+a58646bc.noarch.rpm", "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el8.10.0+40252+a58646bc.aarch64.rpm", "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el8.10.0+40252+a58646bc.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Critical security updates for nodejs on Rocky Linux 8 resolve multiple issues including Denial of Service and XSS vulnerabilities. Prompt action recommended.. Rocky Linux nodejs security update, security advisories nodejs, nodejs vulnerabilities details, Rockylinux security fixes. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 16, 2026 Important Rocky Linux
219

Rocky Linux 10 EDK2 Moderate Security Issues RLSA-2026-39297

Moderate: edk2 security, bug fix, and enhancement update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:39297", "synopsis": "Moderate: edk2 security, bug fix, and enhancement update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for edk2.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. \n\nSecurity Fix(es):\n\n* openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key (CVE-2026-31790)\n\n* openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing (CVE-2026-28390)\n\nBug Fix(es) and Enhancement(s):\n\n* edk2/x64: re-enable legacy kernel loader [rhel-10.2.z] (JIRA:Rocky Linux-182421)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2456314", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456314", "description": ""}, {"ticket": "2451094", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094", "description": ""}], "cves": [{"name": "CVE-2026-28390", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28390", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-476"}, {"name": "CVE-2026-31790", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31790", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3BaseScore": "5.9", "cwe": "CWE-824"}],"references": [], "publishedAt": "2026-07-15T12:06:01.640959Z", "rpms": {"Rocky Linux 10": {"nvras": ["edk2-debugsource-0:20251114-5.el10_2.2.aarch64.rpm", "edk2-tools-0:20251114-5.el10_2.2.aarch64.rpm", "edk2-debugsource-0:20251114-5.el10_2.2.x86_64.rpm", "edk2-tools-debuginfo-0:20251114-5.el10_2.2.aarch64.rpm", "edk2-aarch64-0:20251114-5.el10_2.2.noarch.rpm", "edk2-ovmf-0:20251114-5.el10_2.2.noarch.rpm", "edk2-tools-doc-0:20251114-5.el10_2.2.noarch.rpm", "edk2-tools-debuginfo-0:20251114-5.el10_2.2.x86_64.rpm", "edk2-tools-0:20251114-5.el10_2.2.x86_64.rpm", "edk2-0:20251114-5.el10_2.2.src.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Security updates for Rocky Linux 10 include moderate fixes for EDK2 addressing denial of service and information leakage issues.. Rocky Linux, edk2 security, moderate severity, Linux updates. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 15, 2026 moderate Rocky Linux
202

openSUSE Grafana Moderate Information Disclosure Fix 2026-21351-1

An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed.. openSUSE security update: security update for grafana ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21351-1 Rating: moderate References: * bsc#1262187 * bsc#1263272 Cross-References: * CVE-2025-12141 * CVE-2026-21725 * CVE-2026-41607 CVSS scores: * CVE-2025-12141 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-12141 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N * CVE-2026-21725 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L * CVE-2026-21725 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-41607 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-41607 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed. Description: This update for grafana fixes the following issues: Changes in grafana: - Add UI web assets as additional source tarball - Update to version 12.4.5 (jsc#PED-16512): * Datasources: return 400 when payload UID does not match URL UID in PUT /api/datasources/uid/:uid - Update to version 12.4.4: * Security and quality updates. * Various bug fixes and enhancements. - Update to version 12.4.3: * Analytics: Keep internal dashboard id. * Go: Update to 1.25.9. * Reporting: Correctly apply appSubURL to report settings requests. * Alerting: Document Grafana HA Alertmanager cluster metrics prefix change. - Update to version 12.4.2: * Various bug fixes and performance improvements. * Dependency updates to core plugins and UI libraries. - Update to version 12.4.1: * Bug fixes and minor quality-of-life enhancements. * Updates to data sourceprovisioning and dashboard schemas. - Update to version 12.4.0: * Introduced dynamic dashboards in public preview. * Added a new side toolbar that replaces the second top toolbar to provide additional vertical space. * Added the ability to create dashboards from templates using sample data. * Revamped the gauge visualization with rounded bars, configurable bar thickness, and endpoint markers. * Added support to map one variable to multiple values. * CVE-2025-12141: Fixed information leakage in Grafana Alerting (bsc#1262187) - Update to version 12.3.0: * Released a completely redesigned logs visualization. * Added the ability to export dashboards directly as PNG images. * Introduced an interactive learning experience within the Grafana UI. * Added a Switch template variable type to quickly toggle between values in queries. * Added functionality to style table cells using CSS properties via the field cell option. - Update to version 12.2.0: * Routine feature enhancements, minor bug fixes, and security patches. - Update to version 12.1.0: * Added support for Entra Workload Identity to enhance authentication capabilities with federated credentials. * Redesigned the alert rule list page. * Renamed Mute Timings to Active Time Intervals in Grafana Alerting. * Added support for Service Account Impersonation in the BigQuery data source. * Introduced the Grafana Advisor in public preview. - Update to version 12.0.0: * BREAKING: Removed AngularJS and all deprecated UI Extensions APIs. * BREAKING: Enforced stricter version compatibility checks in plugin CLI install commands. * BREAKING: Enabled the failWrongDSUID feature flag by default, which rejects data sources with incorrect UIDs. * MIGRATION: Triggered a full-table rewrite for the annotation table, which may temporarily increase disk usage. * Introduced a new dashboard schema to replace the original single grid layout. - CVE-2026-41607: Fix potentialinformation disclosure in Apache Thrift (bsc#1263272) Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-416=1 Package List: - openSUSE Leap 16.0: grafana-12.4.5-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2025-12141.html * https://www.suse.com/security/cve/CVE-2026-21725.html * https://www.suse.com/security/cve/CVE-2026-41607.html . An important security update for Grafana on openSUSE fixes several issues and vulnerabilities to enhance system protection.. opensuse grafana security update CVE information disclosure. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 15, 2026 moderate OpenSUSE
89

Fedora 44 FreeRDP Important DoS Information Disclosure Fix 2026-931f893f1b

Update to 3.28.0 It fixes CVE-2026-57156, CVE-2026-57157 and CVE-2026-57158.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-931f893f1b 2026-07-15 01:03:58.675206+00:00 -------------------------------------------------------------------------------- Name : freerdp Product : Fedora 44 Version : 3.28.0 Release : 1.fc44 URL : http://www.freerdp.com/ Summary : Free implementation of the Remote Desktop Protocol (RDP) Description : The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox. -------------------------------------------------------------------------------- Update Information: Update to 3.28.0 It fixes CVE-2026-57156, CVE-2026-57157 and CVE-2026-57158. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 13 2026 Ondrej Holy - 2:3.28.0-1 - Update to 3.28.0 (CVE-2026-57156, CVE-2026-57157, CVE-2026-57158) Resolves: rhbz#2497324 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2499199 - CVE-2026-57158 freerdp: FreeRDP: Information disclosure via truncated RDPGFX planar payload [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2499199 [ 2 ] Bug #2499200 - CVE-2026-57157 freerdp: FreeRDP: Out-of-bounds read leads to information disclosure and denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2499200 [ 3 ] Bug #2499226 - CVE-2026-57156 freerdp: FreeRDP: Arbitrary code execution or denial of service via integer overflow in RDP message processing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2499226 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnfupgrade --advisory FEDORA-2026-931f893f1b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . This Fedora advisory details important fixes for Freerdp addressing critical issues including information disclosure and code execution.. Freerdp Security Fix, Fedora Update, Remote Desktop Protocol Bug. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 14, 2026 Important Fedora
197

Debian LTS wolfssl Critical Denial of Service Auth Bypass Alert 2026-5194

Multiple vulnerabilities were discovered in wolfSSL, a lightweight, portable, C-language-based SSL/TLS library, which could result in signature forgery, authentication bypass, information disclosure, or denial of service. CVE-2026-5194. Debian LTS Advisory DLA-4683-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta July 15, 2026 https://wiki.debian.org/LTS Package : wolfssl Version : 5.5.4-2+deb12u3 CVE ID : CVE-2026-5194 CVE-2026-6092 CVE-2026-6094 CVE-2026-6325 CVE-2026-6329 CVE-2026-6331 CVE-2026-6450 CVE-2026-6678 CVE-2026-6681 CVE-2026-6731 CVE-2026-7511 CVE-2026-55961 CVE-2026-55962 CVE-2026-55967 Multiple vulnerabilities were discovered in wolfSSL, a lightweight, portable, C-language-based SSL/TLS library, which could result in signature forgery, authentication bypass, information disclosure, or denial of service. CVE-2026-5194 Missing hash/digest size and OID checks allowed digests smaller than appropriate for the relevant key type to be accepted during ECDSA certificate signature verification, weakening ECDSA certificate-based authentication when EdDSA or ML-DSA support was also enabled. CVE-2026-6092 When configured with HAVE_ENCRYPT_THEN_MAC, the TLS resumption path could fall back to MAC-then-Encrypt instead of enforcing Encrypt-then-MAC. CVE-2026-6094 A heap buffer over-read in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS#7 EnvelopedData could be triggered by attacker-supplied data delivered via S/MIME or CMS. CVE-2026-6325 An out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list allowed a write past the bounds of the destination buffer. CVE-2026-6329 PKCS#12 MAC verification compared the computed HMAC against the stored MAC using an attacker-controlled length, allowing a truncated or zero-length MACto be accepted and defeating the integrity protection of the MAC. CVE-2026-6331 An HMAC zero-length tag forgery in EVP_DigestVerifyFinal allowed a truncated or empty tag to be accepted as a valid signature, because the supplied length was only checked not to exceed the MAC length. CVE-2026-6450 A CRL critical extension bypass in ParseCRL_Extensions allowed a crafted CRL carrying an unhandled critical extension to be accepted. This only affects builds with CRL support enabled. CVE-2026-6678 An integer underflow in wc_PKCS7_DecryptOri when handling crafted OtherRecipientInfo led to incorrect length handling during decryption. CVE-2026-6681 The PKCS#7 decode path ignored the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. CVE-2026-6731 An X.509 name constraint bypass allowed a certificate whose Subject Common Name violated an issuing CA's DNS name constraints to be accepted when the CN was treated as a DNS-type name. CVE-2026-7511 A PKCS7_verify signer confusion issue meant the signer associated with a signature was not correctly bound, permitting a forged signature to be accepted. CVE-2026-55961 wolfSSL_PKCS7_verify() returned success for a degenerate (certs-only) PKCS#7 object containing no signer, so a bundle carrying no valid signature could be reported as verified. This only affects OpenSSL compatibility builds. CVE-2026-55962 A TLS 1.3 post-handshake authentication issue allowed a server to accept a client's Finished message without the client having sent a Certificate and CertificateVerify. This only affects TLS 1.3 servers configured with and actively using post-handshake authentication. CVE-2026-55967 AES-GCM encryption/decryption with extremely large cumulative single message sizes (> 64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse andconsequent plaintext recovery. For Debian 12 bookworm, these problems have been fixed in version 5.5.4-2+deb12u3. We recommend that you upgrade your wolfssl packages. For the detailed security status of wolfssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wolfssl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Multiple vulnerabilities in wolfSSL could lead to serious security risks, including authentication bypass and denial of service.. wolfSSL vulnerabilities, Debian security updates, SSL/TLS library fixes, lightweight security solutions. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 14, 2026 Critical Debian LTS
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200