Explore top 10 tips to secure your open-source projects now. Read More
×libslirp could be made to expose sensitive information over the network.. ========================================================================== Ubuntu Security Notice USN-8550-1 July 15, 2026 libslirp vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: libslirp could be made to expose sensitive information over the network. Software Description: - libslirp: General purpose TCP-IP emulator library Details: It was discovered that libslirp incorrectly handled TCP urgent data. A privileged attacker inside a guest VM could possibly use this issue to obtain sensitive information from the host process memory. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libslirp0 4.9.1-1ubuntu1.1 Ubuntu 24.04 LTS libslirp0 4.7.0-1ubuntu3.1 Ubuntu 22.04 LTS libslirp0 4.6.1-1ubuntu0.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8550-1 CVE-2026-9539 Package Information: https://launchpad.net/ubuntu/+source/libslirp/4.9.1-1ubuntu1.1 https://launchpad.net/ubuntu/+source/libslirp/4.7.0-1ubuntu3.1 https://launchpad.net/ubuntu/+source/libslirp/4.6.1-1ubuntu0.2 . libslirp update for Ubuntu addresses critical confidentiality risk due to information exposure over the network.. Ubuntu libslirp security patch, network information exposure, Ubuntu advisory 8550-1, VM attack prevention, TCP-IP emulator security. . Severity: Important. LinuxSecurity.com Team
Several security issues were fixed in Dnsmasq.. ========================================================================== Ubuntu Security Notice USN-8542-1 July 14, 2026 dnsmasq vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Dnsmasq. Software Description: - dnsmasq: Small caching DNS proxy and DHCP/TFTP server Details: Yiwei Hou discovered that Dnsmasq incorrectly handled logging of DS or DNSKEY. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2026-12725) It was discovered that Dnsmasq incorrectly validated the length of fixed-length DNS record fields when parsing NS section records. A remote attacker could possibly use this issue to cause Dnsmasq to read out of bounds, possibly exposing sensitive information. (CVE-2026-12969) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS dnsmasq 2.92-1ubuntu0.4 dnsmasq-base 2.92-1ubuntu0.4 dnsmasq-base-lua 2.92-1ubuntu0.4 dnsmasq-utils 2.92-1ubuntu0.4 Ubuntu 24.04 LTS dnsmasq 2.90-2ubuntu0.4 dnsmasq-base 2.90-2ubuntu0.4 dnsmasq-base-lua 2.90-2ubuntu0.4 dnsmasq-utils 2.90-2ubuntu0.4 Ubuntu 22.04 LTS dnsmasq 2.90-0ubuntu0.22.04.4 dnsmasq-base 2.90-0ubuntu0.22.04.4 dnsmasq-base-lua 2.90-0ubuntu0.22.04.4 dnsmasq-utils 2.90-0ubuntu0.22.04.4 Ubuntu 20.04 LTS dnsmasq 2.90-0ubuntu0.20.04.1+esm3 Available with Ubuntu Pro dnsmasq-base 2.90-0ubuntu0.20.04.1+esm3 Available with Ubuntu Pro dnsmasq-base-lua 2.90-0ubuntu0.20.04.1+esm3 Available with Ubuntu Pro dnsmasq-utils 2.90-0ubuntu0.20.04.1+esm3 Available with Ubuntu Pro Ubuntu 18.04 LTS dnsmasq 2.90-0ubuntu0.18.04.1+esm4 Available with Ubuntu Pro dnsmasq-base 2.90-0ubuntu0.18.04.1+esm4 Available with Ubuntu Pro dnsmasq-base-lua 2.90-0ubuntu0.18.04.1+esm4 Available with Ubuntu Pro dnsmasq-utils 2.90-0ubuntu0.18.04.1+esm4 Available with Ubuntu Pro Ubuntu 16.04 LTS dnsmasq 2.90-0ubuntu0.16.04.1+esm4 Available with Ubuntu Pro dnsmasq-base 2.90-0ubuntu0.16.04.1+esm4 Available with Ubuntu Pro dnsmasq-base-lua 2.90-0ubuntu0.16.04.1+esm4 Available with Ubuntu Pro dnsmasq-utils 2.90-0ubuntu0.16.04.1+esm4 Available with Ubuntu Pro After a standard system update you need to restart dnsmasq to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8542-1 CVE-2026-12725, CVE-2026-12969 Package Information: https://launchpad.net/ubuntu/+source/dnsmasq/2.92-1ubuntu0.4 https://launchpad.net/ubuntu/+source/dnsmasq/2.90-2ubuntu0.4 https://launchpad.net/ubuntu/+source/dnsmasq/2.90-0ubuntu0.22.04.4 . Resolve critical security issues in Dnsmasq for multiple Ubuntu LTS versions to prevent potential information exposure or denial of service.. Dnsmasq Security Advisories, Ubuntu LTS Patches, dnsmasq Exploit Fixes. . Severity: Critical. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-35830 http://linux.oracle.com/errata/ELSA-2026-35830.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: grafana-9.2.10-31.0.1.el8_10.x86_64.rpm grafana-selinux-9.2.10-31.0.1.el8_10.x86_64.rpm aarch64: grafana-9.2.10-31.0.1.el8_10.aarch64.rpm grafana-selinux-9.2.10-31.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/grafana-9.2.10-31.0.1.el8_10.src.rpm Related CVEs: CVE-2026-39821 Description of changes: [9.2.10-31.0.1] - Fixes CVE-2024-1442 Add email verification when updating user email [Orabug: 38550520] [9.2.10-31] - Resolves RHEL-183728: CVE-2026-39821 _______________________________________________ El-errata mailing list
Libidn could be made to crash or expose sensitive information if it received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-8521-1 July 09, 2026 libidn vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Libidn could be made to crash or expose sensitive information if it received specially crafted input. Software Description: - libidn: implementation of IETF IDN specifications Details: It was discovered that Libidn incorrectly handled certain internationalized domain name strings. An attacker could possibly use this issue to obtain sensitive information or cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libidn12 1.43-2ubuntu0.26.04.1 Ubuntu 24.04 LTS libidn12 1.42-1ubuntu0.1 Ubuntu 22.04 LTS libidn12 1.38-4ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8521-1 CVE-2026-57053 Package Information: https://launchpad.net/ubuntu/+source/libidn/1.43-2ubuntu0.26.04.1 https://launchpad.net/ubuntu/+source/libidn/1.42-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libidn/1.38-4ubuntu1.1 . Libidn issues in Ubuntu could lead to system crash or information exposure if vulnerable inputs are received. Update recommended.. Ubuntu security update, libidn security vulnerability, Ubuntu critical advisory. . Severity: Critical. LinuxSecurity.com Team
Parsl could be made to expose sensitive information over the network.. ========================================================================== Ubuntu Security Notice USN-8505-1 July 06, 2026 python-parsl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS Summary: Parsl could be made to expose sensitive information over the network. Software Description: - python-parsl: Create parallel programs composed of Python functions and external components Details: It was discovered that Parsl incorrectly constructed SQL queries using unsafe string formatting with user-supplied input in the parsl-visualize component. A remote attacker could possibly use this issue to perform SQL injection attacks, leading to data exfiltration or a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS python-parsl-doc 2024.02.26+ds-1ubuntu0.1~esm1 Available with Ubuntu Pro python3-parsl 2024.02.26+ds-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8505-1 CVE-2026-21892 . Parsl on Ubuntu could expose information due to improper SQL handling. Update recommended to prevent data breaches.. Ubuntu Parsl SQL Attack, Python Vulnerability, Sensitive Data Exposure. . Severity: Critical. LinuxSecurity.com Team
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-8488-2 July 02, 2026 linux-raspi vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-raspi: Linux kernel for Raspberry Pi systems Details: It was discovered that some AMD processors did not properly clear data in the floating point divider unit during speculative execution. A local attacker could use this to expose sensitive information. (CVE-2025-54505) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - Rados block device (RBD) driver; - Compressed RAM block device driver; - Character device driver; - TPM device driver; - Hardware crypto device drivers; - EDAC drivers; - GPU drivers; - Greybus drivers; - HID subsystem; - Microsoft Hyper-V drivers; - Hardware monitoring drivers; - I2C subsystem; - IIO subsystem; - InfiniBand drivers; - Input Device core drivers; - LED subsystem; - Multiple devices driver; - Media drivers; - IBM Advanced System Management driver; - MTD block device drivers; - Network drivers; - Microsoft Azure Network Adapter (MANA) driver; - NTB driver; - NVME drivers; - Device tree and open firmware driver; - PCI subsystem; - Remote Processor subsystem; - SCSI subsystem; - SPI subsystem; - Realtek RTL8723BS SDIO drivers; - SM750 framebuffer staging driver; - Thermal drivers; - USB Gadget drivers; - USB over IP driver; - VFIO drivers; - Framebuffer layer; - 9P distributed file system; - AFS file system; - Cephdistributed file system; - File systems infrastructure; - EROFS file system; - Ext4 file system; - F2FS file system; - FUSE (File system in Userspace); - Journaling layer for block devices (JBD2); - NILFS2 file system; - File system notification infrastructure; - NTFS3 file system; - OCFS2 file system; - SMB network file system; - UDF file system; - XFS file system; - Codetag library; - Memory management; - Memory Management; - KVM subsystem; - Tracing infrastructure; - User-space API (UAPI); - io_uring subsystem; - Locking primitives; - Timer subsystem; - Scatterlist API; - Heterogeneous memory management; - KASAN memory debugging framework; - Bluetooth subsystem; - Ethernet bridge; - CAIF protocol; - CAN network layer; - Ceph Core library; - IPv4 networking; - IPv6 networking; - Multipath TCP; - Netfilter; - NFC subsystem; - Packet sockets; - Qualcomm IPC Router (QRTR); - RDS protocol; - RxRPC session sockets; - SMC sockets; - Stream parser; - Landlock security; - SELinux security module; - ALSA framework; - Generic PCM loopback sound driver; - FireWire sound drivers; - Creative Sound Blaster X-Fi driver; - QCOM ASoC drivers; - USB sound devices; - Objtool; (CVE-2026-31532, CVE-2026-31574, CVE-2026-31575, CVE-2026-31576, CVE-2026-31577, CVE-2026-31578, CVE-2026-31579, CVE-2026-31580, CVE-2026-31581, CVE-2026-31582, CVE-2026-31583, CVE-2026-31584, CVE-2026-31585, CVE-2026-31586, CVE-2026-31587, CVE-2026-31588, CVE-2026-31589, CVE-2026-31590, CVE-2026-31591, CVE-2026-31592, CVE-2026-31593, CVE-2026-31594, CVE-2026-31595, CVE-2026-31596, CVE-2026-31597, CVE-2026-31598, CVE-2026-31599, CVE-2026-31600, CVE-2026-31601, CVE-2026-31602, CVE-2026-31603, CVE-2026-31604, CVE-2026-31605, CVE-2026-31606, CVE-2026-31607, CVE-2026-31608, CVE-2026-31609, CVE-2026-31610, CVE-2026-31611, CVE-2026-31612, CVE-2026-31613, CVE-2026-31614, CVE-2026-31615, CVE-2026-31616, CVE-2026-31617, CVE-2026-31618, CVE-2026-31619,CVE-2026-31620, CVE-2026-31621, CVE-2026-31622, CVE-2026-31623, CVE-2026-31624, CVE-2026-31625, CVE-2026-31626, CVE-2026-31627, CVE-2026-31628, CVE-2026-31629, CVE-2026-31686, CVE-2026-31694, CVE-2026-31696, CVE-2026-31697, CVE-2026-31698, CVE-2026-31699, CVE-2026-31700, CVE-2026-31701, CVE-2026-31702, CVE-2026-31703, CVE-2026-31704, CVE-2026-31705, CVE-2026-31706, CVE-2026-31707, CVE-2026-31708, CVE-2026-31709, CVE-2026-31710, CVE-2026-31711, CVE-2026-31712, CVE-2026-31713, CVE-2026-31714, CVE-2026-31715, CVE-2026-31716, CVE-2026-31717, CVE-2026-31718, CVE-2026-31719, CVE-2026-43058, CVE-2026-43071, CVE-2026-43072, CVE-2026-43073, CVE-2026-43348, CVE-2026-43349, CVE-2026-43350, CVE-2026-43491, CVE-2026-43493, CVE-2026-43499, CVE-2026-43501, CVE-2026-45986, CVE-2026-45987, CVE-2026-45988, CVE-2026-45989, CVE-2026-45990, CVE-2026-45991, CVE-2026-45994, CVE-2026-45995, CVE-2026-45996, CVE-2026-45997, CVE-2026-45999, CVE-2026-46001, CVE-2026-46002, CVE-2026-46003, CVE-2026-46004, CVE-2026-46005, CVE-2026-46006, CVE-2026-46007, CVE-2026-46008, CVE-2026-46009, CVE-2026-46010, CVE-2026-46011, CVE-2026-46012, CVE-2026-46013, CVE-2026-46014, CVE-2026-46015, CVE-2026-46016, CVE-2026-46018, CVE-2026-46019, CVE-2026-46020, CVE-2026-46021, CVE-2026-46022, CVE-2026-46023, CVE-2026-46024, CVE-2026-46025, CVE-2026-46026, CVE-2026-46027, CVE-2026-46028, CVE-2026-46029, CVE-2026-46030, CVE-2026-46031, CVE-2026-46032, CVE-2026-46033, CVE-2026-46034, CVE-2026-46035, CVE-2026-46036, CVE-2026-46037, CVE-2026-46038, CVE-2026-46039, CVE-2026-46040, CVE-2026-46041, CVE-2026-46042, CVE-2026-46043, CVE-2026-46044, CVE-2026-46045, CVE-2026-46046, CVE-2026-46047, CVE-2026-46049, CVE-2026-46050, CVE-2026-46051, CVE-2026-46052, CVE-2026-46053, CVE-2026-46054, CVE-2026-46056, CVE-2026-46057, CVE-2026-46058, CVE-2026-46059, CVE-2026-46060, CVE-2026-46061, CVE-2026-46062, CVE-2026-46063, CVE-2026-46064, CVE-2026-46065, CVE-2026-46066, CVE-2026-46067, CVE-2026-46068, CVE-2026-46069, CVE-2026-46070, CVE-2026-46071, CVE-2026-46072, CVE-2026-46073,CVE-2026-46074, CVE-2026-46075, CVE-2026-46076, CVE-2026-46077, CVE-2026-46078, CVE-2026-46079, CVE-2026-46080, CVE-2026-46081, CVE-2026-46082, CVE-2026-46083, CVE-2026-46084, CVE-2026-46085, CVE-2026-46086, CVE-2026-46087, CVE-2026-46088, CVE-2026-46089, CVE-2026-46090, CVE-2026-46091, CVE-2026-46092, CVE-2026-46093, CVE-2026-46094, CVE-2026-46095, CVE-2026-46096, CVE-2026-46097, CVE-2026-46098, CVE-2026-46099, CVE-2026-46100, CVE-2026-46101, CVE-2026-46102, CVE-2026-46103, CVE-2026-46115, CVE-2026-46119, CVE-2026-46135, CVE-2026-46137, CVE-2026-46155, CVE-2026-46185, CVE-2026-46195, CVE-2026-46243, CVE-2026-46244, CVE-2026-46276, CVE-2026-46277, CVE-2026-46278, CVE-2026-46279, CVE-2026-46280, CVE-2026-46281, CVE-2026-46282, CVE-2026-46283, CVE-2026-46284, CVE-2026-46285, CVE-2026-46286, CVE-2026-46287, CVE-2026-46288, CVE-2026-46289, CVE-2026-46316, CVE-2026-46332, CVE-2026-52904, CVE-2026-52905, CVE-2026-52906, CVE-2026-52907, CVE-2026-52933) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS linux-image-7.0.0-1014-raspi 7.0.0-1014.14 linux-image-7.0.0-1014-raspi-realtime 7.0.0-1014.14 linux-image-raspi 7.0.0-1014.14 linux-image-raspi-7.0 7.0.0-1014.14 linux-image-raspi-realtime 7.0.0-1014.14 linux-image-raspi-realtime-7.0 7.0.0-1014.14 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8488-2 https://ubuntu.com/security/notices/USN-8488-1 CVE-2025-54505, CVE-2026-31532,CVE-2026-31574, CVE-2026-31575, CVE-2026-31576, CVE-2026-31577, CVE-2026-31578, CVE-2026-31579, CVE-2026-31580, CVE-2026-31581, CVE-2026-31582, CVE-2026-31583, CVE-2026-31584, CVE-2026-31585, CVE-2026-31586, CVE-2026-31587, CVE-2026-31588, CVE-2026-31589, CVE-2026-31590, CVE-2026-31591, CVE-2026-31592, CVE-2026-31593, CVE-2026-31594, CVE-2026-31595, CVE-2026-31596, CVE-2026-31597, CVE-2026-31598, CVE-2026-31599, CVE-2026-31600, CVE-2026-31601, CVE-2026-31602, CVE-2026-31603, CVE-2026-31604, CVE-2026-31605, CVE-2026-31606, CVE-2026-31607, CVE-2026-31608, CVE-2026-31609, CVE-2026-31610, CVE-2026-31611, CVE-2026-31612, CVE-2026-31613, CVE-2026-31614, CVE-2026-31615, CVE-2026-31616, CVE-2026-31617, CVE-2026-31618, CVE-2026-31619, CVE-2026-31620, CVE-2026-31621, CVE-2026-31622, CVE-2026-31623, CVE-2026-31624, CVE-2026-31625, CVE-2026-31626, CVE-2026-31627, CVE-2026-31628, CVE-2026-31629, CVE-2026-31686, CVE-2026-31694, CVE-2026-31696, CVE-2026-31697, CVE-2026-31698, CVE-2026-31699, CVE-2026-31700, CVE-2026-31701, CVE-2026-31702, CVE-2026-31703, CVE-2026-31704, CVE-2026-31705, CVE-2026-31706, CVE-2026-31707, CVE-2026-31708, CVE-2026-31709, CVE-2026-31710, CVE-2026-31711, CVE-2026-31712, CVE-2026-31713, CVE-2026-31714, CVE-2026-31715, CVE-2026-31716, CVE-2026-31717, CVE-2026-31718, CVE-2026-31719, CVE-2026-43058, CVE-2026-43071, CVE-2026-43072, CVE-2026-43073, CVE-2026-43348, CVE-2026-43349, CVE-2026-43350, CVE-2026-43491, CVE-2026-43493, CVE-2026-43499, CVE-2026-43501, CVE-2026-45986, CVE-2026-45987, CVE-2026-45988, CVE-2026-45989, CVE-2026-45990, CVE-2026-45991, CVE-2026-45994, CVE-2026-45995, CVE-2026-45996, CVE-2026-45997, CVE-2026-45999, CVE-2026-46001, CVE-2026-46002, CVE-2026-46003, CVE-2026-46004, CVE-2026-46005, CVE-2026-46006, CVE-2026-46007, CVE-2026-46008, CVE-2026-46009, CVE-2026-46010, CVE-2026-46011, CVE-2026-46012, CVE-2026-46013, CVE-2026-46014, CVE-2026-46015, CVE-2026-46016, CVE-2026-46018, CVE-2026-46019, CVE-2026-46020, CVE-2026-46021,CVE-2026-46022, CVE-2026-46023, CVE-2026-46024, CVE-2026-46025, CVE-2026-46026, CVE-2026-46027, CVE-2026-46028, CVE-2026-46029, CVE-2026-46030, CVE-2026-46031, CVE-2026-46032, CVE-2026-46033, CVE-2026-46034, CVE-2026-46035, CVE-2026-46036, CVE-2026-46037, CVE-2026-46038, CVE-2026-46039, CVE-2026-46040, CVE-2026-46041, CVE-2026-46042, CVE-2026-46043, CVE-2026-46044, CVE-2026-46045, CVE-2026-46046, CVE-2026-46047, CVE-2026-46049, CVE-2026-46050, CVE-2026-46051, CVE-2026-46052, CVE-2026-46053, CVE-2026-46054, CVE-2026-46056, CVE-2026-46057, CVE-2026-46058, CVE-2026-46059, CVE-2026-46060, CVE-2026-46061, CVE-2026-46062, CVE-2026-46063, CVE-2026-46064, CVE-2026-46065, CVE-2026-46066, CVE-2026-46067, CVE-2026-46068, CVE-2026-46069, CVE-2026-46070, CVE-2026-46071, CVE-2026-46072, CVE-2026-46073, CVE-2026-46074, CVE-2026-46075, CVE-2026-46076, CVE-2026-46077, CVE-2026-46078, CVE-2026-46079, CVE-2026-46080, CVE-2026-46081, CVE-2026-46082, CVE-2026-46083, CVE-2026-46084, CVE-2026-46085, CVE-2026-46086, CVE-2026-46087, CVE-2026-46088, CVE-2026-46089, CVE-2026-46090, CVE-2026-46091, CVE-2026-46092, CVE-2026-46093, CVE-2026-46094, CVE-2026-46095, CVE-2026-46096, CVE-2026-46097, CVE-2026-46098, CVE-2026-46099, CVE-2026-46100, CVE-2026-46101, CVE-2026-46102, CVE-2026-46103, CVE-2026-46115, CVE-2026-46119, CVE-2026-46135, CVE-2026-46137, CVE-2026-46155, CVE-2026-46185, CVE-2026-46195, CVE-2026-46243, CVE-2026-46244, CVE-2026-46276, CVE-2026-46277, CVE-2026-46278, CVE-2026-46279, CVE-2026-46280, CVE-2026-46281, CVE-2026-46282, CVE-2026-46283, CVE-2026-46284, CVE-2026-46285, CVE-2026-46286, CVE-2026-46287, CVE-2026-46288, CVE-2026-46289, CVE-2026-46316, CVE-2026-46332, CVE-2026-52904, CVE-2026-52905, CVE-2026-52906, CVE-2026-52907, CVE-2026-52933 Package Information: https://launchpad.net/ubuntu/+source/linux-raspi/7.0.0-1014.14 . Critical security advisory for Ubuntu fixing multiple kernel security issues. Update suggested for Raspberry Pi.. Linux Kernel, Raspberry Pi,Security Advisory, Ubuntu Update. . Severity: Critical. LinuxSecurity.com Team
An update that solves 2 vulnerabilities can now be installed.. # ocaml-4.14.4-1.1 on GA media Announcement ID: openSUSE-SU-2026:11136-1 Rating: moderate Cross-References: * CVE-2026-28364 * CVE-2026-34353 CVSS scores: * CVE-2026-28364 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-28364 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34353 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2026-34353 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the ocaml-4.14.4-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * ocaml 4.14.4-1.1 * ocaml-compiler-libs 4.14.4-1.1 * ocaml-compiler-libs-devel 4.14.4-1.1 * ocaml-ocamldoc 4.14.4-1.1 * ocaml-runtime 4.14.4-1.1 * ocaml-source 4.14.4-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28364.html * https://www.suse.com/security/cve/CVE-2026-34353.html . Crucial update for openSUSE addressing moderate security flaws in OCaml package. Essential for system integrity.. openSUSE Tumbleweed OCaml security patch. . Severity: moderate. LinuxSecurity.com Team
Fixes CVE-2026-50256 CVE-2026-50257 CVE-2026-50258 CVE-2026-50259 CVE-2026-50260 CVE-2026-50261 CVE-2026-50262 CVE-2026-50263 CVE-2026-50264.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ad10afa9cd 2026-06-27 00:54:50.049697+00:00 -------------------------------------------------------------------------------- Name : tigervnc Product : Fedora 43 Version : 1.16.2 Release : 4.fc43 URL : https://www.tigervnc.com Summary : A TigerVNC remote display system Description : Virtual Network Computing (VNC) is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you to connect to other desktops running a VNC server. -------------------------------------------------------------------------------- Update Information: Fixes CVE-2026-50256 CVE-2026-50257 CVE-2026-50258 CVE-2026-50259 CVE-2026-50260 CVE-2026-50261 CVE-2026-50262 CVE-2026-50263 CVE-2026-50264. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 18 2026 Jan Grulich - 1.16.2-4 - Rebuild (xorg-x11-server) Fixes CVE-2026-50256 CVE-2026-50257 CVE-2026-50258 CVE-2026-50259 CVE-2026-50260 CVE-2026-50261 CVE-2026-50262 CVE-2026-50263 CVE-2026-50264 * Fri Jun 12 2026 Yaakov Selkowitz - 1.16.2-3 - Rebuilt for openssl 4.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2476414 - CVE-2026-34002 tigervnc: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476414 [ 2 ] Bug #2476956 - CVE-2026-33999 tigervnc: X.Org X server: Denial of Service via integer underflow inXKB compatibility map handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476956 [ 3 ] Bug #2476958 - CVE-2026-34001 tigervnc: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476958 [ 4 ] Bug #2476965 - CVE-2026-34003 tigervnc: X.Org X server: Information exposure and denial of service via out-of-bounds memory access [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476965 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ad10afa9cd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.