Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 431 articles for you...
100

SUSE warewulf4 Important Security Update Denial of Service Vuln 2026-2830-1

An update that solves four vulnerabilities and has two security fixes can now be installed.. # Security update for warewulf4 Announcement ID: SUSE-SU-2026:2830-1 Release Date: 2026-07-09T18:42:10Z Rating: important References: * bsc#1254470 * bsc#1258511 * bsc#1262810 * bsc#1265653 * bsc#1266483 * bsc#1268790 Cross-References: * CVE-2025-69725 * CVE-2026-33814 * CVE-2026-34986 * CVE-2026-39821 CVSS scores: * CVE-2025-69725 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N * CVE-2025-69725 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-69725 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34986 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39821 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-39821 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N Affected Products: * HPC Module 15-SP7 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS *SUSE Linux Enterprise Server 15 SP7 An update that solves four vulnerabilities and has two security fixes can now be installed. ## Description: This update for warewulf4 fixes the following issues: Update to v4.7.0. Security issues fixed: * CVE-2025-69725: incorrect input validation in the `RedirectSlashes` function can lead to an open redirect (bsc#1258511). * CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad `SETTINGS_MAX_FRAME_SIZE` can lead to a denial of service (bsc#1265653). * CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of service (bsc#1262810). * CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (bsc#1266483). Other updates and bugfixes: * Add correct flag `--update-overlays` fix (bsc#1268790). * v4.7.0: * New `wwctl` unset command * Refactored server routes (URLs) * New `/files/` route for serving individual files and templates * Server TLS support * Removed support for fetching individual overlays and individual files from overlays * Fixed whitespace handling around template functions * Security fixes, including updated Go and library versions * v4.6.5: * New wwctl overlay info command * Fixed `wwctl` image import `--update` option * Cross-arch support for `wwclient` * Improved IPv6 support * Improved support for bonded interfaces * Renamed `debian.interfaces` overlay to `ifupdown` * New `systemd-networkd` overlay * `warewulf-dracut` fixes, including `provision-to-disk` fixes * Remove `slurm-overlay` package. * Fix `wwctl` image import `--update` option (bsc#1254470). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise HighPerformance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2830=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2830=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2830=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-2830=1 * HPC Module 15-SP7 zypper in -t patch SUSE-SLE-Module-HPC-15-SP7-2026-2830=1 ## Package List: * openSUSE Leap 15.5 (noarch) * warewulf4-dracut-4.7.0-150500.6.42.1 * warewulf4-reference-doc-4.7.0-150500.6.42.1 * warewulf4-man-4.7.0-150500.6.42.1 * warewulf4-overlay-rke2-4.7.0-150500.6.42.1 * openSUSE Leap 15.5 (aarch64 x86_64) * warewulf4-overlay-4.7.0-150500.6.42.1 * warewulf4-4.7.0-150500.6.42.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * warewulf4-overlay-4.7.0-150500.6.42.1 * warewulf4-4.7.0-150500.6.42.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * warewulf4-dracut-4.7.0-150500.6.42.1 * warewulf4-man-4.7.0-150500.6.42.1 * warewulf4-reference-doc-4.7.0-150500.6.42.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * warewulf4-overlay-4.7.0-150500.6.42.1 * warewulf4-4.7.0-150500.6.42.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * warewulf4-dracut-4.7.0-150500.6.42.1 * warewulf4-man-4.7.0-150500.6.42.1 * warewulf4-reference-doc-4.7.0-150500.6.42.1 * HPC Module 15-SP7 (aarch64 x86_64) * warewulf4-overlay-4.7.0-150500.6.42.1 * warewulf4-4.7.0-150500.6.42.1 * HPC Module 15-SP7 (noarch) * warewulf4-dracut-4.7.0-150500.6.42.1 * warewulf4-reference-doc-4.7.0-150500.6.42.1 * warewulf4-man-4.7.0-150500.6.42.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 x86_64) * warewulf4-overlay-4.7.0-150500.6.42.1 * warewulf4-4.7.0-150500.6.42.1 * SUSELinux Enterprise Server 15 SP6 LTSS (noarch) * warewulf4-dracut-4.7.0-150500.6.42.1 * warewulf4-reference-doc-4.7.0-150500.6.42.1 * warewulf4-man-4.7.0-150500.6.42.1 ## References: * https://www.suse.com/security/cve/CVE-2025-69725.html * https://www.suse.com/security/cve/CVE-2026-33814.html * https://www.suse.com/security/cve/CVE-2026-34986.html * https://www.suse.com/security/cve/CVE-2026-39821.html * https://bugzilla.suse.com/show_bug.cgi?id=1254470 * https://bugzilla.suse.com/show_bug.cgi?id=1258511 * https://bugzilla.suse.com/show_bug.cgi?id=1262810 * https://bugzilla.suse.com/show_bug.cgi?id=1265653 * https://bugzilla.suse.com/show_bug.cgi?id=1266483 * https://bugzilla.suse.com/show_bug.cgi?id=1268790 . This update for warewulf4 addresses multiple security fixes, enhancing system stability and security.. vulnerability assessment, patch management, software updates. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 10, 2026 Important SuSE
172

Ubuntu 26.04 LTS node-shell-quote Important Denial of Service CVE-2026-9277

shell-quote could be made to crash or run programs as your login if it received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-8410-1 June 09, 2026 node-shell-quote vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 18.04 LTS Summary: shell-quote could be made to crash or run programs as your login if it received specially crafted input. Software Description: - node-shell-quote: Parse and quote shell commands Details: Akshat Sinha discovered that shell-quote improperly validated object-token inputs. An attacker could possibly use this issue to cause shell-quote to crash, resulting in a denial of service, or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS node-shell-quote 1.8.3+~1.7.5-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 25.10 node-shell-quote 1.7.4+~1.7.1-1ubuntu0.25.10.1 Ubuntu 24.04 LTS node-shell-quote 1.7.4+~1.7.1-1ubuntu0.24.04.1 Ubuntu 22.04 LTS node-shell-quote 1.7.3+~1.7.1-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS node-shell-quote 1.6.1+20160617-git72fb5a8ce29b-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8410-1 CVE-2026-9277 Package Information: https://launchpad.net/ubuntu/+source/node-shell-quote/1.7.4+~1.7.1-1ubuntu0.25.10.1 https://launchpad.net/ubuntu/+source/node-shell-quote/1.7.4+~1.7.1-1ubuntu0.24.04.1 . Critical Shell-Quote Flaw in Ubuntu Could Lead to Denial ofService or Code Execution.. Ubuntu Security,node-shell-quote,Denial of Service,Security Update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 09, 2026 Important Ubuntu
202

openSUSE Backports libjxl Important Input Length Issue CVE-2025-70103

An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for libjxl ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0182-1 Rating: important References: #1266460 Cross-References: CVE-2025-70103 CVSS scores: CVE-2025-70103 (SUSE): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libjxl fixes the following issues: - CVE-2025-70103: take EC into account when checking required PNM input length (boo#1266460). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-182=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): gdk-pixbuf-loader-jxl-0.8.5-bp157.2.6.1 gimp-plugin-jxl-0.8.5-bp157.2.6.1 libjxl-devel-0.8.5-bp157.2.6.1 libjxl-tools-0.8.5-bp157.2.6.1 libjxl0_8-0.8.5-bp157.2.6.1 - openSUSE Backports SLE-15-SP7 (aarch64_ilp32): libjxl0_8-64bit-0.8.5-bp157.2.6.1 - openSUSE Backports SLE-15-SP7 (noarch): jxl-thumbnailer-0.8.5-bp157.2.6.1 - openSUSE Backports SLE-15-SP7 (x86_64): libjxl0_8-32bit-0.8.5-bp157.2.6.1 References: https://www.suse.com/security/cve/CVE-2025-70103.html https://bugzilla.suse.com/1266460 . Update available for libjxl addressing CVE-2025-70103 with important severity. Ensure to apply the patch promptly.. libjxl security update, openSUSE patches, important vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 02, 2026 Important OpenSUSE
89

Fedora 43 perl-Net-CIDR-Lite Important Input Validation Flaws Detected

This update addresses some input validation issues: Reject Unicode digits and trailing newlines in parser inputs (CVE-2026-45190) Reject zero-padded CIDR masks (CVE-2026-45191). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-9e783d6aa1 2026-05-19 16:00:44.522643+00:00 -------------------------------------------------------------------------------- Name : perl-Net-CIDR-Lite Product : Fedora 43 Version : 0.24 Release : 1.fc43 URL : https://metacpan.org/release/Net-CIDR-Lite Summary : Perl extension for merging IPv4 or IPv6 CIDR addresses Description : Faster alternative to Net::CIDR when merging a large number of CIDR address ranges. Works for IPv4 and IPv6 addresses. -------------------------------------------------------------------------------- Update Information: This update addresses some input validation issues: Reject Unicode digits and trailing newlines in parser inputs (CVE-2026-45190) Reject zero-padded CIDR masks (CVE-2026-45191) -------------------------------------------------------------------------------- ChangeLog: * Mon May 11 2026 Paul Howarth - 0.24-1 - Update to 0.24 - Reject Unicode digits and trailing newlines in parser inputs (CVE-2026-45190) - Reject zero-padded CIDR masks (CVE-2026-45191) -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9e783d6aa1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Input validation fixes for perl-Net-CIDR-Lite in Fedora 43 addressing Unicode and CIDR mask issues.. perl,Net-CIDR-Lite,Fedora,security updates. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 19, 2026 Important Fedora
89

Fedora 44 perl-Net-CIDR-Lite Important Input Issues Fix 2026-6f3d2d0d82

This update addresses some input validation issues: Reject Unicode digits and trailing newlines in parser inputs (CVE-2026-45190) Reject zero-padded CIDR masks (CVE-2026-45191). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-6f3d2d0d82 2026-05-15 20:57:10.102582+00:00 -------------------------------------------------------------------------------- Name : perl-Net-CIDR-Lite Product : Fedora 44 Version : 0.24 Release : 1.fc44 URL : https://metacpan.org/release/Net-CIDR-Lite Summary : Perl extension for merging IPv4 or IPv6 CIDR addresses Description : Faster alternative to Net::CIDR when merging a large number of CIDR address ranges. Works for IPv4 and IPv6 addresses. -------------------------------------------------------------------------------- Update Information: This update addresses some input validation issues: Reject Unicode digits and trailing newlines in parser inputs (CVE-2026-45190) Reject zero-padded CIDR masks (CVE-2026-45191) -------------------------------------------------------------------------------- ChangeLog: * Mon May 11 2026 Paul Howarth - 0.24-1 - Update to 0.24 - Reject Unicode digits and trailing newlines in parser inputs (CVE-2026-45190) - Reject zero-padded CIDR masks (CVE-2026-45191) -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6f3d2d0d82' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Addressing input validation issues, this Fedora 44 update rejects problematic parser inputs and CIDR masks.. Fedora 44 perl Net-CIDR-Lite input validation issues CIDR masks. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 15, 2026 Important Fedora
203

Mageia 9 PHP Critical Security Advisory MGASA-2026-0127 CVE-2026-6735

MGASA-2026-0127 - Updated php packages fix security vulnerabilities. MGASA-2026-0127 - Updated php packages fix security vulnerabilities Publication date: 13 May 2026 URL: https://advisories.mageia.org/MGASA-2026-0127.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-6735, CVE-2026-7259, CVE-2025-14179, CVE-2026-6722, CVE-2026-7261, CVE-2026-7262, CVE-2026-7568, CVE-2026-7258 Description: FPM: Fixed GHSA-7qg2-v9fj-4mwv (XSS within status endpoint). (CVE-2026-6735) MBString: Fixed GHSA-wm6j-2649-pv75 (Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()). (CVE-2026-7259) OpenSSL: Fix compatibility issues with OpenSSL 4.0. PDO_Firebird: Fixed GHSA-w476-322c-wpvm (SQL injection via NUL bytes in quoted strings). (CVE-2025-14179) SOAP: - Fixed GHSA-85c2-q967-79q5 (Stale SOAP_GLOBAL(ref_map) pointer with Apache Map). (CVE-2026-6722) - Fixed GHSA-m33r-qmcv-p97q (Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION). (CVE-2026-7261) - Fixed GHSA-hmxp-6pc4-f3vv (Broken Apache map value NULL check). (CVE-2026-7262) Standard: - Fixed GHSA-96wq-48vp-hh57 (Signed integer overflow of char array offset). (CVE-2026-7568) - Fixed GHSA-m8rr-4c36-8gq4 (Consistently pass unsigned char to ctype.h functions). (CVE-2026-7258) References: - https://bugs.mageia.org/show_bug.cgi?id=35481 - https://www.php.net/ChangeLog-8.php#8.2.31 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6735 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7259 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14179 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6722 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7261 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7262 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7568 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7258 SRPMS: - 9/core/php-8.2.31-1.mga9 . Updated php packages in Mageia 9 address critical vulnerabilities includingXSS and SQL injection. Get the latest fixes now.. Mageia PHP security patch, Mageia 9 vulnerabilities, PHP update security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 13, 2026 Critical Mageia
100

SUSE python311 Important Security Update 2026-21254-1 for Input Issues

An update that solves five vulnerabilities can now be installed.. # Security update for python311 Announcement ID: SUSE-SU-2026:21254-1 Release Date: 2026-04-16T13:24:01Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for python311 fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). * CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). * CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). * CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-490=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * python311-3.11.15-slfo.1.1_3.1 * python311-curses-3.11.15-slfo.1.1_3.1 * python311-debugsource-3.11.15-slfo.1.1_3.1 * python311-debuginfo-3.11.15-slfo.1.1_3.1 * python311-core-debugsource-3.11.15-slfo.1.1_3.1 * python311-base-debuginfo-3.11.15-slfo.1.1_3.1 * python311-curses-debuginfo-3.11.15-slfo.1.1_3.1 *libpython3_11-1_0-3.11.15-slfo.1.1_3.1 * libpython3_11-1_0-debuginfo-3.11.15-slfo.1.1_3.1 * python311-base-3.11.15-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 . SUSE updates python311 to address five security issues including input validation and path traversal risks for users.. SUSE Python Security Important Update Path Traversal. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 23, 2026 Important SuSE
202

openSUSE Leap 16.0 Python313 Important Security Update ID 20517-1

An update that solves 7 vulnerabilities and has 7 bug fixes can now be installed.. openSUSE security update: security update for python313 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20517-1 Rating: important References: * bsc#1257181 * bsc#1259240 * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-1299 * CVE-2026-2297 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( SUSE ): 2 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-1299 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-2297 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( SUSE ): 2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 7 vulnerabilities and has 7 bug fixes can now be installed. Description: This update for python313 fixes the following issues: Update to version3.13.13. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-2297: incorrectly handled hook in FileLoader can lead to validation bypass (bsc#1259240). - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-539=1 Package List: - openSUSE Leap 16.0: libpython3_13-1_0-3.13.13-160000.1.1 libpython3_13-1_0-x86-64-v3-3.13.13-160000.1.1 libpython3_13t1_0-3.13.13-160000.1.1 python313-3.13.13-160000.1.1 python313-base-3.13.13-160000.1.1 python313-base-x86-64-v3-3.13.13-160000.1.1 python313-curses-3.13.13-160000.1.1 python313-dbm-3.13.13-160000.1.1 python313-devel-3.13.13-160000.1.1 python313-doc-3.13.13-160000.1.1 python313-doc-devhelp-3.13.13-160000.1.1 python313-idle-3.13.13-160000.1.1 python313-nogil-3.13.13-160000.1.1 python313-nogil-base-3.13.13-160000.1.1 python313-nogil-curses-3.13.13-160000.1.1 python313-nogil-dbm-3.13.13-160000.1.1 python313-nogil-devel-3.13.13-160000.1.1 python313-nogil-idle-3.13.13-160000.1.1 python313-nogil-testsuite-3.13.13-160000.1.1 python313-nogil-tk-3.13.13-160000.1.1 python313-nogil-tools-3.13.13-160000.1.1 python313-testsuite-3.13.13-160000.1.1 python313-tk-3.13.13-160000.1.1 python313-tools-3.13.13-160000.1.1 python313-x86-64-v3-3.13.13-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-1299.html * https://www.suse.com/security/cve/CVE-2026-2297.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html . Critical security update for python313 in openSUSE addressing important vulnerabilities. Immediate installation recommended.. openSUSE Python Update Security, CVE Updates, Linux Security Patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 21, 2026 Important OpenSUSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200