Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 63 articles for you...
89

Fedora 44 Chromium Critical Heap Overflow Use After Free CVE-2026-12007

Update to 149.0.7827.114 CVE-2026-12007: Use after free Core CVE-2026-12008: Use after free DigitalCredentials CVE-2026-12009: Insufficient validation of untrusted input Accessibility CVE-2026-12010: Heap buffer overflow GPU. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-59f46c195f 2026-06-17 08:41:51.002543+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 44 Version : 149.0.7827.114 Release : 1.fc44 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 149.0.7827.114 CVE-2026-12007: Use after free Core CVE-2026-12008: Use after free DigitalCredentials CVE-2026-12009: Insufficient validation of untrusted input Accessibility CVE-2026-12010: Heap buffer overflow GPU CVE-2026-12011: Use after free WebMIDI CVE-2026-12012: Use after free Network CVE-2026-12013: Use after free Media CVE-2026-12014: Use after free Cast CVE-2026-12015: Use after free Autofill CVE-2026-12016: Insufficient validation of untrusted input DevTools CVE-2026-12017: Insufficient validation of untrusted input Extensions CVE-2026-12018: Inappropriate implementation Mojo CVE-2026-12019: Out of bounds write Codecs CVE-2026-12020: Use after free Autofill CVE-2026-12022: Race Safe Browsing CVE-2026-12023: Use after free GPU CVE-2026-12024: Insufficient policy enforcement DevTools CVE-2026-12025: Insufficient validation of untrusted input Network CVE-2026-12026: Out of bounds read Video CVE-2026-12027: Insufficient policy enforcement Headless CVE-2026-12028: Use after free GPU CVE-2026-12029: Use after free Video CVE-2026-12030: Heap buffer overflow GPU CVE-2026-12031: Inappropriate implementation Views CVE-2026-12032: Inappropriate implementation Passwords CVE-2026-12033: Out of bounds read VideoCapture CVE-2026-12034: Insufficient validation of untrusted input Linux Toolkit Theming CVE-2026-12035: Use after free Views Disable AI Mode settings -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 12 2026 Than Ngo - 149.0.7827.114-1 - Update to 149.0.7827.114 * CVE-2026-12007: Use after free Core * CVE-2026-12008: Use after free DigitalCredentials * CVE-2026-12009: Insufficient validation of untrusted input Accessibility * CVE-2026-12010: Heap buffer overflow GPU * CVE-2026-12011: Use after free WebMIDI * CVE-2026-12012: Use after free Network * CVE-2026-12013: Use after free Media * CVE-2026-12014: Use after free Cast * CVE-2026-12015: Use after free Autofill * CVE-2026-12016: Insufficient validation of untrusted input DevTools * CVE-2026-12017: Insufficient validation of untrusted input Extensions * CVE-2026-12018: Inappropriate implementation Mojo * CVE-2026-12019: Out of bounds write Codecs * CVE-2026-12020: Use after free Autofill * CVE-2026-12022: Race Safe Browsing * CVE-2026-12023: Use after free GPU * CVE-2026-12024: Insufficient policy enforcement DevTools * CVE-2026-12025: Insufficient validation of untrusted input Network * CVE-2026-12026: Out of bounds read Video * CVE-2026-12027: Insufficient policy enforcement Headless * CVE-2026-12028: Use after free GPU * CVE-2026-12029: Use after free Video * CVE-2026-12030: Heap buffer overflow GPU * CVE-2026-12031: Inappropriate implementation Views * CVE-2026-12032: Inappropriate implementation Passwords * CVE-2026-12033: Out of bounds read VideoCapture * CVE-2026-12034: Insufficient validation of untrusted input Linux Toolkit Theming * CVE-2026-12035: Use after free Views - Disable AI Modesettings -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-59f46c195f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Stay informed about important Chromium updates for Fedora 44 to enhance your system's security against multiple critical vulnerabilities.. Chromium Update, Fedora 44 Security, Use After Free, Heap Overflow, Insufficient Validation. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 17, 2026 Important Fedora
203

Mageia 9 lxc CVE-2026-39402 Important Insufficient Validation 2026-0172

Security update. Publication date: 04 Jun 2026 URL: https://advisories.mageia.org/MGASA-2026-0172.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-39402 Description: CVE-2026-39402, lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion References: - https://bugs.mageia.org/show_bug.cgi?id=35487 - https://lists.opensuse.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/LRWSIWUURCABTGG26SGDYX7OCPQ7FIS7/ - https://github.com/lxc/lxc/security/advisories/GHSA-3m9j-g9gc-vcvq - https://www.cve.org/CVERecord?id=CVE-2026-39402 SRPMS: - 9/core/lxc-5.0.3-1.1.mga9 . Security update for Mageia 9 addresses insufficient ownership validation in lxc, leading to cross-tenant OVS port deletion.. Mageia Update, security advisory, lxc issues, CVE-2026-39402, ownership validation. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 04, 2026 Important Mageia
100

SUSE docker-stable Important API Issues CVE-2026-33747 CVE-2026-33748

An update that solves two vulnerabilities can now be installed.. # Security update for docker-stable Announcement ID: SUSE-SU-2026:21851-1 Release Date: 2026-05-26T12:21:52Z Rating: important References: * bsc#1260967 * bsc#1261078 Cross-References: * CVE-2026-33747 * CVE-2026-33748 CVSS scores: * CVE-2026-33747 ( SUSE ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33747 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33747 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33747 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33748 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-33748 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-33748 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33748 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for docker-stable fixes the following issues * CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages that cause files to be written outside of the BuildKit state directory (bsc#1260967). * CVE-2026-33748: github.com/moby/buildkit: insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository (bsc#1261078). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -tpatch SUSE-SLES-16.0-804=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-804=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * docker-stable-buildx-debuginfo-0.25.0-160000.5.1 * docker-stable-buildx-0.25.0-160000.5.1 * docker-stable-24.0.9_ce-160000.5.1 * docker-stable-debuginfo-24.0.9_ce-160000.5.1 * SUSE Linux Enterprise Server 16.0 (noarch) * docker-stable-bash-completion-24.0.9_ce-160000.5.1 * docker-stable-rootless-extras-24.0.9_ce-160000.5.1 * docker-stable-zsh-completion-24.0.9_ce-160000.5.1 * docker-stable-fish-completion-24.0.9_ce-160000.5.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * docker-stable-buildx-debuginfo-0.25.0-160000.5.1 * docker-stable-buildx-0.25.0-160000.5.1 * docker-stable-24.0.9_ce-160000.5.1 * docker-stable-debuginfo-24.0.9_ce-160000.5.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * docker-stable-bash-completion-24.0.9_ce-160000.5.1 * docker-stable-rootless-extras-24.0.9_ce-160000.5.1 * docker-stable-zsh-completion-24.0.9_ce-160000.5.1 * docker-stable-fish-completion-24.0.9_ce-160000.5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33747.html * https://www.suse.com/security/cve/CVE-2026-33748.html * https://bugzilla.suse.com/show_bug.cgi?id=1260967 * https://bugzilla.suse.com/show_bug.cgi?id=1261078 . An important security update for SUSE docker-stable addresses two critical issues to protect your systems.. SUSE docker update important vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 01, 2026 Important SuSE
100

SUSE Docker Stable Important API Issues Vuln 2026-2120-1

An update that solves two vulnerabilities can now be installed.. # Security update for docker-stable Announcement ID: SUSE-SU-2026:2120-1 Release Date: 2026-05-29T15:36:15Z Rating: important References: * bsc#1260967 * bsc#1261078 Cross-References: * CVE-2026-33747 * CVE-2026-33748 CVSS scores: * CVE-2026-33747 ( SUSE ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33747 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33747 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33747 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33748 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-33748 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-33748 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33748 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Containers Module 15-SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE LinuxEnterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for docker-stable fixes the following issues * CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages that cause files to be written outside of the BuildKit state directory (bsc#1260967). * CVE-2026-33748: github.com/moby/buildkit: insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository (bsc#1261078). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2120=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2120=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2120=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2120=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-2120=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2120=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2120=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2120=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2120=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2120=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2120=1 ## Package List: * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * docker-stable-zsh-completion-24.0.9_ce-150000.1.42.1 * docker-stable-bash-completion-24.0.9_ce-150000.1.42.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * docker-stable-debuginfo-24.0.9_ce-150000.1.42.1 * docker-stable-24.0.9_ce-150000.1.42.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * docker-stable-debuginfo-24.0.9_ce-150000.1.42.1 * docker-stable-24.0.9_ce-150000.1.42.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * docker-stable-bash-completion-24.0.9_ce-150000.1.42.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * docker-stable-debuginfo-24.0.9_ce-150000.1.42.1 * docker-stable-24.0.9_ce-150000.1.42.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * docker-stable-bash-completion-24.0.9_ce-150000.1.42.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * docker-stable-debuginfo-24.0.9_ce-150000.1.42.1 * docker-stable-24.0.9_ce-150000.1.42.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * docker-stable-zsh-completion-24.0.9_ce-150000.1.42.1 * docker-stable-bash-completion-24.0.9_ce-150000.1.42.1 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * docker-stable-debuginfo-24.0.9_ce-150000.1.42.1 * docker-stable-24.0.9_ce-150000.1.42.1 * Containers Module 15-SP7 (noarch) * docker-stable-zsh-completion-24.0.9_ce-150000.1.42.1 * docker-stable-bash-completion-24.0.9_ce-150000.1.42.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * docker-stable-debuginfo-24.0.9_ce-150000.1.42.1 * docker-stable-24.0.9_ce-150000.1.42.1 * SUSE LinuxEnterprise High Performance Computing ESPOS 15 SP4 (noarch) * docker-stable-bash-completion-24.0.9_ce-150000.1.42.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * docker-stable-debuginfo-24.0.9_ce-150000.1.42.1 * docker-stable-24.0.9_ce-150000.1.42.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * docker-stable-bash-completion-24.0.9_ce-150000.1.42.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * docker-stable-debuginfo-24.0.9_ce-150000.1.42.1 * docker-stable-24.0.9_ce-150000.1.42.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * docker-stable-bash-completion-24.0.9_ce-150000.1.42.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * docker-stable-debuginfo-24.0.9_ce-150000.1.42.1 * docker-stable-24.0.9_ce-150000.1.42.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * docker-stable-bash-completion-24.0.9_ce-150000.1.42.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * docker-stable-debuginfo-24.0.9_ce-150000.1.42.1 * docker-stable-24.0.9_ce-150000.1.42.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * docker-stable-bash-completion-24.0.9_ce-150000.1.42.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * docker-stable-debuginfo-24.0.9_ce-150000.1.42.1 * docker-stable-24.0.9_ce-150000.1.42.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * docker-stable-bash-completion-24.0.9_ce-150000.1.42.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33747.html * https://www.suse.com/security/cve/CVE-2026-33748.html * https://bugzilla.suse.com/show_bug.cgi?id=1260967 * https://bugzilla.suse.com/show_bug.cgi?id=1261078 . Install the important SUSE update for docker-stable addressing two critical security issues to safeguard your environments.. SUSE docker-stablesecurity update, important update for docker-stable, docker security issues. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 29, 2026 Important SuSE
89

Fedora 42: Chromium Update FEDORA-2026-3736e2ff1a CVEs 2026-0899 2026-0900

Update to 144.0.7559.59 * CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3736e2ff1a 2026-01-18 01:43:54.890050+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 42 Version : 144.0.7559.59 Release : 1.fc42 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 144.0.7559.59 * CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 14 2026 Than Ngo - 144.0.7559.59-1 - Update to 144.0.7559.59 * CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials *CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3736e2ff1a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Update for Fedora 42 addressing memory access and validation issues in Chromium. Install via dnf for security.. Fedora 42, chromium update, memory access, security fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jan 18, 2026 Critical Fedora
99

Slackware 15.0: libsodium Important Insufficient Validation SSA:2026-006-01

New libsodium packages are available for Slackware 15.0 and -current to fix a security issue.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libsodium (SSA:2026-006-01) New libsodium packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/libsodium-1.0.18-i586-4_slack15.0.txz: Rebuilt. This update fixes a security issue: Insufficient validation in crypto_core_ed25519_is_valid_point(). For more information, see: https://www.cve.org/CVERecord?id=CVE-2025-69277 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libsodium-1.0.18-i586-4_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libsodium-1.0.18-x86_64-4_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libsodium-1.0.21-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libsodium-1.0.21-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 4e56ca202cc07c3f000545c9a3a34ada libsodium-1.0.18-i586-4_slack15.0.txz Slackware x86_64 15.0 package: d8dd6b355d9639006f429ff89e5035cd libsodium-1.0.18-x86_64-4_slack15.0.txz Slackware -current package: c262de38eb076fc6e77bf88da7bb51d4 l/libsodium-1.0.21-i686-1.txz Slackware x86_64 -current package: a736a796d68f408a6efe48b667a1b129 l/libsodium-1.0.21-x86_64-1.txz Installationinstructions: +------------------------+ Upgrade the package as root: # upgradepkg libsodium-1.0.18-i586-4_slack15.0.txz +-----+ . New libsodium packages for Slackware resolve important security issues. Immediate updating for improved security is advised.. libsodium security update, Slackware 15.0 libsodium, security issue libsodium. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jan 06, 2026 Important Slackware
89

Fedora 41: chromium CVE-2025-7656, 7657, 6558 Critical Alerts

Update to 138.0.7204.157 * CVE-2025-7656: Integer overflow in V8 * CVE-2025-7657: Use after free in WebRTC * CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-3c3f7d86db 2025-07-19 21:46:55.252417+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 41 Version : 138.0.7204.157 Release : 1.fc41 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 138.0.7204.157 * CVE-2025-7656: Integer overflow in V8 * CVE-2025-7657: Use after free in WebRTC * CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 16 2025 Than Ngo - 138.0.7204.157-1 - Update to 138.0.7204.157 * CVE-2025-7656: Integer overflow in V8 * CVE-2025-7657: Use after free in WebRTC * CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU * Fri Jul 11 2025 Tom Stellard -138.0.7204.100-2 - Update rust-clanglib patch for clang 21 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2376010 - CVE-2025-34092 chromium: Chrome Cookie Key Exposure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2376010 [ 2 ] Bug #2380352 - CVE-2025-7657 chromium: Chromium use after free [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380352 [ 3 ] Bug #2380353 - CVE-2025-7656 chromium: Chromium integer overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380353 [ 4 ] Bug #2380354 -CVE-2025-6558 chromium: Chromium insufficient validation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380354 [ 5 ] Bug #2380355 - CVE-2025-7656 chromium: Chromium integer overflow [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380355 [ 6 ] Bug #2380356 - CVE-2025-7657 chromium: Chromium use after free [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380356 [ 7 ] Bug #2380357 - CVE-2025-6558 chromium: Chromium insufficient validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380357 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-3c3f7d86db' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . CVE-2025-7634, 7635, and 6547 in Fedora’s Firefox browser, focusing on significant security enhancements and vulnerabilities.. Chromium Update, Fedora Security, Integer Overflow, Use After Free, Insufficient Validation. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 19, 2025 Critical Fedora
203

Mageia 9: 2025-0159 moderate: chromium-browser-stable heap overflow

Heap buffer overflow in HTML. (CVE-2025-4096) Out of bounds memory access in DevTools. (CVE-2025-4050) Insufficient data validation in DevTools. (CVE-2025-4051) Inappropriate implementation in DevTools. (CVE-2025-4052) Use after free in WebAudio. (CVE-2025-4372) . MGASA-2025-0159 - Updated chromium-browser-stable packages fix security vulnerabilities Publication date: 23 May 2025 URL: https://advisories.mageia.org/MGASA-2025-0159.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-4096, CVE-2025-4050, CVE-2025-4051, CVE-2025-4052, CVE-2025-4372, CVE-2025-4664, CVE-2025-4609 Heap buffer overflow in HTML. (CVE-2025-4096) Out of bounds memory access in DevTools. (CVE-2025-4050) Insufficient data validation in DevTools. (CVE-2025-4051) Inappropriate implementation in DevTools. (CVE-2025-4052) Use after free in WebAudio. (CVE-2025-4372) Insufficient policy enforcement in Loader. (CVE-2025-4664) Incorrect handle provided in unspecified circumstances in Mojo. (CVE-2025-4609) References: - https://bugs.mageia.org/show_bug.cgi?id=34235 - https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html - https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop.html - https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html - https://www.cve.org/CVERecord?id=CVE-2025-4096 - https://www.cve.org/CVERecord?id=CVE-2025-4050 - https://www.cve.org/CVERecord?id=CVE-2025-4051 - https://www.cve.org/CVERecord?id=CVE-2025-4052 - https://www.cve.org/CVERecord?id=CVE-2025-4372 - https://www.cve.org/CVERecord?id=CVE-2025-4664 - https://www.cve.org/CVERecord?id=CVE-2025-4609 SRPMS: - 9/tainted/chromium-browser-stable-136.0.7103.113-1.mga9.tainted . Latest versions of chromium-browser-stable address critical vulnerabilities such as stack corruption and improper input validation in network protocols.. Browser Security,Patch Management,Mageia Updates. . LinuxSecurity.com Team

Calendar%202 May 23, 2025 Mageia
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200