Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 1,945 articles for you...
203

Mageia 10 Poppler Critical Integer Overflow Heap Overflow Fix 2026-0256

Security update. Publication date: 16 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0256.html Type: security Affected Mageia releases: 10, 9 CVE: CVE-2026-10118 Description: The updated packages fix a security vulnerability: Integer overflow in poppler splashoutputdev::tilingpatternfill leads to heap buffer overflow via unchecked dimension multiplication. (CVE-2026-10118) References: - https://bugs.mageia.org/show_bug.cgi?id=35658 - https://ubuntu.com/security/notices/USN-8400-1 - https://gitlab.freedesktop.org/poppler/poppler/-/work_items/1715 - https://lists.debian.org/debian-security-announce/2026/msg00244.html - https://www.cve.org/CVERecord?id=CVE-2026-10118 SRPMS: - 10/core/poppler-25.12.0-1.1.mga10 - 9/core/poppler-23.02.0-1.9.mga9 . Updated Mageia poppler packages address critical integer overflow leading to heap overflow issues. Immediate action recommended.. Mageia security patch, poppler update, heap overflow fix, integer overflow vulnerability. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 15, 2026 Critical Mageia
219

Rocky Linux 8 Pacemaker Important Denial of Service Update RLSA-2026-39322

Important: pacemaker security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:39322", "synopsis": "Important: pacemaker security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for pacemaker.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. \n\nSecurity Fix(es):\n\n* pacemaker: Pacemaker: Denial of Service via integer overflow in remote message decompression (CVE-2026-10649)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2462817", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2462817", "description": ""}], "cves": [{"name": "CVE-2026-10649", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10649", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "cvss3BaseScore": "8.6", "cwe": "CWE-190"}], "references": [], "publishedAt": "2026-07-15T12:01:08.928069Z", "rpms": {"Rocky Linux 8": {"nvras": ["pacemaker-0:2.1.7-5.6.el8_10.aarch64.rpm", "pacemaker-0:2.1.7-5.6.el8_10.src.rpm", "pacemaker-0:2.1.7-5.6.el8_10.x86_64.rpm", "pacemaker-cli-0:2.1.7-5.6.el8_10.aarch64.rpm", "pacemaker-cli-0:2.1.7-5.6.el8_10.x86_64.rpm", "pacemaker-cli-debuginfo-0:2.1.7-5.6.el8_10.aarch64.rpm", "pacemaker-cli-debuginfo-0:2.1.7-5.6.el8_10.x86_64.rpm", "pacemaker-cluster-libs-0:2.1.7-5.6.el8_10.aarch64.rpm", "pacemaker-cluster-libs-0:2.1.7-5.6.el8_10.i686.rpm", "pacemaker-cluster-libs-0:2.1.7-5.6.el8_10.x86_64.rpm","pacemaker-cluster-libs-debuginfo-0:2.1.7-5.6.el8_10.aarch64.rpm", "pacemaker-cluster-libs-debuginfo-0:2.1.7-5.6.el8_10.i686.rpm", "pacemaker-cluster-libs-debuginfo-0:2.1.7-5.6.el8_10.x86_64.rpm", "pacemaker-cts-0:2.1.7-5.6.el8_10.noarch.rpm", "pacemaker-debuginfo-0:2.1.7-5.6.el8_10.aarch64.rpm", "pacemaker-debuginfo-0:2.1.7-5.6.el8_10.i686.rpm", "pacemaker-debuginfo-0:2.1.7-5.6.el8_10.x86_64.rpm", "pacemaker-debugsource-0:2.1.7-5.6.el8_10.aarch64.rpm", "pacemaker-debugsource-0:2.1.7-5.6.el8_10.i686.rpm", "pacemaker-debugsource-0:2.1.7-5.6.el8_10.x86_64.rpm", "pacemaker-doc-0:2.1.7-5.6.el8_10.noarch.rpm", "pacemaker-libs-0:2.1.7-5.6.el8_10.aarch64.rpm", "pacemaker-libs-0:2.1.7-5.6.el8_10.i686.rpm", "pacemaker-libs-0:2.1.7-5.6.el8_10.x86_64.rpm", "pacemaker-libs-debuginfo-0:2.1.7-5.6.el8_10.aarch64.rpm", "pacemaker-libs-debuginfo-0:2.1.7-5.6.el8_10.i686.rpm", "pacemaker-libs-debuginfo-0:2.1.7-5.6.el8_10.x86_64.rpm", "pacemaker-libs-devel-0:2.1.7-5.6.el8_10.aarch64.rpm", "pacemaker-libs-devel-0:2.1.7-5.6.el8_10.i686.rpm", "pacemaker-libs-devel-0:2.1.7-5.6.el8_10.x86_64.rpm", "pacemaker-nagios-plugins-metadata-0:2.1.7-5.6.el8_10.noarch.rpm", "pacemaker-remote-0:2.1.7-5.6.el8_10.aarch64.rpm", "pacemaker-remote-0:2.1.7-5.6.el8_10.x86_64.rpm", "pacemaker-remote-debuginfo-0:2.1.7-5.6.el8_10.aarch64.rpm", "pacemaker-remote-debuginfo-0:2.1.7-5.6.el8_10.x86_64.rpm", "pacemaker-schemas-0:2.1.7-5.6.el8_10.noarch.rpm", "python3-pacemaker-0:2.1.7-5.6.el8_10.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Find details about the important pacemaker security update for Rocky Linux, addressing a critical integer overflow issue.. pacemaker security update, Rocky Linux advisory, denial of service security, important security patching. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 15, 2026 Important Rocky Linux
172

Ubuntu 26.04 Wget Critical DoS & Code Exec Flaws USN-8543-1

Several security issues were fixed in Wget.. ========================================================================== Ubuntu Security Notice USN-8543-1 July 14, 2026 wget vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Wget. Software Description: - wget: retrieves files from the web Details: It was discovered that Wget mishandled semicolons in the userinfo subcomponent of a URL. A remote attacker could possibly use this issue to trick a user into connecting to a different host than intended. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-38428) It was discovered that Wget incorrectly handled Metalink documents containing a whitespace-only URL. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-58469) It was discovered that Wget incorrectly handled Content-Range header values, leading to an integer overflow. A remote attacker could possibly use this issue to cause download desynchronization. (CVE-2026-58470) It was discovered that Wget incorrectly handled character set conversion of server-supplied filenames. A remote attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-58471) It was discovered that Wget incorrectly handled HTML attributes requiring entity encoding. A remote attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2026-58472) Update instructions: The problem can be corrected by updating your system tothe following package versions: Ubuntu 26.04 LTS wget 1.25.0-2ubuntu4.2 Ubuntu 24.04 LTS wget 1.21.4-1ubuntu4.3 Ubuntu 22.04 LTS wget 1.21.2-2ubuntu1.3 Ubuntu 20.04 LTS wget 1.20.3-1ubuntu2.1+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS wget 1.19.4-1ubuntu2.2+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS wget 1.17.1-1ubuntu1.5+esm3 Available with Ubuntu Pro Ubuntu 14.04 LTS wget 1.15-1ubuntu1.14.04.5+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8543-1 CVE-2024-38428, CVE-2026-58469, CVE-2026-58470, CVE-2026-58471, CVE-2026-58472 Package Information: https://launchpad.net/ubuntu/+source/wget/1.25.0-2ubuntu4.2 https://launchpad.net/ubuntu/+source/wget/1.21.4-1ubuntu4.3 https://launchpad.net/ubuntu/+source/wget/1.21.2-2ubuntu1.3 . Several security issues were fixed in Wget affecting multiple Ubuntu versions, including critical flaws that may allow remote code execution.. Wget Updates, Ubuntu Security, Remote Attacks, Code Execution, Denial of Service. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 14, 2026 Critical Ubuntu
217

Oracle Linux 9 GStreamer1 Plugins Good Integer Overflow Fix ELSA-2026-37129

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-37129 http://linux.oracle.com/errata/ELSA-2026-37129.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: gstreamer1-plugins-good-1.22.12-7.el9_8.1.i686.rpm gstreamer1-plugins-good-1.22.12-7.el9_8.1.x86_64.rpm gstreamer1-plugins-good-gtk-1.22.12-7.el9_8.1.i686.rpm gstreamer1-plugins-good-gtk-1.22.12-7.el9_8.1.x86_64.rpm aarch64: gstreamer1-plugins-good-1.22.12-7.el9_8.1.aarch64.rpm gstreamer1-plugins-good-gtk-1.22.12-7.el9_8.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/gstreamer1-plugins-good-1.22.12-7.el9_8.1.src.rpm Related CVEs: CVE-2026-53705 Description of changes: [1.22.12-7.1] - Rebase rhel-9.8.0 from 1.18.4 to 1.22.12 to resync with rhel-9.7.0/c9s (this branch had regressed to a stale pre-1.22.12 base) Resolves: RHEL-156269, RHEL-156270 - Fix CVE-2026-53705: integer overflow in wavpack decoder, re-applied on top of the correct 1.22.12 base Resolves: RHEL-184477 [1.22.12-5] - Apply patches for CVE-2026-3083, CVE-2026-3085 Resolves: RHEL-156267, RHEL-156266 [1.22.12-4] - Apply patches for CVE-2024-47537, CVE-2024-47539, CVE-2024-47540 CVE-2024-47543, CVE-2024-47544, CVE-2024-47545, CVE-2024-47546, CVE-2024-47596, CVE-2024-47597, CVE-2024-47598, CVE-2024-47599, CVE-2024-47601, CVE-2024-47602, CVE-2024-47603, CVE-2024-47606, CVE-2024-47613, CVE-2024-47774, CVE-2024-47775, CVE-2024-47776, CVE-2024-47777, CVE-2024-47778, CVE-2024-47834 - Resolves: RHEL-70958, RHEL-70971, RHEL-71033, RHEL-71195 - Resolves: RHEL-71210, RHEL-71202, RHEL-71171, RHEL-71200 - Resolves: RHEL-71206, RHEL-71173, RHEL-71198, RHEL-71204 - Resolves: RHEL-71208, RHEL-71031, RHEL-71007, RHEL-71039 - Resolves: RHEL-71169, RHEL-71192, RHEL-71161, RHEL-71167 - Resolves: RHEL-71189 [1.22.12-3] - Rebuild - Resolves: RHEL-38511, RHEL-41157 [1.22.12-2] - Rebuild - Resolves: RHEL-38511,RHEL-41157 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Updated packages for Oracle Linux 9 address several security issues affecting gstreamer1-plugins-good. Learn more here.. Oracle Linux,gstreamer 1 plugins,security patch,plugin update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 Important Oracle
217

Oracle Linux 8 gstreamer1-plugins-bad-free Important Fix ELSA-2026-37130

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-37130 http://linux.oracle.com/errata/ELSA-2026-37130.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: gstreamer1-plugins-bad-free-1.16.1-8.0.1.el8_10.i686.rpm gstreamer1-plugins-bad-free-1.16.1-8.0.1.el8_10.x86_64.rpm gstreamer1-plugins-bad-free-devel-1.16.1-8.0.1.el8_10.i686.rpm gstreamer1-plugins-bad-free-devel-1.16.1-8.0.1.el8_10.x86_64.rpm aarch64: gstreamer1-plugins-bad-free-1.16.1-8.0.1.el8_10.aarch64.rpm gstreamer1-plugins-bad-free-devel-1.16.1-8.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/gstreamer1-plugins-bad-free-1.16.1-8.0.1.el8_10.src.rpm Related CVEs: CVE-2026-52720 CVE-2026-52722 Description of changes: [1.16.1-8.0.1] - Update origin URL [Orabug: 36209826] [1.16.1-8] - Fix for CVE-2026-52720: librfb framebuffer update rectangle validation Resolves: RHEL-184455 [1.16.1-7] - Fix integer overflow in vmncdec (CVE-2026-52722) Resolves: RHEL-184414 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Updated gstreamer1-plugins-bad-free for Oracle Linux 8 addresses Important issues with CVEs-2026-52720 and 2026-52722.. Oracle Linux, gstreamer1, security updates, plugin vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 Important Oracle
217

Oracle Linux 8 ELSA-2026-36774 gstreamer1-plugins-good Important Issue

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-36774 http://linux.oracle.com/errata/ELSA-2026-36774.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: gstreamer1-plugins-good-1.16.1-7.el8_10.i686.rpm gstreamer1-plugins-good-1.16.1-7.el8_10.x86_64.rpm gstreamer1-plugins-good-gtk-1.16.1-7.el8_10.i686.rpm gstreamer1-plugins-good-gtk-1.16.1-7.el8_10.x86_64.rpm aarch64: gstreamer1-plugins-good-1.16.1-7.el8_10.aarch64.rpm gstreamer1-plugins-good-gtk-1.16.1-7.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/gstreamer1-plugins-good-1.16.1-7.el8_10.src.rpm Related CVEs: CVE-2026-53705 Description of changes: [1.16.1-7] - Fix integer overflow vulnerabilities in wavpackdec (CVE-2026-53705) Resolves: RHEL-184473 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux users should install gstreamer1-plugins-good to fix integer overflow issues as noted in ELSA-2026-36774.. Oracle Linux, gstreamer, security updates, plugin vulnerabilities, integer overflow. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 Important Oracle
217

Oracle 389-ds Important Heap Integer Overflow Fix ELSA-2026-36201

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-36201 http://linux.oracle.com/errata/ELSA-2026-36201.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: 389-ds-base-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.x86_64.rpm 389-ds-base-devel-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.x86_64.rpm 389-ds-base-legacy-tools-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.x86_64.rpm 389-ds-base-libs-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.x86_64.rpm 389-ds-base-snmp-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.x86_64.rpm python3-lib389-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.noarch.rpm aarch64: 389-ds-base-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.aarch64.rpm 389-ds-base-devel-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.aarch64.rpm 389-ds-base-legacy-tools-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.aarch64.rpm 389-ds-base-libs-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.aarch64.rpm 389-ds-base-snmp-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.aarch64.rpm python3-lib389-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/389-ds-base-1.4.3.39-25.module+el8.10.0+90949+c5bfd23c.src.rpm Related CVEs: CVE-2026-11610 CVE-2026-11774 Description of changes: [1.4.3.39-25] - Bump version to 1.4.3.39-25 - Resolves: RHEL-182162 - EMBARGOED CVE-2026-11610 389-ds-base: 389-ds-base: Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND [rhel-8.10.z] - Resolves: RHEL-183102 - CVE-2026-11774 389-ds-base: 389-ds-base: integer overflow in SASL packet length bypasses size limit [1.4.3.39-24] - Bump version to 1.4.3.39-24 - Resolves: RHEL-170278 - Memory leaks in syncrepl plugin during persistent search operations [rhel-8.10.z] - Resolves: RHEL-163375 - WARN - keys2idl - received NULL idl from index_read_ext_allids - Resolves: RHEL-159306 - ns-slapd crash in libdb possible memory corruption [rhel-8.10.z] - Resolves:RHEL-170284 - access log - suspicious wtime optime negative and large values in internal op [rhel-8.10.z] - Resolves: RHEL-170507 - ns-slapd fails to shutdown when deferred memberof update is in progress [rhel-8.10.z] - Resolves: RHEL-170509 - Crash in trim_changelog() during the Retro Changelog trimming [rhel-8.10.z] - Resolves: RHEL-170514 - Possible memory leak when using the Retro Changelog plugin [rhel-8.10.z] - Resolves: RHEL-170512 - Crash in replica_config_add when manually configuring a replica with an incorrect nsds5ReplicaRoot [rhel-8.10.z] - Resolves: RHEL-174523 - [RFE] Add OS-level thread names to all server threads [rhel-8.10.z] - Resolves: RHEL-170483 - test_vlv_recreation_reindex fails on LMDB [rhel-8.10.z] - Resolves: RHEL-178076 - CVE-2026-9064 389-ds:1.4/389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS) [rhel-8.10.z] [1.4.3.39-23] - Resolves: RHEL-137074 - CVE-2025-14905 389-ds:1.4/389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow [rhel-8.10.z] - Resolves: RHEL-152098 - Scalability issue of replication online initialization with large database [rhel-8.10.z] [1.4.3.39-22] - Resolves: RHEL-148485 - Upgrading IDM to latest version: 389-ds-base and ipa-server breaks replication [rhel-8.10.z] [1.4.3.39-21] - Resolves: RHEL-141419 - (&(cn:dn:=groups)) no longer returns results [rhel-8.10.z] - Resolves: RHEL-140272 - ipa-healthcheck is complaining about missing or incorrectly configured system indexes. [rhel-8.10.z] [1.4.3.39-20] - Resolves: RHEL-140086 - Upgrading IDM to latest version: 389-ds-base and ipa-server breaks replication [rhel-8.10.z] [1.4.3.39-19] - Resolves: RHEL-117759 - Replication online reinitialization of a large database gets stalled. [rhel-8.10.z] [1.4.3.39-18] - Reverts: RHEL-123241 - Attribute uniqueness is not enforced upon modrdn operation [rhel-8.10.z] [1.4.3.39-17] - Resolves: RHEL-80491 - Can't rename users member ofautomember rule [rhel-8.10.z] - Resolves: RHEL-87191 - Some replication status data are reset upon a restart. [rhel-8.10.z] - Resolves: RHEL-89785 - Extend log of operations statistics in access log - Resolves: RHEL-111226 - Error showing local password policy on web UI [rhel-8.10.z] - Resolves: RHEL-113976 - AddressSanitizer: memory leak in memberof_add_memberof_attr [rhel-8.10.z] - Resolves: RHEL-117457 - subtree search statistics for index lookup does not report ancestorid/entryrdn lookups - Resolves: RHEL-117752 - Crash if repl keep alive entry can not be created [rhel-8.10.z] - Resolves: RHEL-117759 - Replication online reinitialization of a large database gets stalled. [rhel-8.10.z] - Resolves: RHEL-117765 - Statistics about index lookup report a wrong duration [rhel-8.10.z] - Resolves: RHEL-123228 - Improve the way to detect asynchronous operations in the access logs [rhel-8.10.z] - Resolves: RHEL-123241 - Attribute uniqueness is not enforced upon modrdn operation [rhel-8.10.z] - Resolves: RHEL-123254 - Typo in errors log after a Memberof fixup task. [rhel-8.10.z] - Resolves: RHEL-123269 - LDAP high CPU usage while handling indexes with IDL scan limit at INT_MAX [rhel-8.10.z] - Resolves: RHEL-123276 - The new ipahealthcheck test ipahealthcheck.ds.backends.BackendsCheck raises CRITICAL issue [rhel-8.10.z] - Resolves: RHEL-123363 - When deferred memberof update is enabled after the server crashed it should not launch memberof fixup task by default [rhel-8.10.z] - Resolves: RHEL-123365 - IPA health check up script shows time skew is over 24 hours [rhel-8.10.z] - Resolves: RHEL-123920 - Changelog trimming - add number of scanned entries to the log [rhel-8.10.z] - Resolves: RHEL-126512 - Created user password hash available to see in audit log [rhel-8.10.z] - Resolves: RHEL-129578 - Fix paged result search locking [rhel-8.10.z] - Resolves: RHEL-130900 - On RHDS 12.6 The user password policy for a user was created, but the pwdpolicysubentry attribute for this user incorrectly points to the People OU passwordpolicy instead of the specific user policy. [rhel-8.10.z] [1.4.3.39-15] - Resolves: RHEL-109028 - Allow Uniqueness plugin to search uniqueness attributes using custom matching rules [rhel-8.10.z] _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Updated RPMs for Oracle Linux 8 include fixes for important vulnerabilities such as heap buffer overflow and integer overflow.. Oracle Linux 8, 389-ds-base, Security Advisory, CVE-2026-11610, CVE-2026-11774. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 Important Oracle
89

Fedora 43 Chromium High Risk Use After Free Vulnerabilities 2026-9a7d180869

Update to 150.0.7871.114 * CVE-2026-15112: Use after free in Ozone * CVE-2026-15129: Use after free in Views * CVE-2026-15132: Uninitialized Use in V8 * CVE-2026-15133: Use after free in InterestGroups. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-9a7d180869 2026-07-12 00:58:35.903713+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 43 Version : 150.0.7871.114 Release : 1.fc43 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 150.0.7871.114 * CVE-2026-15112: Use after free in Ozone * CVE-2026-15129: Use after free in Views * CVE-2026-15132: Uninitialized Use in V8 * CVE-2026-15133: Use after free in InterestGroups * CVE-2026-15108: Integer overflow in Extensions API * CVE-2026-15109: Uninitialized Use in ANGLE * CVE-2026-15110: Use after free in Extensions * CVE-2026-15111: Use after free in Views * CVE-2026-15113: Use after free in Autofill * CVE-2026-15114: Out of bounds read and write in Codecs * CVE-2026-15115: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-15116: Use after free in Actor * CVE-2026-15117: Use after free in Payments * CVE-2026-15118: Use after free in Input * CVE-2026-15119: Inappropriate implementation in GetUserMedia * CVE-2026-15120: Use after free in Core * CVE-2026-15121: Use after free in WebRTC * CVE-2026-15122: Insufficient validation of untrusted input in Codecs * CVE-2026-15123: Insufficient data validation in DOM * CVE-2026-15124: Insufficient policy enforcement in Passwords * CVE-2026-15125: Inappropriate implementation in Forms *CVE-2026-15126: Use after free in Forms * CVE-2026-15127: Inappropriate implementation in WebGL * CVE-2026-15128: Inappropriate implementation in Forms * CVE-2026-15130: Insufficient policy enforcement in Navigation * CVE-2026-15107: Use after free in IndexedDB * CVE-2026-15131: Insufficient data validation in Navigation -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 9 2026 Than Ngo - 150.0.7871.114-1 - Update to 150.0.7871.114 * CVE-2026-15112: Use after free in Ozone * CVE-2026-15129: Use after free in Views * CVE-2026-15132: Uninitialized Use in V8 * CVE-2026-15133: Use after free in InterestGroups * CVE-2026-15108: Integer overflow in Extensions API * CVE-2026-15109: Uninitialized Use in ANGLE * CVE-2026-15110: Use after free in Extensions * CVE-2026-15111: Use after free in Views * CVE-2026-15113: Use after free in Autofill * CVE-2026-15114: Out of bounds read and write in Codecs * CVE-2026-15115: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-15116: Use after free in Actor * CVE-2026-15117: Use after free in Payments * CVE-2026-15118: Use after free in Input * CVE-2026-15119: Inappropriate implementation in GetUserMedia * CVE-2026-15120: Use after free in Core * CVE-2026-15121: Use after free in WebRTC * CVE-2026-15122: Insufficient validation of untrusted input in Codecs * CVE-2026-15123: Insufficient data validation in DOM * CVE-2026-15124: Insufficient policy enforcement in Passwords * CVE-2026-15125: Inappropriate implementation in Forms * CVE-2026-15126: Use after free in Forms * CVE-2026-15127: Inappropriate implementation in WebGL * CVE-2026-15128: Inappropriate implementation in Forms * CVE-2026-15130: Insufficient policy enforcement in Navigation * CVE-2026-15107: Use after free in IndexedDB * CVE-2026-15131: Insufficient data validation inNavigation -------------------------------------------------------------------------------- References: [ 1 ] Bug #2498397 - CVE-2026-15108 CVE-2026-15109 CVE-2026-15110 CVE-2026-15111 CVE-2026-15112 CVE-2026-15113 CVE-2026-15114 CVE-2026-15115 CVE-2026-15116 CVE-2026-15117 CVE-2026-15118 CVE-2026-15119 CVE-2026-15120 CVE-2026-15121 ... chromium: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498397 [ 2 ] Bug #2498398 - CVE-2026-15108 CVE-2026-15109 CVE-2026-15110 CVE-2026-15111 CVE-2026-15112 CVE-2026-15113 CVE-2026-15114 CVE-2026-15115 CVE-2026-15116 CVE-2026-15117 CVE-2026-15118 CVE-2026-15119 CVE-2026-15120 CVE-2026-15121 ... chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498398 [ 3 ] Bug #2498404 - CVE-2026-15126 chromium: Google Chrome Forms: Arbitrary code execution via use-after-free vulnerability [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498404 [ 4 ] Bug #2498405 - CVE-2026-15126 chromium: Google Chrome Forms: Arbitrary code execution via use-after-free vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498405 [ 5 ] Bug #2498407 - CVE-2026-15107 chromium: Google Chrome: Arbitrary code execution via use after free in IndexedDB [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498407 [ 6 ] Bug #2498408 - CVE-2026-15107 chromium: Google Chrome: Arbitrary code execution via use after free in IndexedDB [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498408 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9a7d180869' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the FedoraProject can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Addressing critical updates in Fedora 43 for chromium to mitigate severe security issues like use after free vulnerabilities and integer overflow.. Fedora browser security, chromium updates, open source vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 11, 2026 Important Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200