Alerts This Week
Warning Icon 1 1,146
Alerts This Week
Warning Icon 1 1,146

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":100,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 126 articles for you...
217

Oracle Linux 9 libexif Moderate Integer Issues Advisory ELSA-2026-22553

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-22553 http://linux.oracle.com/errata/ELSA-2026-22553.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: libexif-0.6.22-6.el9_8.1.i686.rpm libexif-0.6.22-6.el9_8.1.x86_64.rpm libexif-devel-0.6.22-6.el9_8.1.i686.rpm libexif-devel-0.6.22-6.el9_8.1.x86_64.rpm aarch64: libexif-0.6.22-6.el9_8.1.aarch64.rpm libexif-devel-0.6.22-6.el9_8.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/libexif-0.6.22-6.el9_8.1.src.rpm Related CVEs: CVE-2026-40385 CVE-2026-40386 Description of changes: [0.6.22-6.1] - Fix integer underflow in MakerNote decoding (CVE-2026-40386) - Fix integer overflow in Nikon MakerNote handling (CVE-2026-40385) Resolves: RHEL-170253, RHEL-170234 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 9 updates address moderate vulnerabilities in libexif, fixing integer issues. Stay patched for security!. Oracle Linux 9, libexif updates, moderate vulnerabilities, security advisory, integer underflow fix. . LinuxSecurity.com Team

Calendar%202 Jun 26, 2026 Oracle
202

openSUSE StrongSwan Important Eight Issue Fix SUSE-SU-2026-2368-1

An update that solves eight vulnerabilities can now be installed.. # Security update for strongswan Announcement ID: SUSE-SU-2026:2368-1 Release Date: 2026-06-11T12:22:00Z Rating: important References: * bsc#1261705 * bsc#1261706 * bsc#1261708 * bsc#1261712 * bsc#1261717 * bsc#1261718 * bsc#1261720 * bsc#1266360 Cross-References: * CVE-2026-35328 * CVE-2026-35329 * CVE-2026-35330 * CVE-2026-35331 * CVE-2026-35332 * CVE-2026-35333 * CVE-2026-35334 * CVE-2026-47895 CVSS scores: * CVE-2026-35328 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35328 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35329 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35329 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35330 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-35330 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35331 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-35331 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-35332 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35332 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35333 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35333 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35334 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35334 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-47895 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-47895 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE LinuxEnterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves eight vulnerabilities can now be installed. ## Description: This update for strongswan fixes the following issues * CVE-2026-35328: infinite loop when handling supported versions TLS extension (bsc#1261712). * CVE-2026-35329: null pointer dereference when processing padding in PKCS#7 (bsc#1261717). * CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes (bsc#1261705). * CVE-2026-35331: accepting certificates violating name constraints (bsc#1261718). * CVE-2026-35332: null pointer dereference when handling ECDH public value in TLS (bsc#1261708). * CVE-2026-35333: integer underflow when handling RADIUS attributes (bsc#1261706). * CVE-2026-35334: possible null pointer dereference in RSA decryption (bsc#1261720). * CVE-2026-47895: double-free when destroying certain cloned identities (bsc#1266360). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2368=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2368=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2368=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2368=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2368=1 ## Package List: *SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * strongswan-libs0-5.9.11-150400.19.35.1 * strongswan-5.9.11-150400.19.35.1 * strongswan-ipsec-debuginfo-5.9.11-150400.19.35.1 * strongswan-debuginfo-5.9.11-150400.19.35.1 * strongswan-debugsource-5.9.11-150400.19.35.1 * strongswan-ipsec-5.9.11-150400.19.35.1 * strongswan-hmac-5.9.11-150400.19.35.1 * strongswan-libs0-debuginfo-5.9.11-150400.19.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * strongswan-doc-5.9.11-150400.19.35.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * strongswan-libs0-5.9.11-150400.19.35.1 * strongswan-5.9.11-150400.19.35.1 * strongswan-ipsec-debuginfo-5.9.11-150400.19.35.1 * strongswan-debuginfo-5.9.11-150400.19.35.1 * strongswan-debugsource-5.9.11-150400.19.35.1 * strongswan-ipsec-5.9.11-150400.19.35.1 * strongswan-hmac-5.9.11-150400.19.35.1 * strongswan-libs0-debuginfo-5.9.11-150400.19.35.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * strongswan-doc-5.9.11-150400.19.35.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * strongswan-nm-5.9.11-150400.19.35.1 * strongswan-libs0-5.9.11-150400.19.35.1 * strongswan-5.9.11-150400.19.35.1 * strongswan-ipsec-debuginfo-5.9.11-150400.19.35.1 * strongswan-nm-debuginfo-5.9.11-150400.19.35.1 * strongswan-debuginfo-5.9.11-150400.19.35.1 * strongswan-debugsource-5.9.11-150400.19.35.1 * strongswan-ipsec-5.9.11-150400.19.35.1 * strongswan-sqlite-debuginfo-5.9.11-150400.19.35.1 * strongswan-mysql-debuginfo-5.9.11-150400.19.35.1 * strongswan-sqlite-5.9.11-150400.19.35.1 * strongswan-hmac-5.9.11-150400.19.35.1 * strongswan-libs0-debuginfo-5.9.11-150400.19.35.1 * strongswan-mysql-5.9.11-150400.19.35.1 * openSUSE Leap 15.4 (noarch) * strongswan-doc-5.9.11-150400.19.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) *strongswan-libs0-5.9.11-150400.19.35.1 * strongswan-5.9.11-150400.19.35.1 * strongswan-ipsec-debuginfo-5.9.11-150400.19.35.1 * strongswan-debuginfo-5.9.11-150400.19.35.1 * strongswan-debugsource-5.9.11-150400.19.35.1 * strongswan-ipsec-5.9.11-150400.19.35.1 * strongswan-hmac-5.9.11-150400.19.35.1 * strongswan-libs0-debuginfo-5.9.11-150400.19.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * strongswan-doc-5.9.11-150400.19.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * strongswan-libs0-5.9.11-150400.19.35.1 * strongswan-5.9.11-150400.19.35.1 * strongswan-ipsec-debuginfo-5.9.11-150400.19.35.1 * strongswan-debuginfo-5.9.11-150400.19.35.1 * strongswan-debugsource-5.9.11-150400.19.35.1 * strongswan-ipsec-5.9.11-150400.19.35.1 * strongswan-hmac-5.9.11-150400.19.35.1 * strongswan-libs0-debuginfo-5.9.11-150400.19.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * strongswan-doc-5.9.11-150400.19.35.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35328.html * https://www.suse.com/security/cve/CVE-2026-35329.html * https://www.suse.com/security/cve/CVE-2026-35330.html * https://www.suse.com/security/cve/CVE-2026-35331.html * https://www.suse.com/security/cve/CVE-2026-35332.html * https://www.suse.com/security/cve/CVE-2026-35333.html * https://www.suse.com/security/cve/CVE-2026-35334.html * https://www.suse.com/security/cve/CVE-2026-47895.html * https://bugzilla.suse.com/show_bug.cgi?id=1261705 * https://bugzilla.suse.com/show_bug.cgi?id=1261706 * https://bugzilla.suse.com/show_bug.cgi?id=1261708 * https://bugzilla.suse.com/show_bug.cgi?id=1261712 * https://bugzilla.suse.com/show_bug.cgi?id=1261717 * https://bugzilla.suse.com/show_bug.cgi?id=1261718 * https://bugzilla.suse.com/show_bug.cgi?id=1261720 * https://bugzilla.suse.com/show_bug.cgi?id=1266360 . An important security patch for strongswan that addresseseight critical issues for openSUSE systems.. strongswan security patch, openSUSE update, important vulnerability fix, Linux software update. . LinuxSecurity.com Team

Calendar%202 Jun 11, 2026 OpenSUSE
100

openSUSE StrongSwan Important Integer Underflow Vuln SUSE-2026-2197-1

An update that solves six vulnerabilities can now be installed.. # Security update for strongswan Announcement ID: SUSE-SU-2026:2197-1 Release Date: 2026-06-01T07:45:03Z Rating: important References: * bsc#1261705 * bsc#1261706 * bsc#1261708 * bsc#1261712 * bsc#1261717 * bsc#1261720 Cross-References: * CVE-2026-35328 * CVE-2026-35329 * CVE-2026-35330 * CVE-2026-35332 * CVE-2026-35333 * CVE-2026-35334 CVSS scores: * CVE-2026-35328 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35328 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35329 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35329 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35330 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-35330 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35332 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35332 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35333 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35333 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35334 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35334 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves six vulnerabilities can now be installed. ## Description: This update for strongswan fixes the following issues: * CVE-2026-35328: infinite loop when handling supported versions TLS extension (bsc#1261712). * CVE-2026-35329: null pointer dereference when processingpadding in PKCS#7 (bsc#1261717). * CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes (bsc#1261705). * CVE-2026-35332: null pointer dereference when handling ECDH public value in TLS (bsc#1261708). * CVE-2026-35333: integer underflow when handling RADIUS attributes (bsc#1261706). * CVE-2026-35334: null pointer dereference in RSA decryption (bsc#1261720). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2197=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2197=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2197=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * strongswan-debuginfo-5.9.12-150600.3.16.1 * strongswan-mysql-debuginfo-5.9.12-150600.3.16.1 * strongswan-ipsec-5.9.12-150600.3.16.1 * strongswan-5.9.12-150600.3.16.1 * strongswan-sqlite-debuginfo-5.9.12-150600.3.16.1 * strongswan-hmac-5.9.12-150600.3.16.1 * strongswan-libs0-5.9.12-150600.3.16.1 * strongswan-libs0-debuginfo-5.9.12-150600.3.16.1 * strongswan-ipsec-debuginfo-5.9.12-150600.3.16.1 * strongswan-sqlite-5.9.12-150600.3.16.1 * strongswan-nm-5.9.12-150600.3.16.1 * strongswan-nm-debuginfo-5.9.12-150600.3.16.1 * strongswan-debugsource-5.9.12-150600.3.16.1 * strongswan-mysql-5.9.12-150600.3.16.1 * openSUSE Leap 15.6 (noarch) * strongswan-doc-5.9.12-150600.3.16.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * strongswan-debuginfo-5.9.12-150600.3.16.1 * strongswan-ipsec-5.9.12-150600.3.16.1 * strongswan-5.9.12-150600.3.16.1 * strongswan-hmac-5.9.12-150600.3.16.1 * strongswan-libs0-5.9.12-150600.3.16.1 *strongswan-libs0-debuginfo-5.9.12-150600.3.16.1 * strongswan-ipsec-debuginfo-5.9.12-150600.3.16.1 * strongswan-debugsource-5.9.12-150600.3.16.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * strongswan-doc-5.9.12-150600.3.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * strongswan-debuginfo-5.9.12-150600.3.16.1 * strongswan-ipsec-5.9.12-150600.3.16.1 * strongswan-5.9.12-150600.3.16.1 * strongswan-hmac-5.9.12-150600.3.16.1 * strongswan-libs0-5.9.12-150600.3.16.1 * strongswan-libs0-debuginfo-5.9.12-150600.3.16.1 * strongswan-ipsec-debuginfo-5.9.12-150600.3.16.1 * strongswan-debugsource-5.9.12-150600.3.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * strongswan-doc-5.9.12-150600.3.16.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35328.html * https://www.suse.com/security/cve/CVE-2026-35329.html * https://www.suse.com/security/cve/CVE-2026-35330.html * https://www.suse.com/security/cve/CVE-2026-35332.html * https://www.suse.com/security/cve/CVE-2026-35333.html * https://www.suse.com/security/cve/CVE-2026-35334.html * https://bugzilla.suse.com/show_bug.cgi?id=1261705 * https://bugzilla.suse.com/show_bug.cgi?id=1261706 * https://bugzilla.suse.com/show_bug.cgi?id=1261708 * https://bugzilla.suse.com/show_bug.cgi?id=1261712 * https://bugzilla.suse.com/show_bug.cgi?id=1261717 * https://bugzilla.suse.com/show_bug.cgi?id=1261720 . SUSE releases important security advisory for strongswan, addressing six significant issues. Update recommended.. stronswan update, security patch, SUSE vulnerabilities. . LinuxSecurity.com Team

Calendar%202 Jun 01, 2026 SuSE
100

SUSE 12 SP5 StrongSwan Important Security Advisory 2026-1762-1

An update that solves six vulnerabilities can now be installed.. # Security update for strongswan Announcement ID: SUSE-SU-2026:1762-1 Release Date: 2026-05-08T08:58:30Z Rating: important References: * bsc#1261705 * bsc#1261706 * bsc#1261708 * bsc#1261717 * bsc#1261718 * bsc#1261720 Cross-References: * CVE-2026-35329 * CVE-2026-35330 * CVE-2026-35331 * CVE-2026-35332 * CVE-2026-35333 * CVE-2026-35334 CVSS scores: * CVE-2026-35329 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35329 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35330 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-35330 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35331 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-35331 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-35332 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35332 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35333 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35333 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35334 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35334 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for strongswan fixes the following issues: * CVE-2026-35329: NULL pointer dereference when processingpadding in PKCS#7 (bsc#1261717). * CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes (bsc#1261705). * CVE-2026-35331: acceptance of certificates violating X.509 name constraints (bsc#1261718). * CVE-2026-35332: NULL pointer dereference when handling ECDH public value in TLS (bsc#1261708). * CVE-2026-35333: integer underflow when handling RADIUS attributes (bsc#1261706). * CVE-2026-35334: possible NULL pointer dereference in RSA decryption (bsc#1261720). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1762=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1762=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * strongswan-libs0-5.1.3-26.35.1 * strongswan-hmac-5.1.3-26.35.1 * strongswan-ipsec-5.1.3-26.35.1 * strongswan-ipsec-debuginfo-5.1.3-26.35.1 * strongswan-5.1.3-26.35.1 * strongswan-debugsource-5.1.3-26.35.1 * strongswan-libs0-debuginfo-5.1.3-26.35.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * strongswan-doc-5.1.3-26.35.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * strongswan-libs0-5.1.3-26.35.1 * strongswan-hmac-5.1.3-26.35.1 * strongswan-ipsec-5.1.3-26.35.1 * strongswan-ipsec-debuginfo-5.1.3-26.35.1 * strongswan-5.1.3-26.35.1 * strongswan-debugsource-5.1.3-26.35.1 * strongswan-libs0-debuginfo-5.1.3-26.35.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * strongswan-doc-5.1.3-26.35.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35329.html * https://www.suse.com/security/cve/CVE-2026-35330.html *https://www.suse.com/security/cve/CVE-2026-35331.html * https://www.suse.com/security/cve/CVE-2026-35332.html * https://www.suse.com/security/cve/CVE-2026-35333.html * https://www.suse.com/security/cve/CVE-2026-35334.html * https://bugzilla.suse.com/show_bug.cgi?id=1261705 * https://bugzilla.suse.com/show_bug.cgi?id=1261706 * https://bugzilla.suse.com/show_bug.cgi?id=1261708 * https://bugzilla.suse.com/show_bug.cgi?id=1261717 * https://bugzilla.suse.com/show_bug.cgi?id=1261718 * https://bugzilla.suse.com/show_bug.cgi?id=1261720 . An important update for SUSE strongswan releases addresses six security issues, ensuring system safety and functionality.. SUSE strongswan security patch, SUSE vulnerabilities, strongswan update. . LinuxSecurity.com Team

Calendar%202 May 08, 2026 SuSE
203

Mageia 9 libexif Important Integer Underflow Risks MGASA-2026-0112

MGASA-2026-0112 - Updated libexif packages fix security vulnerabilities. MGASA-2026-0112 - Updated libexif packages fix security vulnerabilities Publication date: 07 May 2026 URL: https://advisories.mageia.org/MGASA-2026-0112.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-32775, CVE-2026-40385, CVE-2026-40386 Description: CVE-2026-32775: libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow. CVE-2026-40385: In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems. CVE-2026-40386: In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs. References: - https://bugs.mageia.org/show_bug.cgi?id=35368 - http://www.slackware.com/security/viewer.php?l=slackware-security&y=2026&m=slackware-security.368011 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32775 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40385 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40386 SRPMS: - 9/core/libexif-0.6.26-1.mga9 . Updated libexif packages for Mageia address critical security threats with integer underflow and crashes.. Mageia security advisory, libexif vulnerabilities, information leak risks, integer underflow prevention. . LinuxSecurity.com Team

Calendar%202 May 07, 2026 Mageia
219

Ubuntu Orion 21 RLBM-2023-67890 wayland-test-utility Critical System Error

Important: xorg-x11-server-Xwayland security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:11352", "synopsis": "Important: xorg-x11-server-Xwayland security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for xorg-x11-server-Xwayland.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Xwayland is an X server for running X clients under Wayland.\n\nSecurity Fix(es):\n\n* xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999)\n\n* xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001)\n\n* xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2451106", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2451106", "description": ""}, {"ticket": "2451109", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2451109", "description": ""}, {"ticket": "2451113", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2451113", "description": ""}], "cves": [{"name": "CVE-2026-33999", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33999", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-191"}, {"name": "CVE-2026-34001", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34001", "cvss3ScoringVector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-825"}, {"name": "CVE-2026-34003", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34003", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-125"}], "references": [], "publishedAt": "2026-05-01T12:06:42.394267Z", "rpms": {"Rocky Linux 10": {"nvras": ["xorg-x11-server-Xwayland-0:24.1.5-6.el10_1.aarch64.rpm", "xorg-x11-server-Xwayland-debuginfo-0:24.1.5-6.el10_1.ppc64le.rpm", "xorg-x11-server-Xwayland-debugsource-0:24.1.5-6.el10_1.x86_64.rpm", "xorg-x11-server-Xwayland-debugsource-0:24.1.5-6.el10_1.aarch64.rpm", "xorg-x11-server-Xwayland-0:24.1.5-6.el10_1.src.rpm", "xorg-x11-server-Xwayland-0:24.1.5-6.el10_1.ppc64le.rpm", "xorg-x11-server-Xwayland-debuginfo-0:24.1.5-6.el10_1.s390x.rpm", "xorg-x11-server-Xwayland-devel-0:24.1.5-6.el10_1.ppc64le.rpm", "xorg-x11-server-Xwayland-devel-0:24.1.5-6.el10_1.aarch64.rpm", "xorg-x11-server-Xwayland-devel-0:24.1.5-6.el10_1.x86_64.rpm", "xorg-x11-server-Xwayland-debugsource-0:24.1.5-6.el10_1.ppc64le.rpm", "xorg-x11-server-Xwayland-debuginfo-0:24.1.5-6.el10_1.x86_64.rpm", "xorg-x11-server-Xwayland-devel-0:24.1.5-6.el10_1.s390x.rpm", "xorg-x11-server-Xwayland-0:24.1.5-6.el10_1.s390x.rpm", "xorg-x11-server-Xwayland-debuginfo-0:24.1.5-6.el10_1.aarch64.rpm", "xorg-x11-server-Xwayland-0:24.1.5-6.el10_1.x86_64.rpm", "xorg-x11-server-Xwayland-debugsource-0:24.1.5-6.el10_1.s390x.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important security update for Xwayland addressing denial of service and use-after-free vulnerabilities in Rocky Linux.. Rocky Linux update. . LinuxSecurity.com Team

Calendar%202 May 01, 2026 Rocky Linux
89

Fedora 42 python-cbor2 Critical Integer Underflow DoS 2026-0afc953516

Backport upstream patch for CVE-2025-64076. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-0afc953516 2026-04-22 11:41:11.030775+00:00 -------------------------------------------------------------------------------- Name : python-cbor2 Product : Fedora 42 Version : 5.6.5 Release : 8.fc42 URL : https://github.com/agronholm/cbor2 Summary : Python CBOR (de)serializer with extensive tag support Description : This library provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 7049) serialization format. -------------------------------------------------------------------------------- Update Information: Backport upstream patch for CVE-2025-64076 -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 10 2026 Carl George - 5.6.5-8 - Backport upstream patch for CVE-2025-64076 * Sat Jan 17 2026 Fedora Release Engineering - 5.6.5-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Sep 19 2025 Python Maint - 5.6.5-6 - Rebuilt for Python 3.14.0rc3 bytecode * Fri Aug 15 2025 Python Maint - 5.6.5-5 - Rebuilt for Python 3.14.0rc2 bytecode * Fri Jul 25 2025 Fedora Release Engineering - 5.6.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Tue Jun 3 2025 Python Maint - 5.6.5-3 - Rebuilt for Python 3.14 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2418105 - CVE-2025-64076 python-cbor2: cbor2: Integer Underflow and Memory Leak leading to Denial of Service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2418105 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-0afc953516' at the command line. For more information, refer to the dnfdocumentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Backport patch for CVE-2025-64076 in python-cbor2 of Fedora 42 to prevent integer underflow and DoS.. python cbor2 security patch. . LinuxSecurity.com Team

Calendar%202 Apr 22, 2026 Fedora
202

openSUSE Leap StrongSwan Important Network Access Issues 2026-20547-1

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.. openSUSE security update: security update for strongswan ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20547-1 Rating: important References: * bsc#1257359 * bsc#1259472 Cross-References: * CVE-2025-9615 * CVE-2026-25075 CVSS scores: * CVE-2025-9615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-25075 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25075 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed. Description: This update for strongswan fixes the following issues: Update to strongswan 6.0.4: - CVE-2025-9615: NetworkManager File Access (bsc#1257359). - CVE-2026-25075: Integer Underflow When Handling EAP-TTLS AVP (bsc#1259472). Changes for strongswan: - Fixed a vulnerability in the NetworkManager plugin that potentially allows using credentials of other local users. This vulnerability has been registered as CVE-2025-9615. - The maximum supported length for section names in swanctl.conf has been increased to the upper limit of 256 characters that's enforced by VICI. - Prevent a crash if a confused peer rekeys a Child SA twice before sending a delete. - Fixed a memory leak if a peer's self-signed certificate is untrusted. Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-570=1 Package List: - openSUSE Leap 16.0: strongswan-6.0.4-160000.1.1 strongswan-doc-6.0.4-160000.1.1 strongswan-fips-6.0.4-160000.1.1 strongswan-ipsec-6.0.4-160000.1.1 strongswan-mysql-6.0.4-160000.1.1 strongswan-nm-6.0.4-160000.1.1 strongswan-sqlite-6.0.4-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2025-9615.html * https://www.suse.com/security/cve/CVE-2026-25075.html . Important security advisory for openSUSE strongswan fixes issues including network access vulnerabilities and integer underflow.. strongswan update, openSUSE advisory, security patch. . LinuxSecurity.com Team

Calendar%202 Apr 21, 2026 OpenSUSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":100,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Your message here