Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
100
security advisorydenial of serviceimportantopenSUSE mozjs78 Important NULL Pointer Denial of Service Vuln 2026-1956-1
An update that solves three vulnerabilities can now be installed.. # Security update for mozjs78 Announcement ID: SUSE-SU-2026:1956-1 Release Date: 2026-05-18T07:57:21Z Rating: important References: * bsc#1259713 * bsc#1259728 * bsc#1259731 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for mozjs78 fixes the following issues * CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259728). * CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing (bsc#1259713). * CVE-2026-32778: libexpat: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259731). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1956=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1956=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1956=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1956=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1956=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1956=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1956=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1956=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1956=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1956=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * mozjs78-devel-78.15.0-150400.3.17.1 * libmozjs-78-0-debuginfo-78.15.0-150400.3.17.1 * mozjs78-78.15.0-150400.3.17.1 * mozjs78-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debugsource-78.15.0-150400.3.17.1 * libmozjs-78-0-78.15.0-150400.3.17.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * mozjs78-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debugsource-78.15.0-150400.3.17.1 * libmozjs-78-0-debuginfo-78.15.0-150400.3.17.1 * libmozjs-78-0-78.15.0-150400.3.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * mozjs78-devel-78.15.0-150400.3.17.1 * libmozjs-78-0-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debugsource-78.15.0-150400.3.17.1 * libmozjs-78-0-78.15.0-150400.3.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * mozjs78-devel-78.15.0-150400.3.17.1 * libmozjs-78-0-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debugsource-78.15.0-150400.3.17.1 * libmozjs-78-0-78.15.0-150400.3.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * mozjs78-devel-78.15.0-150400.3.17.1 * libmozjs-78-0-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debugsource-78.15.0-150400.3.17.1 * libmozjs-78-0-78.15.0-150400.3.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * mozjs78-devel-78.15.0-150400.3.17.1 * libmozjs-78-0-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debugsource-78.15.0-150400.3.17.1 *libmozjs-78-0-78.15.0-150400.3.17.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * mozjs78-devel-78.15.0-150400.3.17.1 * libmozjs-78-0-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debugsource-78.15.0-150400.3.17.1 * libmozjs-78-0-78.15.0-150400.3.17.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * mozjs78-devel-78.15.0-150400.3.17.1 * libmozjs-78-0-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debugsource-78.15.0-150400.3.17.1 * libmozjs-78-0-78.15.0-150400.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * mozjs78-devel-78.15.0-150400.3.17.1 * libmozjs-78-0-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debugsource-78.15.0-150400.3.17.1 * libmozjs-78-0-78.15.0-150400.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * mozjs78-devel-78.15.0-150400.3.17.1 * libmozjs-78-0-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debugsource-78.15.0-150400.3.17.1 * libmozjs-78-0-78.15.0-150400.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://bugzilla.suse.com/show_bug.cgi?id=1259713 * https://bugzilla.suse.com/show_bug.cgi?id=1259728 * https://bugzilla.suse.com/show_bug.cgi?id=1259731 . Critical security update for mozjs78 fixing multiple issues with important severity, update now recommended.. mozjs78 security update, openSUSE patch, libexpat exploit. . Severity: Important. LinuxSecurity.com Team
May 18, 2026
•Important
SuSE
202
security advisorydenial of serviceimportantopenSUSE mozjs78 Important Security Fixes Denial of Service 2026-1956-1
An update that solves three vulnerabilities can now be installed.. # Security update for mozjs78 Announcement ID: SUSE-SU-2026:1956-1 Release Date: 2026-05-18T07:57:21Z Rating: important References: * bsc#1259713 * bsc#1259728 * bsc#1259731 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for mozjs78 fixes the following issues * CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259728). * CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing (bsc#1259713). * CVE-2026-32778: libexpat: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259731). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1956=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1956=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1956=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1956=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1956=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1956=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1956=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1956=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1956=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1956=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * mozjs78-devel-78.15.0-150400.3.17.1 * libmozjs-78-0-debuginfo-78.15.0-150400.3.17.1 * mozjs78-78.15.0-150400.3.17.1 * mozjs78-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debugsource-78.15.0-150400.3.17.1 * libmozjs-78-0-78.15.0-150400.3.17.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * mozjs78-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debugsource-78.15.0-150400.3.17.1 * libmozjs-78-0-debuginfo-78.15.0-150400.3.17.1 * libmozjs-78-0-78.15.0-150400.3.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * mozjs78-devel-78.15.0-150400.3.17.1 * libmozjs-78-0-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debugsource-78.15.0-150400.3.17.1 * libmozjs-78-0-78.15.0-150400.3.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * mozjs78-devel-78.15.0-150400.3.17.1 * libmozjs-78-0-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debugsource-78.15.0-150400.3.17.1 * libmozjs-78-0-78.15.0-150400.3.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * mozjs78-devel-78.15.0-150400.3.17.1 * libmozjs-78-0-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debugsource-78.15.0-150400.3.17.1 * libmozjs-78-0-78.15.0-150400.3.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * mozjs78-devel-78.15.0-150400.3.17.1 * libmozjs-78-0-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debugsource-78.15.0-150400.3.17.1 *libmozjs-78-0-78.15.0-150400.3.17.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * mozjs78-devel-78.15.0-150400.3.17.1 * libmozjs-78-0-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debugsource-78.15.0-150400.3.17.1 * libmozjs-78-0-78.15.0-150400.3.17.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * mozjs78-devel-78.15.0-150400.3.17.1 * libmozjs-78-0-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debugsource-78.15.0-150400.3.17.1 * libmozjs-78-0-78.15.0-150400.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * mozjs78-devel-78.15.0-150400.3.17.1 * libmozjs-78-0-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debugsource-78.15.0-150400.3.17.1 * libmozjs-78-0-78.15.0-150400.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * mozjs78-devel-78.15.0-150400.3.17.1 * libmozjs-78-0-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debuginfo-78.15.0-150400.3.17.1 * mozjs78-debugsource-78.15.0-150400.3.17.1 * libmozjs-78-0-78.15.0-150400.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://bugzilla.suse.com/show_bug.cgi?id=1259713 * https://bugzilla.suse.com/show_bug.cgi?id=1259728 * https://bugzilla.suse.com/show_bug.cgi?id=1259731 . # Security update for mozjs78 Announcement ID: SUSE-SU-2026:1956-1 Release Date: 2026-05-18T07:57:21. update, solves, three, vulnerabilities, installed, security, mozjs78. . Severity: Important. LinuxSecurity.com Team
May 18, 2026
•Important
OpenSUSE
203
security advisoryfirefoxnull pointerMageia 9 Firefox Moderate LZ4 NULL Pointer Issues Fix MGASA-2026-0145
MGASA-2026-0145 - Updated firefox & thunderbird packages fix security vulnerabilities. MGASA-2026-0145 - Updated firefox & thunderbird packages fix security vulnerabilities Publication date: 16 May 2026 URL: https://advisories.mageia.org/MGASA-2026-0145.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-62813, CVE-2026-32776, CVE-2026-32777, CVE-2026-32778, CVE-2026-8090, CVE-2026-8092, CVE-2026-8094 Description: LZ4 compression library issue. (CVE-2025-62813) libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. (CVE-2026-32776) libexpat before 2.7.5 allows an infinite loop while parsing DTD content. (CVE-2026-32777) libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. (CVE-2026-32778) Use-after-free in the DOM: Networking component. (CVE-2026-8090) Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2, Firefox 150.0.2, Thunderbird ESR 140.10.2 and Thunderbird 150.0.2. (CVE-2026-8092) Another issue in the WebRTC component. (CVE-2026-8094) References: - https://bugs.mageia.org/show_bug.cgi?id=35508 - https://www.firefox.com/en-US/firefox/140.10.2/releasenotes/ - https://www.thunderbird.net/en-US/thunderbird/140.10.2esr/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa2026-41/ - https://www.mozilla.org/en-US/security/advisories/mfsa2026-44/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32776 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32777 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32778 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8090 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8092 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8094 SRPMS: - 9/core/firefox-140.10.2-1.mga9 - 9/core/firefox-l10n-140.10.2-1.mga9 - 9/core/thunderbird-140.10.2-1.mga9 -9/core/thunderbird-l10n-140.10.2-1.mga9 . Updated Firefox and Thunderbird packages address multiple security issues in Mageia 9. Critical fixes for memory safety and DTD parsing.. Firefox security patch, Mageia 9 advisory, software vulnerability fix, libexpat exploit, memory safety issues. . Severity: Important. LinuxSecurity.com Team
May 16, 2026
•Important
Mageia
100
security advisorydenial of serviceSuSESUSE 16.0 mozjs128 Important NULL Pointer DoS RISK Advisory 2026-21545-1
An update that solves three vulnerabilities can now be installed.. # Security update for mozjs128 Announcement ID: SUSE-SU-2026:21545-1 Release Date: 2026-05-05T00:25:19Z Rating: important References: * bsc#1259713 * bsc#1259728 * bsc#1259731 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for mozjs128 fixes the following issues: * CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259728). * CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing (bsc#1259713). * CVE-2026-32778: libexpat: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259731). ##Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-676=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-676=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * mozjs128-128.14.0-160000.2.1 * mozjs128-devel-128.14.0-160000.2.1 * mozjs128-debugsource-128.14.0-160000.2.1 * libmozjs-128-0-128.14.0-160000.2.1 * libmozjs-128-0-debuginfo-128.14.0-160000.2.1 * mozjs128-debuginfo-128.14.0-160000.2.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * mozjs128-128.14.0-160000.2.1 * mozjs128-devel-128.14.0-160000.2.1 * mozjs128-debugsource-128.14.0-160000.2.1 * libmozjs-128-0-128.14.0-160000.2.1 * libmozjs-128-0-debuginfo-128.14.0-160000.2.1 * mozjs128-debuginfo-128.14.0-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://bugzilla.suse.com/show_bug.cgi?id=1259713 * https://bugzilla.suse.com/show_bug.cgi?id=1259728 * https://bugzilla.suse.com/show_bug.cgi?id=1259731 . Important SUSE security update for mozjs128 fixes critical issues including denial of service and null pointer risks.. SUSE mozjs128 update important denial of service security patch. . Severity: Important. LinuxSecurity.com Team
May 11, 2026
•Important
SuSE
100
security advisorydenial of serviceSuSESUSE 2026 1742-1 Important mozjs52 Denial of Service Fix
An update that solves three vulnerabilities can now be installed.. # Security update for mozjs52 Announcement ID: SUSE-SU-2026:1742-1 Release Date: 2026-05-07T07:15:49Z Rating: important References: * bsc#1259713 * bsc#1259728 * bsc#1259731 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for mozjs52 fixes the following issues * CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259728). * CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing (bsc#1259713). * CVE-2026-32778:libexpat: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259731). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1742=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * mozjs52-debuginfo-52.6.0-150000.3.12.1 * mozjs52-debugsource-52.6.0-150000.3.12.1 * libmozjs-52-52.6.0-150000.3.12.1 * libmozjs-52-debuginfo-52.6.0-150000.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://bugzilla.suse.com/show_bug.cgi?id=1259713 * https://bugzilla.suse.com/show_bug.cgi?id=1259728 * https://bugzilla.suse.com/show_bug.cgi?id=1259731 . Three vulnerabilities in mozjs52 fixed by SUSE update ensure better system security and reliability.. SUSE security update, mozjs52 patch, denial of service fix. . Severity: Important. LinuxSecurity.com Team
May 07, 2026
•Important
SuSE
89
security advisoryfedoraupdateUbuntu 23 mingw-lz4 Important Memory Leak Remediation 2023-2398efc5a7
Update to expat-2.7.4.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-298986b2a3 2026-02-15 01:28:07.972968+00:00 -------------------------------------------------------------------------------- Name : mingw-expat Product : Fedora 42 Version : 2.7.4 Release : 1.fc42 URL : http://www.libexpat.org/ Summary : MinGW Windows port of expat XML parser library Description : This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. A start tag is an example of the kind of structures for which you may register handlers. -------------------------------------------------------------------------------- Update Information: Update to expat-2.7.4. -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 6 2026 Sandro Mani - 2.7.4-1 - Update to 2.7.4 * Fri Jan 16 2026 Fedora Release Engineering - 2.7.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2433616 - CVE-2026-24515 mingw-expat: libexpat null pointer dereference [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2433616 [ 2 ] Bug #2433618 - CVE-2026-24515 mingw-expat: libexpat null pointer dereference [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433618 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-298986b2a3' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 15, 2026
•Critical
Fedora
203
security advisorycriticalmemory allocationMageia 9: Expat Critical Memory Allocation Risk MGASA-2025-0240
MGASA-2025-0240 - Updated expat packages fix security vulnerabilities. MGASA-2025-0240 - Updated expat packages fix security vulnerabilities Publication date: 18 Oct 2025 URL: https://advisories.mageia.org/MGASA-2025-0240.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-8176, CVE-2025-59375 Description: Improper restriction of xml entity expansion depth in libexpat. (CVE-2024-8176) This is an extension of the fix published in MGASA-2025-0109 that was determined by upstream to be incomplete. Libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. (CVE-2025-59375) References: - https://bugs.mageia.org/show_bug.cgi?id=34640 - https://bugs.mageia.org/show_bug.cgi?id=34111 - https://www.openwall.com/lists/oss-security/2025/09/24/11 - https://advisories.mageia.org/MGASA-2025-0109.html - https://www.cve.org/CVERecord?id=CVE-2025-8176 - https://www.cve.org/CVERecord?id=CVE-2025-59375 SRPMS: - 9/core/expat-2.7.3-1.mga9 . Expat package updates in Mageia fix critical security issues related to XML parsing depth and memory allocation risks.. Mageia Security, Expat Update, XML Parsing Depth, Memory Allocation, Security Risks. . Severity: Critical. LinuxSecurity.com Team
Oct 18, 2025
•Critical
Mageia
203
security advisorysecurity issuecriticalMageia 2025-0109: expat Security Advisory Updates
Improper restriction of xml entity expansion depth in libexpat. (CVE-2024-8176) References: - https://bugs.mageia.org/show_bug.cgi?id=34111 . MGASA-2025-0109 - Updated expat packages fix security vulnerability Publication date: 22 Mar 2025 URL: https://advisories.mageia.org/MGASA-2025-0109.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-8176 Improper restriction of xml entity expansion depth in libexpat. (CVE-2024-8176) References: - https://bugs.mageia.org/show_bug.cgi?id=34111 - https://www.openwall.com/lists/oss-security/2025/03/14/5 - https://www.cve.org/CVERecord?id=CVE-2024-8176 SRPMS: - 9/core/expat-2.7.0-1.mga9 . Updated expat packages address security flaws in XML processing for Mageia 9. Strongly recommended patches available now.. improper, restriction, entity, expansion, depth, libexpat, (cve-2024-8176), https. . Severity: Critical. LinuxSecurity.com Team
Mar 22, 2025
•Critical
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!