Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
100
security advisoryimportantBluetoothUbuntu Server Release 20-04 Critical Patch UBUNTU-2023-56789-3
An update that solves two vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21295-1 Release Date: 2026-04-22T17:14:01Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-358=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-30-default-15-1.2 * kernel-livepatch-6_4_0-30-default-debuginfo-15-1.2 * kernel-livepatch-MICRO-6-0_Update_8-debugsource-15-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 . Animportant update for SUSE Linux Micro 6.0 addresses critical kernel vulnerabilities. Install recommended fixes.. SUSE Linux Micro Kernel Update Important Bluetooth AppArmor. . Severity: Important. LinuxSecurity.com Team
Apr 27, 2026
•Important
SuSE
100
security advisorySuSEimportantSUSE Linux 15 SP5 Kernel Important Access Fix 2026-1611-1
An update that solves two vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1611-1 Release Date: 2026-04-24T14:06:13Z Rating: important References: * bsc#1258396 * bsc#1259859 Cross-References: * CVE-2026-23191 * CVE-2026-23268 CVSS scores: * CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.133 fixes various securityissues The following security issues were fixed: * CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1611=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1612=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1612=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1614=1 SUSE-2026-1615=1 SUSE-2026-1616=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1614=1 SUSE-SLE- Module-Live-Patching-15-SP5-2026-1615=1 SUSE-SLE-Module-Live- Patching-15-SP5-2026-1616=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_261-default-13-2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_46-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_184-default-5-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_46-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_184-default-5-150400.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_116-default-13-150500.2.1 * kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-13-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_31-debugsource-8-150500.2.1 *kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_124-default-8-150500.2.1 * kernel-livepatch-5_14_21-150500_55_133-default-5-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_34-debugsource-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_124-default-debuginfo-8-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_29-debugsource-13-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_116-default-13-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_31-debugsource-8-150500.2.1 * kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-13-150500.2.1 * kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_124-default-8-150500.2.1 * kernel-livepatch-5_14_21-150500_55_133-default-5-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_34-debugsource-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_124-default-debuginfo-8-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x) * kernel-livepatch-SLE15-SP5_Update_29-debugsource-13-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23191.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1258396 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 . Install important kernel update for SUSE Linux to fix access issues. Security vulnerabilities addressed to protect integrity.. SUSE Linux, kernel security, important patch, access management, threat mitigation. . Severity: Important. LinuxSecurity.com Team
Apr 24, 2026
•Important
SuSE
100
security advisorySuSEimportantSUSE Linux Enterprise 15 SP7 Kernel RT Important Advisory 2026-1447-1
An update that solves two vulnerabilities can now be installed.. # Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1447-1 Release Date: 2026-04-18T05:34:54Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.22 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1453=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1447=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-1448=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1449=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1450=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-1451=1SUSE-SLE-Module-Live-Patching-15-SP7-2026-1452=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-SLE15-SP7-RT_Update_5-debugsource-6-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_3-debugsource-9-150700.2.1 * kernel-livepatch-6_4_0-150700_7_8-rt-debuginfo-13-150700.2.1 * kernel-livepatch-6_4_0-150700_5-rt-debuginfo-14-150700.3.1 * kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource-9-150700.2.1 * kernel-livepatch-6_4_0-150700_7_3-rt-14-150700.2.1 * kernel-livepatch-6_4_0-150700_7_19-rt-debuginfo-6-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_1-debugsource-14-150700.2.1 * kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo-9-150700.2.1 * kernel-livepatch-6_4_0-150700_7_22-rt-debuginfo-5-150700.2.1 * kernel-livepatch-6_4_0-150700_7_8-rt-13-150700.2.1 * kernel-livepatch-6_4_0-150700_7_22-rt-5-150700.2.1 * kernel-livepatch-6_4_0-150700_5-rt-14-150700.3.1 * kernel-livepatch-SLE15-SP7-RT_Update_2-debugsource-13-150700.2.1 * kernel-livepatch-6_4_0-150700_7_3-rt-debuginfo-14-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_6-debugsource-5-150700.2.1 * kernel-livepatch-6_4_0-150700_7_16-rt-9-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_0-debugsource-14-150700.3.1 * kernel-livepatch-6_4_0-150700_7_13-rt-9-150700.2.1 * kernel-livepatch-6_4_0-150700_7_19-rt-6-150700.2.1 * kernel-livepatch-6_4_0-150700_7_13-rt-debuginfo-9-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 . Two vulnerabilities in SUSE Linux Kernel RT Live Patch 6 resolved with this important advisory update.. SUSE Linux, Kernel Update, RT Patch, Security Threat, Local User Access. . Severity: Important. LinuxSecurity.com Team
Apr 20, 2026
•Important
SuSE
99
security advisorysecurity issuecriticalSlackware 15.0 CUPS Major Security Patch Advisory SSA-2026-107-02
New cups packages are available for Slackware 15.0 and -current to fix security issues.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] cups (SSA:2026-107-01) New cups packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/cups-2.4.17-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: The scheduler treated local user and group names as case-insensitive. The RSS notifier could write outside the scheduler's RSS directory. The scheduler did not filter control characters from option values. The scheduler did not always allocate enough memory for a job's options string. The scheduler incorrectly allowed local certificates over the loopback interface. Fixed the range check for job password strings. Fixed a printer subscription bug in the scheduler. Fixed a SNMP string conversion bug in the backends. For more information, see: https://www.cve.org/CVERecord?id=CVE-2026-27447 https://www.cve.org/CVERecord?id=CVE-2026-34978 https://www.cve.org/CVERecord?id=CVE-2026-34980 https://www.cve.org/CVERecord?id=CVE-2026-34979 https://www.cve.org/CVERecord?id=CVE-2026-34990 https://www.cve.org/CVERecord?id=CVE-2026-39314 https://www.cve.org/CVERecord?id=CVE-2026-39316 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/cups-2.4.17-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/cups-2.4.17-x86_64-1_slack15.0.txz Updatedpackage for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/cups-2.4.17-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/cups-2.4.17-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 15ee7bfb8e0ca621d29bcf59c552f447 cups-2.4.17-i586-1_slack15.0.txz Slackware x86_64 15.0 package: ef69faf669400eabc802d9440e32a80c cups-2.4.17-x86_64-1_slack15.0.txz Slackware -current package: 4589040f31a586a6bf655a3f40a7e779 ap/cups-2.4.17-i686-1.txz Slackware x86_64 -current package: 44399b8feb3899536794d5d2b79fc710 ap/cups-2.4.17-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg cups-2.4.17-i586-1_slack15.0.txz Then, restart the cups server: # sh /etc/rc.d/rc.cups restart +-----+ . CUPS security update for Slackware 15.0 addresses critical flaws to enhance printer server safety and functionality.. CUPS update Slackware security local access issues. . Severity: Critical. LinuxSecurity.com Team
Apr 17, 2026
•Critical
Slackware
202
security advisorybuffer overflowimportantopenSUSE Leap 15.4 kernel Noteworthy Security Updates 2026-0984-1
An update that solves 11 vulnerabilities and has two security fixes can now be installed.. # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:0984-1 Release Date: 2026-03-23T22:20:54Z Rating: important References: * bsc#1238917 * bsc#1255075 * bsc#1256645 * bsc#1257231 * bsc#1257473 * bsc#1257732 * bsc#1257735 * bsc#1258340 * bsc#1258395 * bsc#1258518 * bsc#1258849 * bsc#1258850 * bsc#1259857 Cross-References: * CVE-2025-21738 * CVE-2025-40242 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23054 * CVE-2026-23060 * CVE-2026-23191 * CVE-2026-23204 * CVE-2026-23209 * CVE-2026-23268 * CVE-2026-23269 CVSS scores: * CVE-2025-21738 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-21738 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21738 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40242 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40242 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23054 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23054 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23060 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23060 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23060 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23191 ( NVD): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23269 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23269 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 11 vulnerabilities and has two security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2025-21738: ata: libata-sff: Ensure that we cannot writeoutside the allocated buffer (bsc#1238917). * CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231). * CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen
Mar 24, 2026
•Important
OpenSUSE
203
security advisorypermissions issueinformation disclosureMageia 9 MGASA-2024-0315 moderate: Apache mod_jk permission flaw
Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. (CVE-2024-46544) . MGASA-2024-0315 - Updated apache-mod_jk packages fix security vulnerability Publication date: 27 Sep 2024 URL: https://advisories.mageia.org/MGASA-2024-0315.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-46544 Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. (CVE-2024-46544) References: - https://bugs.mageia.org/show_bug.cgi?id=33586 - https://www.openwall.com/lists/oss-security/2024/09/23/1 - https://www.cve.org/CVERecord?id=CVE-2024-46544 SRPMS: - 9/core/apache-mod_jk-1.2.50-1.mga9 . Revised Nginx mod_proxy modules address vulnerabilities related to user permissions and configuration integrity.. apache mod_jk, permissions flaw, security update. . LinuxSecurity.com Team
Sep 27, 2024
Mageia
219
security advisorysecurity fiximportantRocky Linux 9 RLSA-2023:4708 Important: Subscription-Manager Access Flaw
Important: subscription-manager security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:4708", "synopsis": "Important: subscription-manager security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for subscription-manager.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Rocky Enterprise Software Foundation entitlement platform.\n\nSecurity Fix(es):\n\n* subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration (CVE-2023-3899)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2225407", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2225407", "description": ""}], "cves": [{"name": "CVE-2023-3899", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-3899", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2023-08-24T04:21:33.856417Z", "rpms": {"Rocky Linux 9": {"nvras": ["libdnf-plugin-subscription-manager-0:1.29.33.1-2.el9_2.rocky.0.1.aarch64.rpm", "libdnf-plugin-subscription-manager-debuginfo-0:1.29.33.1-2.el9_2.rocky.0.1.aarch64.rpm", "python3-cloud-what-0:1.29.33.1-2.el9_2.rocky.0.1.aarch64.rpm", "python3-subscription-manager-rhsm-0:1.29.33.1-2.el9_2.rocky.0.1.aarch64.rpm", "python3-subscription-manager-rhsm-debuginfo-0:1.29.33.1-2.el9_2.rocky.0.1.aarch64.rpm", "subscription-manager-0:1.29.33.1-2.el9_2.rocky.0.1.aarch64.rpm","subscription-manager-0:1.29.33.1-2.el9_2.rocky.0.1.src.rpm", "subscription-manager-debuginfo-0:1.29.33.1-2.el9_2.rocky.0.1.aarch64.rpm", "subscription-manager-debugsource-0:1.29.33.1-2.el9_2.rocky.0.1.aarch64.rpm", "subscription-manager-plugin-ostree-0:1.29.33.1-2.el9_2.rocky.0.1.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. A crucial update for subscription-manager has been released for Rocky Linux 9, addressing a significant security vulnerability related to local user permissions.. subscription-manager update, Rocky Linux security, local user access, authorization flaw. . Severity: Important. LinuxSecurity.com Team
Aug 24, 2023
•Important
Rocky Linux
98
security advisorysecurity issueimportantRHEL 8.6: RHSA-2023-4705 Important Security Fix For Subscription-Manager
An update for subscription-manager is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: subscription-manager security update Advisory ID: RHSA-2023:4705-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4705 Issue date: 2023-08-22 CVE Names: CVE-2023-3899 ===================================================================== 1. Summary: An update for subscription-manager is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform. Security Fix(es): * subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration (CVE-2023-3899) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2225407 - CVE-2023-3899 subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration 6. Package List: Red Hat Enterprise Linux AppStream EUS(v.8.6): aarch64: dnf-plugin-subscription-manager-debuginfo-1.28.29.1-2.el8_6.aarch64.rpm python3-subscription-manager-rhsm-debuginfo-1.28.29.1-2.el8_6.aarch64.rpm rhsm-gtk-1.28.29.1-2.el8_6.aarch64.rpm subscription-manager-debuginfo-1.28.29.1-2.el8_6.aarch64.rpm subscription-manager-debugsource-1.28.29.1-2.el8_6.aarch64.rpm subscription-manager-initial-setup-addon-1.28.29.1-2.el8_6.aarch64.rpm subscription-manager-migration-1.28.29.1-2.el8_6.aarch64.rpm ppc64le: dnf-plugin-subscription-manager-debuginfo-1.28.29.1-2.el8_6.ppc64le.rpm python3-subscription-manager-rhsm-debuginfo-1.28.29.1-2.el8_6.ppc64le.rpm rhsm-gtk-1.28.29.1-2.el8_6.ppc64le.rpm subscription-manager-debuginfo-1.28.29.1-2.el8_6.ppc64le.rpm subscription-manager-debugsource-1.28.29.1-2.el8_6.ppc64le.rpm subscription-manager-initial-setup-addon-1.28.29.1-2.el8_6.ppc64le.rpm subscription-manager-migration-1.28.29.1-2.el8_6.ppc64le.rpm s390x: dnf-plugin-subscription-manager-debuginfo-1.28.29.1-2.el8_6.s390x.rpm python3-subscription-manager-rhsm-debuginfo-1.28.29.1-2.el8_6.s390x.rpm rhsm-gtk-1.28.29.1-2.el8_6.s390x.rpm subscription-manager-debuginfo-1.28.29.1-2.el8_6.s390x.rpm subscription-manager-debugsource-1.28.29.1-2.el8_6.s390x.rpm subscription-manager-initial-setup-addon-1.28.29.1-2.el8_6.s390x.rpm subscription-manager-migration-1.28.29.1-2.el8_6.s390x.rpm x86_64: dnf-plugin-subscription-manager-debuginfo-1.28.29.1-2.el8_6.x86_64.rpm python3-subscription-manager-rhsm-debuginfo-1.28.29.1-2.el8_6.x86_64.rpm rhsm-gtk-1.28.29.1-2.el8_6.x86_64.rpm subscription-manager-debuginfo-1.28.29.1-2.el8_6.x86_64.rpm subscription-manager-debugsource-1.28.29.1-2.el8_6.x86_64.rpm subscription-manager-initial-setup-addon-1.28.29.1-2.el8_6.x86_64.rpm subscription-manager-migration-1.28.29.1-2.el8_6.x86_64.rpm Red Hat Enterprise Linux BaseOS EUS(v.8.6): Source: subscription-manager-1.28.29.1-2.el8_6.src.rpm aarch64: dnf-plugin-subscription-manager-1.28.29.1-2.el8_6.aarch64.rpm dnf-plugin-subscription-manager-debuginfo-1.28.29.1-2.el8_6.aarch64.rpm python3-cloud-what-1.28.29.1-2.el8_6.aarch64.rpm python3-subscription-manager-rhsm-1.28.29.1-2.el8_6.aarch64.rpm python3-subscription-manager-rhsm-debuginfo-1.28.29.1-2.el8_6.aarch64.rpm python3-syspurpose-1.28.29.1-2.el8_6.aarch64.rpm subscription-manager-1.28.29.1-2.el8_6.aarch64.rpm subscription-manager-debuginfo-1.28.29.1-2.el8_6.aarch64.rpm subscription-manager-debugsource-1.28.29.1-2.el8_6.aarch64.rpm subscription-manager-plugin-ostree-1.28.29.1-2.el8_6.aarch64.rpm subscription-manager-rhsm-certificates-1.28.29.1-2.el8_6.aarch64.rpm noarch: rhsm-icons-1.28.29.1-2.el8_6.noarch.rpm subscription-manager-cockpit-1.28.29.1-2.el8_6.noarch.rpm ppc64le: dnf-plugin-subscription-manager-1.28.29.1-2.el8_6.ppc64le.rpm dnf-plugin-subscription-manager-debuginfo-1.28.29.1-2.el8_6.ppc64le.rpm python3-cloud-what-1.28.29.1-2.el8_6.ppc64le.rpm python3-subscription-manager-rhsm-1.28.29.1-2.el8_6.ppc64le.rpm python3-subscription-manager-rhsm-debuginfo-1.28.29.1-2.el8_6.ppc64le.rpm python3-syspurpose-1.28.29.1-2.el8_6.ppc64le.rpm subscription-manager-1.28.29.1-2.el8_6.ppc64le.rpm subscription-manager-debuginfo-1.28.29.1-2.el8_6.ppc64le.rpm subscription-manager-debugsource-1.28.29.1-2.el8_6.ppc64le.rpm subscription-manager-plugin-ostree-1.28.29.1-2.el8_6.ppc64le.rpm subscription-manager-rhsm-certificates-1.28.29.1-2.el8_6.ppc64le.rpm s390x: dnf-plugin-subscription-manager-1.28.29.1-2.el8_6.s390x.rpm dnf-plugin-subscription-manager-debuginfo-1.28.29.1-2.el8_6.s390x.rpm python3-cloud-what-1.28.29.1-2.el8_6.s390x.rpm python3-subscription-manager-rhsm-1.28.29.1-2.el8_6.s390x.rpm python3-subscription-manager-rhsm-debuginfo-1.28.29.1-2.el8_6.s390x.rpm python3-syspurpose-1.28.29.1-2.el8_6.s390x.rpm subscription-manager-1.28.29.1-2.el8_6.s390x.rpm subscription-manager-debuginfo-1.28.29.1-2.el8_6.s390x.rpm subscription-manager-debugsource-1.28.29.1-2.el8_6.s390x.rpm subscription-manager-plugin-ostree-1.28.29.1-2.el8_6.s390x.rpm subscription-manager-rhsm-certificates-1.28.29.1-2.el8_6.s390x.rpm x86_64: dnf-plugin-subscription-manager-1.28.29.1-2.el8_6.x86_64.rpm dnf-plugin-subscription-manager-debuginfo-1.28.29.1-2.el8_6.x86_64.rpm python3-cloud-what-1.28.29.1-2.el8_6.x86_64.rpm python3-subscription-manager-rhsm-1.28.29.1-2.el8_6.x86_64.rpm python3-subscription-manager-rhsm-debuginfo-1.28.29.1-2.el8_6.x86_64.rpm python3-syspurpose-1.28.29.1-2.el8_6.x86_64.rpm subscription-manager-1.28.29.1-2.el8_6.x86_64.rpm subscription-manager-debuginfo-1.28.29.1-2.el8_6.x86_64.rpm subscription-manager-debugsource-1.28.29.1-2.el8_6.x86_64.rpm subscription-manager-plugin-ostree-1.28.29.1-2.el8_6.x86_64.rpm subscription-manager-rhsm-certificates-1.28.29.1-2.el8_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-3899 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJk5RiOAAoJENzjgjWX9erEmxUP/0z0noSNUesKNazTC8IcDvMw lXrsrV7Fub1Eu2hY2SksJAKd67KyAX6rnP2U8X4ztnFuS23m3uyXqR2UJl4oH9Yn G1jZuafIxooPvFJiAaEndFIvT1ymguPKSloEM0r6COuyQTAI3GefR4/Uy31mqaJv T8Qh1Q/UH8iJfPDZv28n225kMK3dKoIY3+GnyHTBu3Y298azF1GGOlX1+FCng9Io LZYZsA1LFIKnW1kL3/x7vA7JfAkOx4pMUkuP/rL+99kP7bconYehOI9qZlnis5Lm ssF/TeUJtYQ6XHC14KmVZ/Fo2Igg61tCUFc/EqbYIVbJGr9i7+PlAxx0isXDO7ah iRCobRL64OKFK7h+sFQHJcYPq/DjnAUuMfmN1jn0sDZv5T+RG0cWpveA7DFeQMW7 kj/ONVYJNVl7w7c44J7sg5vo0R+VhmzdiRVzugjJkriACP1GbpOXXyWzLsofIkSq mhCnHtWz0btZQvi+o9YCbMSleJswQi4DNqI8dVH53hcQ3eSPwSOfVmSyyFIViS3+ rc20evqfNSO2LGWEF9d8yRdc7EQ5YdmlzCwWWnBeaSTo89bODlPCb4vXZOGei+I7 nue9Wvd5Il9PLBDRXVhIZiTQqWvjFUh2w8/4GQp1yvNL2hVrCXpc5npk47SwRcuF dLJdGfv2WOSnkrZuuOWv =9V3c -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 22, 2023
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!