Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 219 articles for you...
202

openSUSE gsasl Significant Memory Exposure Resolution 2026-21303-1

An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for gsasl ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21303-1 Rating: important References: * bsc#1268885 Cross-References: * CVE-2026-56968 CVSS scores: * CVE-2026-56968 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-56968 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for gsasl fixes the following issue - CVE-2026-56968: improper sanitization of a short challenge in `_gsasl_ntlm_client_step` of the NTLM client can lead to memory disclosure (bsc#1268885). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1214=1 Package List: - openSUSE Leap 16.0: gsasl-2.2.1-160000.4.1 gsasl-devel-2.2.1-160000.4.1 gsasl-lang-2.2.1-160000.4.1 libgsasl18-2.2.1-160000.4.1 References: * https://www.suse.com/security/cve/CVE-2026-56968.html . An important update for openSUSE addressing a memory disclosure in gsasl. Install necessary patches promptly.. openSUSE gsasl update memory disclosure patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 Important OpenSUSE
100

openSUSE gimp Moderate Memory Disclosure DoS Vulnerability 2026-2756-1

An update that solves one vulnerability can now be installed.. # Security update for gimp Announcement ID: SUSE-SU-2026:2756-1 Release Date: 2026-07-03T19:25:50Z Rating: moderate References: * bsc#1260837 Cross-References: * CVE-2026-4887 CVSS scores: * CVE-2026-4887 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2026-4887 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2026-4887 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for gimp fixes the following issue: * CVE-2026-4887: Memory disclosure and denial of service via specially crafted PCX image (bsc#1260837). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2756=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2756=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-2756=1 ## Package List: * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * gimp-2.10.30-150400.3.53.1 * gimp-plugin-aa-2.10.30-150400.3.53.1 * gimp-devel-2.10.30-150400.3.53.1 * libgimpui-2_0-0-2.10.30-150400.3.53.1 * gimp-devel-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.53.1 * gimp-debuginfo-2.10.30-150400.3.53.1 *libgimp-2_0-0-2.10.30-150400.3.53.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-debugsource-2.10.30-150400.3.53.1 * openSUSE Leap 15.4 (x86_64) * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.53.1 * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.53.1 * libgimpui-2_0-0-32bit-2.10.30-150400.3.53.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgimp-2_0-0-64bit-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-64bit-2.10.30-150400.3.53.1 * libgimpui-2_0-0-64bit-2.10.30-150400.3.53.1 * libgimpui-2_0-0-64bit-debuginfo-2.10.30-150400.3.53.1 * openSUSE Leap 15.4 (noarch) * gimp-lang-2.10.30-150400.3.53.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * gimp-2.10.30-150400.3.53.1 * gimp-devel-2.10.30-150400.3.53.1 * libgimpui-2_0-0-2.10.30-150400.3.53.1 * gimp-devel-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-2.10.30-150400.3.53.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-debugsource-2.10.30-150400.3.53.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * gimp-lang-2.10.30-150400.3.53.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * libgimpui-2_0-0-2.10.30-150400.3.53.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-2.10.30-150400.3.53.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-debugsource-2.10.30-150400.3.53.1 * SUSE Package Hub 15 15-SP7 (aarch64) * gimp-2.10.30-150400.3.53.1 * gimp-plugin-aa-2.10.30-150400.3.53.1 * gimp-devel-2.10.30-150400.3.53.1 * gimp-devel-debuginfo-2.10.30-150400.3.53.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.53.1 * SUSE Package Hub 15 15-SP7 (noarch) * gimp-lang-2.10.30-150400.3.53.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4887.html *https://bugzilla.suse.com/show_bug.cgi?id=1260837 . An essential update for gimp addressing a memory disclosure and denial of service issue is now available on SUSE systems.. gimp update, moderate security patch, memory disclosure fix, SUSE Linux security, openSUSE security advisory. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 06, 2026 moderate SuSE
202

openSUSE Gimp Moderate Memory Leak Denial of Service 2026-2756-1

An update that solves one vulnerability can now be installed.. # Security update for gimp Announcement ID: SUSE-SU-2026:2756-1 Release Date: 2026-07-03T19:25:50Z Rating: moderate References: * bsc#1260837 Cross-References: * CVE-2026-4887 CVSS scores: * CVE-2026-4887 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2026-4887 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2026-4887 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for gimp fixes the following issue: * CVE-2026-4887: Memory disclosure and denial of service via specially crafted PCX image (bsc#1260837). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2756=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2756=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-2756=1 ## Package List: * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * gimp-2.10.30-150400.3.53.1 * gimp-plugin-aa-2.10.30-150400.3.53.1 * gimp-devel-2.10.30-150400.3.53.1 * libgimpui-2_0-0-2.10.30-150400.3.53.1 * gimp-devel-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.53.1 * gimp-debuginfo-2.10.30-150400.3.53.1 *libgimp-2_0-0-2.10.30-150400.3.53.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-debugsource-2.10.30-150400.3.53.1 * openSUSE Leap 15.4 (x86_64) * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.53.1 * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.53.1 * libgimpui-2_0-0-32bit-2.10.30-150400.3.53.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgimp-2_0-0-64bit-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-64bit-2.10.30-150400.3.53.1 * libgimpui-2_0-0-64bit-2.10.30-150400.3.53.1 * libgimpui-2_0-0-64bit-debuginfo-2.10.30-150400.3.53.1 * openSUSE Leap 15.4 (noarch) * gimp-lang-2.10.30-150400.3.53.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * gimp-2.10.30-150400.3.53.1 * gimp-devel-2.10.30-150400.3.53.1 * libgimpui-2_0-0-2.10.30-150400.3.53.1 * gimp-devel-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-2.10.30-150400.3.53.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-debugsource-2.10.30-150400.3.53.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * gimp-lang-2.10.30-150400.3.53.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * libgimpui-2_0-0-2.10.30-150400.3.53.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-2.10.30-150400.3.53.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-debugsource-2.10.30-150400.3.53.1 * SUSE Package Hub 15 15-SP7 (aarch64) * gimp-2.10.30-150400.3.53.1 * gimp-plugin-aa-2.10.30-150400.3.53.1 * gimp-devel-2.10.30-150400.3.53.1 * gimp-devel-debuginfo-2.10.30-150400.3.53.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.53.1 * SUSE Package Hub 15 15-SP7 (noarch) * gimp-lang-2.10.30-150400.3.53.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4887.html *https://bugzilla.suse.com/show_bug.cgi?id=1260837 . # Security update for gimp Announcement ID: SUSE-SU-2026:2756-1 Release Date: 2026-07-03T19:25:50Z R. update, solves, vulnerability, installed, security, announcemen. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 06, 2026 moderate OpenSUSE
197

Debian LTS nginx Critical Remote Code Exec Denial of Service DLA-4667-1

Multiple vulnerabilities were discoverd in Nginx, a high-performance web and reverse proxy server, which could result in remote code execution, denial of service or memory disclosure. CVE-2026-42055 NGINX Open Source has a vulnerability in the ngx_http_proxy_v2_module and. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4667-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Carlos Henrique Lima Melara July 03, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : nginx Version : 1.22.1-9+deb12u9 CVE ID : CVE-2026-42055 CVE-2026-48142 Debian Bug : 1140359 1140361 Multiple vulnerabilities were discoverd in Nginx, a high-performance web and reverse proxy server, which could result in remote code execution, denial of service or memory disclosure. CVE-2026-42055 NGINX Open Source has a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. This vulnerability exists when the proxy_http_version to 2 or grpc_pass directives are used to proxy HTTP/2 traffic, the ignore_invalid_headers directive is set to off, and the large_client_header_buffers directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. CVE-2026-48142 NGINX Open Source has a vulnerability in the ngx_http_charset_module module. When content is served or proxied through a location block with both source_charset utf-8; and a charset directive (for example, charset koi8-r;) configured, remote,unauthenticated attackers can send requests (in conjunction with conditions beyond their control) to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. For Debian 12 bookworm, these problems have been fixed in version 1.22.1-9+deb12u9. We recommend that you upgrade your nginx packages. For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ensure your systems are secure by upgrading to the fixed Nginx version addressing critical vulnerabilities.. Nginx security update, Debian LTS advisory, RCE vulnerability. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 03, 2026 Critical Debian LTS
197

Debian LTS Nginx Critical Remote Code Exec Denial of Service DLA-4660-1

Multiple vulnerabilities were discoverd in Nginx, a high-performance web and reverse proxy server, which could result in remote code execution, denial of service or memory disclosure. CVE-2026-42055 NGINX Open Source has a vulnerability in the ngx_http_proxy_v2_module and. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4660-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Carlos Henrique Lima Melara June 30, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : nginx Version : 1.18.0-6.1+deb11u8 CVE ID : CVE-2026-42055 CVE-2026-48142 Debian Bug : 1138794 1140359 1140361 Multiple vulnerabilities were discoverd in Nginx, a high-performance web and reverse proxy server, which could result in remote code execution, denial of service or memory disclosure. CVE-2026-42055 NGINX Open Source has a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. This vulnerability exists when the proxy_http_version to 2 or grpc_pass directives are used to proxy HTTP/2 traffic, the ignore_invalid_headers directive is set to off, and the large_client_header_buffers directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. CVE-2026-48142 NGINX Open Source has a vulnerability in the ngx_http_charset_module module. When content is served or proxied through a location block with both source_charset utf-8; and a charset directive (for example, charset koi8-r;) configured, remote,unauthenticated attackers can send requests (in conjunction with conditions beyond their control) to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. No CVE assigned yet HTTP/2 Bomb denial of service For Debian 11 bullseye, these problems have been fixed in version 1.18.0-6.1+deb11u8. We recommend that you upgrade your nginx packages. For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Multiple vulnerabilities in Nginx can lead to remote code execution, denial of service, and memory disclosure. Upgrade recommended.. Nginx security update, remote code execution, memory disclosure vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 30, 2026 Critical Debian LTS
87

Debian nginx Critical Remote Code Execution Denial of Service DSA-6374-1

Multiple vulnerabilities were discoverd in Nginx, a high-performance web and reverse proxy server, which could result in remote code execution, denial of service or memory disclosure. For the stable distribution (trixie), these problems have been fixed in version 1.26.3-3+deb13u7.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6374-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso June 30, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx CVE ID : CVE-2026-42055 CVE-2026-48142 Debian Bug : 1140359 1140361 Multiple vulnerabilities were discoverd in Nginx, a high-performance web and reverse proxy server, which could result in remote code execution, denial of service or memory disclosure. For the stable distribution (trixie), these problems have been fixed in version 1.26.3-3+deb13u7. We recommend that you upgrade your nginx packages. For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian DSA-6374-1 fixes multiple critical vulnerabilities in nginx affecting stable trixie release.. Debian nginx vulnerabilities remote code execution. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 30, 2026 Critical Debian
219

Rocky Linux 8 Libpq Limited Memory Information Leak Issue RLSA-2023-7016

Low: libpq security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:7016", "synopsis": "Low: libpq security update", "severity": "SEVERITY_LOW", "topic": "An update is available for libpq.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. \n\nSecurity Fix(es):\n\n* postgresql: Client memory disclosure when connecting with Kerberos to modified server (CVE-2022-41862)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2165722", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2165722", "description": ""}], "cves": [{"name": "CVE-2022-41862", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41862", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss3BaseScore": "3.7", "cwe": "CWE-200"}], "references": [], "publishedAt": "2026-06-28T00:01:03.878968Z", "rpms": {"Rocky Linux 8": {"nvras": ["libpq-0:13.11-1.el8.src.rpm", "libpq-debuginfo-0:13.11-1.el8.aarch64.rpm", "libpq-debugsource-0:13.11-1.el8.aarch64.rpm", "libpq-devel-debuginfo-0:13.11-1.el8.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Libpq security update for Rocky Linux addresses low severity issues, ensuring better protection against memory disclosure vulnerabilities.. Rocky Linux security updates, libpq security fix, PostgreSQL client library, memory disclosure vulnerability.. Severity: Low. LinuxSecurity.com Team

Calendar%202 Jun 28, 2026 Low Rocky Linux
87

Debian libssh2 Critical Memory Disclosure DoS Exec Code DSA-6365-1

Multiple security vulnerabilities were discovered in libssh2, a client-side C library implementing the SSH2 protocol which could result in memory disclosure, denial of service or potentially the execution of arbitrary code. For the stable distribution (trixie), these problems have been fixed in. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6365-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff June 25, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libssh2 CVE ID : CVE-2025-15661 CVE-2026-7598 CVE-2026-55199 CVE-2026-55200 Multiple security vulnerabilities were discovered in libssh2, a client-side C library implementing the SSH2 protocol which could result in memory disclosure, denial of service or potentially the execution of arbitrary code. For the stable distribution (trixie), these problems have been fixed in version 1.11.1-1+deb13u1. We recommend that you upgrade your libssh2 packages. For the detailed security status of libssh2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libssh2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Numerous security flaws found in libssh2 could lead to memory disclosure, DoS, or arbitrary code execution. Update advised.. libssh2 security fix, Debian advisory, security vulnerabilities, memory disclosure, denial of service. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 25, 2026 Critical Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200