Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for gsasl ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21303-1 Rating: important References: * bsc#1268885 Cross-References: * CVE-2026-56968 CVSS scores: * CVE-2026-56968 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-56968 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for gsasl fixes the following issue - CVE-2026-56968: improper sanitization of a short challenge in `_gsasl_ntlm_client_step` of the NTLM client can lead to memory disclosure (bsc#1268885). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1214=1 Package List: - openSUSE Leap 16.0: gsasl-2.2.1-160000.4.1 gsasl-devel-2.2.1-160000.4.1 gsasl-lang-2.2.1-160000.4.1 libgsasl18-2.2.1-160000.4.1 References: * https://www.suse.com/security/cve/CVE-2026-56968.html . An important update for openSUSE addressing a memory disclosure in gsasl. Install necessary patches promptly.. openSUSE gsasl update memory disclosure patch. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for gimp Announcement ID: SUSE-SU-2026:2756-1 Release Date: 2026-07-03T19:25:50Z Rating: moderate References: * bsc#1260837 Cross-References: * CVE-2026-4887 CVSS scores: * CVE-2026-4887 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2026-4887 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2026-4887 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for gimp fixes the following issue: * CVE-2026-4887: Memory disclosure and denial of service via specially crafted PCX image (bsc#1260837). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2756=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2756=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-2756=1 ## Package List: * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * gimp-2.10.30-150400.3.53.1 * gimp-plugin-aa-2.10.30-150400.3.53.1 * gimp-devel-2.10.30-150400.3.53.1 * libgimpui-2_0-0-2.10.30-150400.3.53.1 * gimp-devel-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.53.1 * gimp-debuginfo-2.10.30-150400.3.53.1 *libgimp-2_0-0-2.10.30-150400.3.53.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-debugsource-2.10.30-150400.3.53.1 * openSUSE Leap 15.4 (x86_64) * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.53.1 * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.53.1 * libgimpui-2_0-0-32bit-2.10.30-150400.3.53.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgimp-2_0-0-64bit-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-64bit-2.10.30-150400.3.53.1 * libgimpui-2_0-0-64bit-2.10.30-150400.3.53.1 * libgimpui-2_0-0-64bit-debuginfo-2.10.30-150400.3.53.1 * openSUSE Leap 15.4 (noarch) * gimp-lang-2.10.30-150400.3.53.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * gimp-2.10.30-150400.3.53.1 * gimp-devel-2.10.30-150400.3.53.1 * libgimpui-2_0-0-2.10.30-150400.3.53.1 * gimp-devel-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-2.10.30-150400.3.53.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-debugsource-2.10.30-150400.3.53.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * gimp-lang-2.10.30-150400.3.53.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * libgimpui-2_0-0-2.10.30-150400.3.53.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-2.10.30-150400.3.53.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-debugsource-2.10.30-150400.3.53.1 * SUSE Package Hub 15 15-SP7 (aarch64) * gimp-2.10.30-150400.3.53.1 * gimp-plugin-aa-2.10.30-150400.3.53.1 * gimp-devel-2.10.30-150400.3.53.1 * gimp-devel-debuginfo-2.10.30-150400.3.53.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.53.1 * SUSE Package Hub 15 15-SP7 (noarch) * gimp-lang-2.10.30-150400.3.53.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4887.html *https://bugzilla.suse.com/show_bug.cgi?id=1260837 . An essential update for gimp addressing a memory disclosure and denial of service issue is now available on SUSE systems.. gimp update, moderate security patch, memory disclosure fix, SUSE Linux security, openSUSE security advisory. . Severity: moderate. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for gimp Announcement ID: SUSE-SU-2026:2756-1 Release Date: 2026-07-03T19:25:50Z Rating: moderate References: * bsc#1260837 Cross-References: * CVE-2026-4887 CVSS scores: * CVE-2026-4887 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2026-4887 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2026-4887 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for gimp fixes the following issue: * CVE-2026-4887: Memory disclosure and denial of service via specially crafted PCX image (bsc#1260837). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2756=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2756=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-2756=1 ## Package List: * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * gimp-2.10.30-150400.3.53.1 * gimp-plugin-aa-2.10.30-150400.3.53.1 * gimp-devel-2.10.30-150400.3.53.1 * libgimpui-2_0-0-2.10.30-150400.3.53.1 * gimp-devel-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.53.1 * gimp-debuginfo-2.10.30-150400.3.53.1 *libgimp-2_0-0-2.10.30-150400.3.53.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-debugsource-2.10.30-150400.3.53.1 * openSUSE Leap 15.4 (x86_64) * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.53.1 * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.53.1 * libgimpui-2_0-0-32bit-2.10.30-150400.3.53.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgimp-2_0-0-64bit-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-64bit-2.10.30-150400.3.53.1 * libgimpui-2_0-0-64bit-2.10.30-150400.3.53.1 * libgimpui-2_0-0-64bit-debuginfo-2.10.30-150400.3.53.1 * openSUSE Leap 15.4 (noarch) * gimp-lang-2.10.30-150400.3.53.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * gimp-2.10.30-150400.3.53.1 * gimp-devel-2.10.30-150400.3.53.1 * libgimpui-2_0-0-2.10.30-150400.3.53.1 * gimp-devel-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-2.10.30-150400.3.53.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-debugsource-2.10.30-150400.3.53.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * gimp-lang-2.10.30-150400.3.53.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * libgimpui-2_0-0-2.10.30-150400.3.53.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-debuginfo-2.10.30-150400.3.53.1 * libgimp-2_0-0-2.10.30-150400.3.53.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.53.1 * gimp-debugsource-2.10.30-150400.3.53.1 * SUSE Package Hub 15 15-SP7 (aarch64) * gimp-2.10.30-150400.3.53.1 * gimp-plugin-aa-2.10.30-150400.3.53.1 * gimp-devel-2.10.30-150400.3.53.1 * gimp-devel-debuginfo-2.10.30-150400.3.53.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.53.1 * SUSE Package Hub 15 15-SP7 (noarch) * gimp-lang-2.10.30-150400.3.53.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4887.html *https://bugzilla.suse.com/show_bug.cgi?id=1260837 . # Security update for gimp Announcement ID: SUSE-SU-2026:2756-1 Release Date: 2026-07-03T19:25:50Z R. update, solves, vulnerability, installed, security, announcemen. . Severity: moderate. LinuxSecurity.com Team
Multiple vulnerabilities were discoverd in Nginx, a high-performance web and reverse proxy server, which could result in remote code execution, denial of service or memory disclosure. CVE-2026-42055 NGINX Open Source has a vulnerability in the ngx_http_proxy_v2_module and. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4667-1
Multiple vulnerabilities were discoverd in Nginx, a high-performance web and reverse proxy server, which could result in remote code execution, denial of service or memory disclosure. CVE-2026-42055 NGINX Open Source has a vulnerability in the ngx_http_proxy_v2_module and. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4660-1
Multiple vulnerabilities were discoverd in Nginx, a high-performance web and reverse proxy server, which could result in remote code execution, denial of service or memory disclosure. For the stable distribution (trixie), these problems have been fixed in version 1.26.3-3+deb13u7.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6374-1
Low: libpq security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:7016", "synopsis": "Low: libpq security update", "severity": "SEVERITY_LOW", "topic": "An update is available for libpq.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. \n\nSecurity Fix(es):\n\n* postgresql: Client memory disclosure when connecting with Kerberos to modified server (CVE-2022-41862)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2165722", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2165722", "description": ""}], "cves": [{"name": "CVE-2022-41862", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41862", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss3BaseScore": "3.7", "cwe": "CWE-200"}], "references": [], "publishedAt": "2026-06-28T00:01:03.878968Z", "rpms": {"Rocky Linux 8": {"nvras": ["libpq-0:13.11-1.el8.src.rpm", "libpq-debuginfo-0:13.11-1.el8.aarch64.rpm", "libpq-debugsource-0:13.11-1.el8.aarch64.rpm", "libpq-devel-debuginfo-0:13.11-1.el8.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Libpq security update for Rocky Linux addresses low severity issues, ensuring better protection against memory disclosure vulnerabilities.. Rocky Linux security updates, libpq security fix, PostgreSQL client library, memory disclosure vulnerability.. Severity: Low. LinuxSecurity.com Team
Multiple security vulnerabilities were discovered in libssh2, a client-side C library implementing the SSH2 protocol which could result in memory disclosure, denial of service or potentially the execution of arbitrary code. For the stable distribution (trixie), these problems have been fixed in. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6365-1
Get the latest Linux and open source security news straight to your inbox.