Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 587 articles for you...
89

Fedora 43 ClamAV Critical Multiple Issues Fix 2026-144f87ee92

Fixes for multiple CVEs https://github.com/Cisco- Talos/clamav/releases/tag/clamav-1.4.5. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-144f87ee92 2026-07-07 01:08:27.509767+00:00 -------------------------------------------------------------------------------- Name : clamav Product : Fedora 43 Version : 1.4.5 Release : 1.fc43 URL : https://www.clamav.net/ Summary : End-user tools for the Clam Antivirus scanner Description : Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. -------------------------------------------------------------------------------- Update Information: Fixes for multiple CVEs https://github.com/Cisco- Talos/clamav/releases/tag/clamav-1.4.5 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 2 2026 Gwyn Ciesla - 1.4.5-1 - Update to 1.4.5 * Fri Jun 12 2026 Yaakov Selkowitz - 1.4.4-2 - Rebuilt for openssl 4.0 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-144f87ee92' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPGkeys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Multiple critical fixes for clamav in Fedora 43. Ensure your system is secure with the latest updates.. clamav security fix, Fedora update, antivirus vulnerability, system patching. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 06, 2026 Critical Fedora
87

Debian BIRD3 Denial of Service Vulnerabilities DSA-6379-1

Multiple security vulnerabilities were discovered in the BIRD internet routing daemon, which could result in denial of service. For the stable distribution (trixie), this problem has been fixed in version 3.1.7-0+deb13u1. We recommend that you upgrade your bird3 packages.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6379-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bird3 CVE ID : not yet available Multiple security vulnerabilities were discovered in the BIRD internet routing daemon, which could result in denial of service. For the stable distribution (trixie), this problem has been fixed in version 3.1.7-0+deb13u1. We recommend that you upgrade your bird3 packages. For the detailed security status of bird3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bird3 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Multiple vulnerabilities in the BIRD routing daemon for Debian trixie fixed in version 3.1.7-0+deb13u1. Upgrade recommended.. BIRD Daemon Debian Security Update 2026. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 05, 2026 Critical Debian
202

openSUSE Buildah Important Security Patch for 25 Issues 2026-2733-1

An update that solves 25 vulnerabilities can now be installed.. # Security update for buildah Announcement ID: SUSE-SU-2026:2733-1 Release Date: 2026-07-02T18:05:10Z Rating: important References: * bsc#1262953 * bsc#1266191 * bsc#1266648 * bsc#1267179 Cross-References: * CVE-2025-22869 * CVE-2025-27144 * CVE-2025-47913 * CVE-2025-47914 * CVE-2025-52881 * CVE-2026-25680 * CVE-2026-25681 * CVE-2026-27136 * CVE-2026-34986 * CVE-2026-39821 * CVE-2026-39827 * CVE-2026-39828 * CVE-2026-39829 * CVE-2026-39830 * CVE-2026-39831 * CVE-2026-39832 * CVE-2026-39833 * CVE-2026-39834 * CVE-2026-39835 * CVE-2026-42502 * CVE-2026-42506 * CVE-2026-42508 * CVE-2026-46595 * CVE-2026-46597 * CVE-2026-46598 CVSS scores: * CVE-2025-22869 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-22869 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-27144 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-27144 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-27144 ( NVD ): 6.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47914 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47914 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-52881 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-52881 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-52881 ( NVD ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-52881 ( NVD ): 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2026-25680 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25680 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-25681 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-25681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-25681 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-27136 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-27136 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-27136 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-34986 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39821 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-39821 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39827 ( SUSE ): 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39827 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39828 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-39828 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-39829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39829 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39829 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39830 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-39830 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39831 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N * CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-39832 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39832 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N * CVE-2026-39833 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39833 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39834 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39835 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-39835 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42502 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-42502 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-42502 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-42506 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-42506 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-42506 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-42508 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-42508 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-42508 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46595 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46595 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-46595 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46597 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46598 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Containers Module 15-SP7 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 25 vulnerabilities can now be installed. ## Description: This update for buildah fixes the following issues * CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files (bsc#1267179). * CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE input with a missing encrypted key can lead to a denial of service (bsc#1262953). * CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (bsc#1266648). * CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266191). * CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266191). * CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266191). * CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses ingolang.org/x/crypto/ssh (bsc#1266191). * CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh (bsc#1266191). * CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent (bsc#1266191). * CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266191). * CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266191). * CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266191). * CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts (bsc#1266191). * CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh (bsc#1266191). * CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266191). * CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266191). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2733=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2733=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2733=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2733=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-2733=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patchSUSE-SLE-Product-SLES_SAP-15-SP5-2026-2733=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2733=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-2733=1 ## Package List: * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * buildah-1.35.5-150500.3.62.1 * openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64) * buildah-1.35.5-150500.3.62.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * buildah-1.35.5-150500.3.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * buildah-1.35.5-150500.3.62.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * buildah-1.35.5-150500.3.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * buildah-1.35.5-150500.3.62.1 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * buildah-1.35.5-150500.3.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * buildah-1.35.5-150500.3.62.1 ## References: * https://www.suse.com/security/cve/CVE-2025-22869.html * https://www.suse.com/security/cve/CVE-2025-27144.html * https://www.suse.com/security/cve/CVE-2025-47913.html * https://www.suse.com/security/cve/CVE-2025-47914.html * https://www.suse.com/security/cve/CVE-2025-52881.html * https://www.suse.com/security/cve/CVE-2026-25680.html * https://www.suse.com/security/cve/CVE-2026-25681.html * https://www.suse.com/security/cve/CVE-2026-27136.html * https://www.suse.com/security/cve/CVE-2026-34986.html * https://www.suse.com/security/cve/CVE-2026-39821.html * https://www.suse.com/security/cve/CVE-2026-39827.html * https://www.suse.com/security/cve/CVE-2026-39828.html * https://www.suse.com/security/cve/CVE-2026-39829.html * https://www.suse.com/security/cve/CVE-2026-39830.html *https://www.suse.com/security/cve/CVE-2026-39831.html * https://www.suse.com/security/cve/CVE-2026-39832.html * https://www.suse.com/security/cve/CVE-2026-39833.html * https://www.suse.com/security/cve/CVE-2026-39834.html * https://www.suse.com/security/cve/CVE-2026-39835.html * https://www.suse.com/security/cve/CVE-2026-42502.html * https://www.suse.com/security/cve/CVE-2026-42506.html * https://www.suse.com/security/cve/CVE-2026-42508.html * https://www.suse.com/security/cve/CVE-2026-46595.html * https://www.suse.com/security/cve/CVE-2026-46597.html * https://www.suse.com/security/cve/CVE-2026-46598.html * https://bugzilla.suse.com/show_bug.cgi?id=1262953 * https://bugzilla.suse.com/show_bug.cgi?id=1266191 * https://bugzilla.suse.com/show_bug.cgi?id=1266648 * https://bugzilla.suse.com/show_bug.cgi?id=1267179 . # Security update for buildah Announcement ID: SUSE-SU-2026:2733-1 Release Date: 2026-07-02T18:05:10. update, solves, vulnerabilities, installed, security, buildah, announc. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 03, 2026 Important OpenSUSE
202

openSUSE mcphost Important Security Update DoS Issues 2026-21120-1

An update that solves 20 vulnerabilities and has 4 bug fixes can now be installed.. openSUSE security update: security update for mcphost ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21120-1 Rating: important References: * bsc#1265730 * bsc#1266145 * bsc#1266572 * bsc#1267109 Cross-References: * CVE-2026-25680 * CVE-2026-25681 * CVE-2026-27136 * CVE-2026-33814 * CVE-2026-39821 * CVE-2026-39827 * CVE-2026-39828 * CVE-2026-39829 * CVE-2026-39830 * CVE-2026-39831 * CVE-2026-39832 * CVE-2026-39833 * CVE-2026-39834 * CVE-2026-39835 * CVE-2026-42502 * CVE-2026-42506 * CVE-2026-42508 * CVE-2026-46595 * CVE-2026-46597 * CVE-2026-46598 CVSS scores: * CVE-2026-25680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25680 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-25681 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-27136 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-27136 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39829 ( SUSE ): 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N * CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39833 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42502 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-42502 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-42506 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-42506 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-42508 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46595 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46598 ( SUSE ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 20 vulnerabilities and has 4 bug fixes can now be installed. Description: This update for mcphost fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files (bsc#1267109). - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1265730). - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (bsc#1266572). - CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266145). - CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266145). - CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266145). - CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh (bsc#1266145). - CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh (bsc#1266145). - CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent (bsc#1266145). - CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266145). - CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266145). - CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266145). - CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts (bsc#1266145). - CVE-2026-46595:Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh (bsc#1266145). - CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266145). - CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266145). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-985=1 Package List: - openSUSE Leap 16.0: mcphost-0.34.0-160000.2.1 mcphost-bash-completion-0.34.0-160000.2.1 mcphost-fish-completion-0.34.0-160000.2.1 mcphost-zsh-completion-0.34.0-160000.2.1 References: * https://www.suse.com/security/cve/CVE-2026-25680.html * https://www.suse.com/security/cve/CVE-2026-25681.html * https://www.suse.com/security/cve/CVE-2026-27136.html * https://www.suse.com/security/cve/CVE-2026-33814.html * https://www.suse.com/security/cve/CVE-2026-39821.html * https://www.suse.com/security/cve/CVE-2026-39827.html * https://www.suse.com/security/cve/CVE-2026-39828.html * https://www.suse.com/security/cve/CVE-2026-39829.html * https://www.suse.com/security/cve/CVE-2026-39830.html * https://www.suse.com/security/cve/CVE-2026-39831.html * https://www.suse.com/security/cve/CVE-2026-39832.html * https://www.suse.com/security/cve/CVE-2026-39833.html * https://www.suse.com/security/cve/CVE-2026-39834.html * https://www.suse.com/security/cve/CVE-2026-39835.html * https://www.suse.com/security/cve/CVE-2026-42502.html * https://www.suse.com/security/cve/CVE-2026-42506.html * https://www.suse.com/security/cve/CVE-2026-42508.html * https://www.suse.com/security/cve/CVE-2026-46595.html * https://www.suse.com/security/cve/CVE-2026-46597.html * https://www.suse.com/security/cve/CVE-2026-46598.html . A critical openSUSE updateanalyzing security risks with mcphost, addressing multiple vulnerabilities and critical issues.. openSUSE mcphost security update important. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 30, 2026 Important OpenSUSE
87

Debian Trixie LibreOffice Critical DoS Arbitrary Code Execution DSA-6346-1

Multiple security vulnerabilities were discovered in LibreOffice, which could result in denial of service or potentially the execution of arbitrary code if malformed files are opened. For the stable distribution (trixie), these problems have been fixed in version 4:25.2.3-2+deb13u5.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6346-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff June 15, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libreoffice CVE ID : CVE-2026-6039 CVE-2026-6040 CVE-2026-6045 CVE-2026-8356 CVE-2026-8357 CVE-2026-8358 Multiple security vulnerabilities were discovered in LibreOffice, which could result in denial of service or potentially the execution of arbitrary code if malformed files are opened. For the stable distribution (trixie), these problems have been fixed in version 4:25.2.3-2+deb13u5. We recommend that you upgrade your libreoffice packages. For the detailed security status of libreoffice please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libreoffice Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Discover critical vulnerabilities in LibreOffice on Debian trixie leading to DoS and arbitrary code execution. Update recommended.. Debian Security Advisory, LibreOffice Vulnerabilities, Denial of Service, CVE-2026-6039, CVE-2026-6040. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 15, 2026 Critical Debian
202

openSUSE Tumbleweed chromedriver Moderate Security Update 2026-11029-1

An update that solves 28 vulnerabilities can now be installed.. # chromedriver-149.0.7827.114-1.1 on GA media Announcement ID: openSUSE-SU-2026:11029-1 Rating: moderate Cross-References: * CVE-2026-12007 * CVE-2026-12008 * CVE-2026-12009 * CVE-2026-12010 * CVE-2026-12011 * CVE-2026-12012 * CVE-2026-12013 * CVE-2026-12014 * CVE-2026-12015 * CVE-2026-12016 * CVE-2026-12017 * CVE-2026-12018 * CVE-2026-12019 * CVE-2026-12020 * CVE-2026-12022 * CVE-2026-12023 * CVE-2026-12024 * CVE-2026-12025 * CVE-2026-12026 * CVE-2026-12027 * CVE-2026-12028 * CVE-2026-12029 * CVE-2026-12030 * CVE-2026-12031 * CVE-2026-12032 * CVE-2026-12033 * CVE-2026-12034 * CVE-2026-12035 Affected Products: * openSUSE Tumbleweed An update that solves 28 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the chromedriver-149.0.7827.114-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * chromedriver 149.0.7827.114-1.1 * chromium 149.0.7827.114-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-12007.html * https://www.suse.com/security/cve/CVE-2026-12008.html * https://www.suse.com/security/cve/CVE-2026-12009.html * https://www.suse.com/security/cve/CVE-2026-12010.html * https://www.suse.com/security/cve/CVE-2026-12011.html * https://www.suse.com/security/cve/CVE-2026-12012.html * https://www.suse.com/security/cve/CVE-2026-12013.html * https://www.suse.com/security/cve/CVE-2026-12014.html * https://www.suse.com/security/cve/CVE-2026-12015.html * https://www.suse.com/security/cve/CVE-2026-12016.html * https://www.suse.com/security/cve/CVE-2026-12017.html * https://www.suse.com/security/cve/CVE-2026-12018.html * https://www.suse.com/security/cve/CVE-2026-12019.html * https://www.suse.com/security/cve/CVE-2026-12020.html * https://www.suse.com/security/cve/CVE-2026-12022.html * https://www.suse.com/security/cve/CVE-2026-12023.html *https://www.suse.com/security/cve/CVE-2026-12024.html * https://www.suse.com/security/cve/CVE-2026-12025.html * https://www.suse.com/security/cve/CVE-2026-12026.html * https://www.suse.com/security/cve/CVE-2026-12027.html * https://www.suse.com/security/cve/CVE-2026-12028.html * https://www.suse.com/security/cve/CVE-2026-12029.html * https://www.suse.com/security/cve/CVE-2026-12030.html * https://www.suse.com/security/cve/CVE-2026-12031.html * https://www.suse.com/security/cve/CVE-2026-12032.html * https://www.suse.com/security/cve/CVE-2026-12033.html * https://www.suse.com/security/cve/CVE-2026-12034.html * https://www.suse.com/security/cve/CVE-2026-12035.html . 28 vulnerabilities resolved in openSUSE Tumbleweed update for Chromedriver package. Risk level moderate.. Chromedriver update, openSUSE Tumbleweed, moderate security issues, vulnerability fixes. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jun 15, 2026 moderate OpenSUSE
202

openSUSE Kernel Important Update 2026-20912-1 Fixes 38 Vulnerabilities

An update that solves 38 vulnerabilities and has 45 bug fixes can now be installed.. openSUSE security update: security update for the linux kernel ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20912-1 Rating: important References: * bsc#1243603 * bsc#1260539 * bsc#1260584 * bsc#1261590 * bsc#1262634 * bsc#1262656 * bsc#1262668 * bsc#1262754 * bsc#1262755 * bsc#1262771 * bsc#1263067 * bsc#1263068 * bsc#1263102 * bsc#1263169 * bsc#1263769 * bsc#1263774 * bsc#1263908 * bsc#1264011 * bsc#1264014 * bsc#1264016 * bsc#1264063 * bsc#1264112 * bsc#1264300 * bsc#1264409 * bsc#1264437 * bsc#1264669 * bsc#1264716 * bsc#1264719 * bsc#1264720 * bsc#1264722 * bsc#1264726 * bsc#1264832 * bsc#1264989 * bsc#1265044 * bsc#1265110 * bsc#1265925 * bsc#1265928 * bsc#1266001 * bsc#1266238 * bsc#1266307 * bsc#1266395 * bsc#1266402 * bsc#1266414 * bsc#1266759 * bsc#1266765 Cross-References: * CVE-2023-20585 * CVE-2026-23359 * CVE-2026-23380 * CVE-2026-23444 * CVE-2026-31464 * CVE-2026-31480 * CVE-2026-31483 * CVE-2026-31493 * CVE-2026-3150 * CVE-2026-31516 * CVE-2026-31521 * CVE-2026-31568 * CVE-2026-31575 * CVE-2026-31613 * CVE-2026-31614 * CVE-2026-31729 * CVE-2026-31736 * CVE-2026-43009 * CVE-2026-43012 * CVE-2026-43013 * CVE-2026-43054 * CVE-2026-43112 * CVE-2026-43234 * CVE-2026-43252 * CVE-2026-43325 * CVE-2026-43328 * CVE-2026-43333 * CVE-2026-43338 * CVE-2026-43341 * CVE-2026-43359 * CVE-2026-43360 * CVE-2026-43361 * CVE-2026-43362 * CVE-2026-43414 * CVE-2026-43499 * CVE-2026-45843 * CVE-2026-46110 * CVE-2026-46243 CVSS scores: * CVE-2023-20585 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2023-20585 ( SUSE ): 5.6CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-23359 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23359 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-23380 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23380 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23444 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23444 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31464 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2026-31464 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-31480 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31480 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31483 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-31483 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31493 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31493 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31516 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31516 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31521 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31521 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31568 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31568 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31575 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31575 ( SUSE ): 6.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31613 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31613 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31614 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H * CVE-2026-31614 ( SUSE ): 6.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31729 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31729 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31736 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31736 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43009 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43012 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43054 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43112 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43112 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43234 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43252 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43325 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43325 ( SUSE ): 6 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43328 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43333 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H * CVE-2026-43333 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-43338 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43338 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43341 ( SUSE ): 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43359 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-43359 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-43360 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43360 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43361 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-43361 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-43362 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L * CVE-2026-43362 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-43414 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43414 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43499 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43499 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-45843 ( SUSE ): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2026-45843 ( SUSE ): 7 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-46110 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46110 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46243 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 38 vulnerabilities and has 45 bug fixes can now be installed. Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-20585: iommu/amd: Use maximum Event log buffer size when SNP is enabled onFamily 0x19 (bsc#1243603). - CVE-2026-3150: bcache: fix cached_dev.sb_bio use-after-free and crash (bsc#1263169). - CVE-2026-23359: bpf: Fix stack-out-of-bounds write in devmap (bsc#1260584). - CVE-2026-23380: tracing: Fix WARN_ON in tracing_buffers_mmap_close (bsc#1260539). - CVE-2026-23444: wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure (bsc#1266307). - CVE-2026-31464: scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() (bsc#1262656). - CVE-2026-31480: tracing: Fix potential deadlock in cpu hotplug with osnoise (bsc#1262634). - CVE-2026-31483: s390/barrier: Make array_index_mask_nospec() __always_inline (bsc#1261590 bsc#1262771). - CVE-2026-31493: RDMA/efa: Fix use of completion ctx after free (bsc#1262668). - CVE-2026-31516: xfrm: prevent policy_hthresh.work from racing with netns teardown (bsc#1262755). - CVE-2026-31521: module: Fix kernel panic when a symbol st_shndx is out of bounds (bsc#1263102). - CVE-2026-31568: s390/mm: Add missing secure storage access fixups for donated memory (bsc#1263068). - CVE-2026-31575: mm/userfaultfd: fix hugetlb fault mutex hash calculation (bsc#1263067). - CVE-2026-31613: smb: client: fix OOB reads parsing symlink error response (bsc#1263769). - CVE-2026-31614: smb: client: fix off-by-8 bounds check in check_wsl_eas() (bsc#1263774). - CVE-2026-31729: usb: typec: ucsi: validate connector number in ucsi_notify_common() (bsc#1264112). - CVE-2026-31736: net: ethernet: mtk_ppe: avoid NULL deref when gmac0 is disabled (bsc#1263908). - CVE-2026-43012: net/mlx5: Fix switchdev mode rollback in case of failure (bsc#1264016). - CVE-2026-43013: net/mlx5: lag: Check for LAG device before creating debugfs (bsc#1264011). - CVE-2026-43054: scsi: target: tcm_loop: Drain commands in target_reset handler (bsc#1264063). - CVE-2026-43112: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath (bsc#1264437). - CVE-2026-43234: team: avoid NETDEV_CHANGEMTU event when unregistering slave (bsc#1264409). - CVE-2026-43252: mptcp: pm: in-kernel: always set ID asavail when rm endp (bsc#1264300). - CVE-2026-43325: wifi: iwlwifi: mvm: don't send a 6E related command when not supported (bsc#1265110). - CVE-2026-43328: cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path (bsc#1264832). - CVE-2026-43333: bpf: reject direct access to nullable PTR_TO_BUF pointers (bsc#1264726). - CVE-2026-43338: btrfs: reserve enough transaction items for qgroup ioctls (bsc#1264716). - CVE-2026-43341: net/ipv6: ioam6: prevent schema length wraparound in trace fill (bsc#1265044). - CVE-2026-43359: btrfs: fix transaction abort on set received ioctl due to item overflow (bsc#1264719). - CVE-2026-43360: btrfs: fix transaction abort on file creation due to name hash collision (bsc#1264720). - CVE-2026-43361: btrfs: fix transaction abort when snapshotting received subvolumes (bsc#1264722). - CVE-2026-43362: smb: client: fix in-place encryption corruption in SMB2_write() (bsc#1264989). - CVE-2026-43414: scsi: qla2xxx: Completely fix fcport double free (bsc#1264669). - CVE-2026-43499: rtmutex: Use waiter::task instead of current in remove_waiter() (bsc#1266001). - CVE-2026-45843: slip: bound decode() reads against the compressed packet length (bsc#1266395). - CVE-2026-46110: net: stmmac: rename STMMAC_GET_ENTRY() -> STMMAC_NEXT_ENTRY() (bsc#1266759). The following non security issues were fixed: - ACPI: x86: cmos_rtc: Clean up address space handler driver (stable-fixes). - ACPI: x86: cmos_rtc: Improve coordination with ACPI TAD driver (git-fixes). - ALSA: asihpi: Fix potential OOB array access at reading cache (stable-fixes). - ALSA: hda/conexant: Renaming the codec with device ID 0x1f86 and 0x1f87 (stable-fixes). - ALSA: pcm: Don't setup bogus iov_iter for silencing (git-fixes). - ALSA: pcm: oss: Fix setup list UAF on proc write error (git-fixes). - ALSA: scarlett2: Fix 2i2 Gen 4 direct monitor gain on firmware 2417 (git-fixes). - ALSA: seq: avoid past-the-end iterator in snd_seq_create_port() (git-fixes). - ALSA: seq: Serialize UMP output teardown with event_input(git-fixes). - ALSA: timer: avoid past-the-end iterator in snd_timer_dev_register() (git-fixes). - ALSA: ua101: Reject too-short USB descriptors (git-fixes). - arm64: tlb: Flush walk cache when unsharing PMD tables (git-fixes). - ASoC: codecs: simple-mux: Fix enum control bounds check (git-fixes). - ASoC: cs35l56: Fix flushing of IRQ work in cs35l56_sdw_remove() (git-fixes). - ASoC: Intel: bytcht_es8316: Fix MCLK leak on init errors (git-fixes). - ASoC: qcom: q6asm-dai: close stream only when running (git-fixes). - ASoC: qcom: q6asm-dai: do not set stream state in event and trigger callbacks (git-fixes). - ASoC: qcom: q6asm-dai: fix error handling in prepare and set_params (git-fixes). - ASoC: SOF: ipc3: Use standard dev_dbg API (stable-fixes). - auxdisplay: line-display: fix OOB read on zero-length message_store() (git-fixes). - bcache: fix uninitialized closure object (git-fixes). - Bluetooth: 6lowpan: check skb_clone() return value in send_mcast_pkt() (git-fixes). - Bluetooth: bnep: Fix UAF read of dev-> name (git-fixes). - Bluetooth: btmtk: accept too short WMT FUNC_CTRL events (git-fixes). - Bluetooth: btmtk: fix urb-> setup_packet leak in error paths (git-fixes). - Bluetooth: btusb: Allow firmware re-download when version matches (git-fixes). - Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del() (git-fixes). - Bluetooth: hci_sync: fix UAF in hci_le_create_cis_sync (git-fixes). - Bluetooth: hci_sync: Set HCI_CMD_DRAIN_WORKQUEUE during device close (git-fixes). - Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths (git-fixes). - Bluetooth: HIDP: fix missing length checks in hidp_input_report() (git-fixes). - Bluetooth: ISO: drop ISO_END frames received without prior ISO_START (git-fixes). - Bluetooth: ISO: fix UAF in iso_recv_frame (git-fixes). - Bluetooth: ISO: serialize iso_sock_clear_timer with socket lock (git-fixes). - Bluetooth: l2cap: clear chan-> ident on ECRED reconfiguration success (git-fixes). - Bluetooth: L2CAP: ecred_reconfigure: send packed pdu, notstack pointer (git-fixes). - Bluetooth: L2CAP: fix chan ref leak in l2cap_chan_timeout() on !conn (git-fixes). - Bluetooth: L2CAP: Fix possible crash on l2cap_ecred_conn_rsp (git-fixes). - Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen() (git-fixes). - Bluetooth: MGMT: validate Add Extended Advertising Data length (git-fixes). - Bluetooth: serialize accept_q access (git-fixes). - btrfs: do not mark inode incompressible after inline attempt fails (git-fixes). - comedi: comedi_test: fix check for valid scan_begin_src in waveform_ai_cmdtest() (git-fixes). - comedi: comedi_test: Fix limiting of convert_arg in waveform_ai_cmdtest() (git-fixes). - device property: set fwnode-> secondary to NULL in fwnode_init() (git-fixes). - dm: fix a buffer overflow in ioctl processing (git-fixes). - drm/amd/display: Fix integer overflow in bios_get_image() (stable-fixes). - drm/amd/display: Validate GPIO pin LUT table size before iterating (stable-fixes). - drm/amd/display: Validate payload length and link_index in dc_process_dmub_aux_transfer_async (stable-fixes). - drm/amd/pm/si: Disregard vblank time when no displays are connected (git-fixes). - drm/amdgpu/uvd3.1: Don't validate the firmware when already validated (git-fixes). - drm/amdgpu/uvd4.2: Don't initialize UVD 4.2 when DPM is disabled (git-fixes). - drm/amdgpu/vce2: Fix VCE 2 firmware size and offsets (git-fixes). - drm/amdgpu/vce3: Fix VCE 3 firmware size and offsets (git-fixes). - drm/amdgpu/vpe: Force collaborate sync after TRAP (stable-fixes). - drm/amdgpu: add amdgpu_device reference in ip block (stable-fixes). - drm/amdgpu: fix spelling typos (stable-fixes). - drm/amdgpu: update the handle ptr in dump_ip_state (stable-fixes). - drm/amdgpu: update the handle ptr in early_init (stable-fixes). - drm/bridge: chipone-icn6211: use devm_drm_bridge_add in i2c probe (git-fixes). - drm/bridge: it66121: acquire reset GPIO in probe (git-fixes). - drm/bridge: megachips: remove bridge when irq request fails (git-fixes). - drm/hyperv: validateresolution_count and fix WIN8 fallback (git-fixes). - drm/hyperv: validate VMBus packet size in receive callback (git-fixes). - drm/i915/dp: Fix readback for target_rr in Adaptive Sync SDP (git-fixes). - drm/i915: Fix potential UAF in TTM object purge (git-fixes). - drm/msm/dsi: don't dump registers past the mapped region (git-fixes). - drm/msm/snapshot: fix dumping of the unaligned regions (git-fixes). - drm/radeon/evergreen_cs: Add missing NULL prefix check in surface check (git-fixes). - drm/virtio: use uninterruptible resv lock for plane updates (git-fixes). - drm/xe/gsc: Fix double-free of managed BO in error path (git-fixes). - drm/xe/oa: Fix exec_queue leak on width check in stream open (git-fixes). - drm/xe/pf: Fix CFI failure in debugfs access (git-fixes). - drm/xe/vf: Fix signature of print functions (git-fixes). - drm/xe: Define CACHE_MODE_1 as MCR register (git-fixes). - efi: Allocate runtime workqueue before ACPI init (git-fixes). - firmware: arm_ffa: Align RxTx buffer size before mapping (git-fixes). - firmware: arm_ffa: Check for NULL FF-A ID table while driver registration (git-fixes). - firmware: arm_ffa: Fix per-vcpu self notifications handling in workqueue (git-fixes). - firmware: arm_ffa: Skip free_pages on RX buffer alloc failure (git-fixes). - gve: Add RSS cache for non RSS device option scenario (bsc#1265925). - gve: add XDP DROP and PASS support for DQ (bsc#1265925). - gve: Enable reading max ring size from the device in DQO-QPL mode (bsc#1265925). - gve: introduce config-based allocation for XDP (bsc#1265925). - gve: merge packet buffer size fields (bsc#1265925). - gve: remove xdp_xsk_done and xdp_xsk_wakeup statistics (bsc#1265925). - gve: update GQ RX to use buf_size (bsc#1265925). - gve: Update QPL page registration logic (bsc#1265925). - gve: update XDP allocation path support RX buffer posting (bsc#1265925). - HID: playstation: Clamp num_touch_reports (git-fixes). - HID: quirks: really enable the intended work around for appledisplay (git-fixes). - HID: uclogic: Fix regression ofinput name assignment (git-fixes). - hwmon: (lenovo-ec-sensors): Convert to devm_request_region() (git-fixes). - hwmon: (lenovo-ec-sensors): Fix EC "MCHP" signature validation logic (git-fixes). - hwmon: (pmbus/adm1266) bounce blackbox records through a protocol-sized buffer (git-fixes). - hwmon: (pmbus/adm1266) cap PDIO scan in get_multiple at ADM1266_PDIO_NR (git-fixes). - hwmon: (pmbus/adm1266) don't clobber GPIO bits before PDIO read in get_multiple (git-fixes). - hwmon: (pmbus/adm1266) include adapter number in GPIO line label (git-fixes). - hwmon: (pmbus/adm1266) include PEC byte in pmbus_block_xfer read buffer (git-fixes). - hwmon: (pmbus/adm1266) register the gpio_chip after pmbus_do_probe() (git-fixes). - hwmon: (pmbus/adm1266) register the nvmem device after pmbus_do_probe() (git-fixes). - hwmon: (pmbus/adm1266) reject implausible blackbox record_count (git-fixes). - hwmon: (pmbus/adm1266) reject short block-read responses in the GPIO accessors (git-fixes). - hwmon: (pmbus/adm1266) seed timestamp from the real-time clock (git-fixes). - hwmon: (pmbus/adm1266) widen blackbox-info buffer to I2C_SMBUS_BLOCK_MAX (git-fixes). - iio: adc: mt6359: fix unchecked return value in mt6358_read_imp (git-fixes). - iio: adc: npcm: fix unbalanced clk_disable_unprepare() (git-fixes). - iio: adc: viperboard: Fix error handling in vprbrd_iio_read_raw (git-fixes). - iio: adc: xilinx-xadc: Fix sequencer mode in postdisable for dual mux (git-fixes). - iio: buffer: Fix DMA fence leak in iio_buffer_enqueue_dmabuf() (git-fixes). - iio: buffer: hw-consumer: fix use-after-free in error path (git-fixes). - iio: dac: ad5686: acquire lock when doing powerdown control (git-fixes). - iio: dac: ad5686: fix input raw value check (git-fixes). - iio: dac: max5821: fix return value check in powerdown sync (git-fixes). - iio: gyro: adis16260: fix division by zero in write_raw (git-fixes). - iio: gyro: itg3200: fix i2c read into the wrong stack location (git-fixes). - iio: imu: st_lsm6dsx: fix stack leak in tagged FIFO buffer (git-fixes). -iio: light: cm3323: fix reg_conf not being initialized correctly (git-fixes). - iio: magnetometer: st_magn: fix default DRDY pin selection for LIS2MDL (git-fixes). - iio: ssp_sensors: cancel delayed work_refresh on remove (git-fixes). - iio: temperature: tsys01: fix broken PROM checksum validation (git-fixes). - Input: atmel_mxt_ts - fix boundary check in mxt_prepare_cfg_mem (git-fixes). - Input: ims-pcu - fix usb_free_coherent() size in ims_pcu_buffers_free() (git-fixes). - Input: usbtouchscreen - clamp NEXIO data_len/x_len to URB buffer size (git-fixes). - Input: xpad - fix out-of-bounds access for Share button (git-fixes). - KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE (git-fixes). - KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation (git-fixes). - KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 (git-fixes). - KVM: x86: Fix Xen hypercall tracepoint argument assignment (git-fixes). - KVM: x86: Return the VM's configured APIC bus frequency when queried (git-fixes). - media: i2c: og01a1b: Fix V4L2 subdevice data initialization on probe (git-fixes). - media: i2c: og01a1b: Replace client-> dev usage (stable-fixes). - net: mana: Add NULL guards in teardown path to prevent panic on attach failure (git-fixes). - net: mana: Expose hardware diagnostic info via debugfs (bsc#1266414). - net: mana: Fix TOCTOU double-fetch of hwc_msg_id from DMA buffer (bsc#1265928). - net: mana: hardening: Reject zero max_num_queues from GDMA_QUERY_MAX_RESOURCES (git-fixes). - net: mana: hardening: Reject zero max_num_queues from MANA_QUERY_VPORT_CONFIG (git-fixes). - net: mana: Skip redundant detach on already-detached port (git-fixes). - net: mana: Use kvmalloc for large RX queue and buffer allocations (bsc#1266765). - net: mana: Use per-queue allocation for tx_qp to reduce allocation size (bsc#1266765). - net: mana: validate rx_req_idx to prevent out-of-bounds array access (bsc#1266402). - parport: Fix race between port and client registration (git-fixes). - platform/surface: aggregator_registry:omit battery & AC nodes on Surface Laptop 7 (git-fixes). - platform/x86: adv_swbutton: Check ACPI_HANDLE() against NULL (git-fixes). - platform/x86: hp_accel: Check ACPI_COMPANION() against NULL (git-fixes). - platform/x86: intel-hid: Check ACPI_HANDLE() against NULL (git-fixes). - platform/x86: intel-vbtn: Check ACPI_HANDLE() against NULL (git-fixes). - RDMA/efa: Check stored completion CTX command ID with received one (git-fixes). - RDMA/efa: Extend admin timeout error print (git-fixes). - RDMA/efa: Fix possible deadlock (git-fixes). - RDMA/efa: Improve admin completion context state machine (git-fixes). - RDMA/mana_ib: Report max_msg_sz in mana_ib_query_port (git-fixes). - Revert "ACPI: CPPC: Adjust debug messages in amd_set_max_freq_ratio() to warn" (git-fixes). - s390/pfault: Fix virtual vs physical address confusion (bsc#1262754). - scsi: devinfo: Add BLIST_SKIP_IO_HINTS for Iomega ZIP (git-fixes). - scsi: mpi3mr: Clear reset history on ready and recheck state after timeout (git-fixes). - scsi: ses: Handle positive SCSI error from ses_recv_diag() (git-fixes). - scsi: ufs: core: Fix shift out of bounds when MAXQ=32 (git-fixes). - security/keys: fix missed RCU read section on lookup (stable-fixes). - serial: fsl_lpuart: fix rx buffer and DMA map leaks in start_rx_dma (git-fixes). - serial: qcom-geni: fix UART_RX_PAR_EN bit position (git-fixes). - serial: qcom_geni: fix kfifo underflow when flush precedes DMA completion IRQ (git-fixes). - smb: client: reject userspace cifs.spnego descriptions (bsc#1266238). - spi: ep93xx: fix error pointer deref after DMA setup failure (git-fixes). - spi: mtk-snfi: Fix resource leak in mtk_snand_read_page_cache() (git-fixes). - spi: qup: fix error pointer deref after DMA setup failure (git-fixes). - spi: sprd: fix error pointer deref after DMA setup failure (git-fixes). - spi: ti-qspi: fix use-after-free after DMA setup failure (git-fixes). - thunderbolt: property: Reject dir_len < 4 to prevent size_t underflow (git-fixes). - thunderbolt: property: Reject u32 wrap intb_property_entry_valid() (git-fixes). - tracing: Switch trace_osnoise.c code over to use guard() and __free() (bsc#1262634). - tty: serial: pch_uart: add check for dma_alloc_coherent() (git-fixes). - tty: serial: samsung: Remove redundant port lock acquisition in rx helpers (git-fixes). - USB: cdc-acm: Fix bit overlap and move quirk definitions to header (git-fixes). - usb: cdns3: gadget: fix request skipping after clearing halt (git-fixes). - usb: cdns3: plat: fix leaked usb2_phy initialization on usb3_phy acquisition failure (git-fixes). - usb: chipidea: core: convert ci_role_switch to local variable (git-fixes). - usb: dwc2: Fix use after free in debug code (git-fixes). - usb: gadget: composite: fix integer underflow in WebUSB GET_URL handling (git-fixes). - usb: gadget: dummy_hcd: Reject hub port requests for non-existent ports (git-fixes). - usb: gadget: f_fs: copy only received bytes on short ep0 read (git-fixes). - usb: gadget: f_fs: serialize DMABUF cancel against request completion (git-fixes). - usb: gadget: f_hid: fix device reference leak in hidg_alloc() (git-fixes). - usb: gadget: net2280: Fix double free in probe error path (git-fixes). - usb: gadget: uvc: hold opts-> lock across XU walks in uvc_function_bind (git-fixes). - USB: serial: belkin_sa: validate interrupt status length (git-fixes). - USB: serial: cypress_m8: validate interrupt packet headers (git-fixes). - USB: serial: keyspan: fix missing indat transfer sanity check (git-fixes). - USB: serial: mct_u232: fix missing interrupt-in transfer sanity check (git-fixes). - USB: serial: mxuport: fix memory corruption with small endpoint (git-fixes). - USB: serial: omninet: fix memory corruption with small endpoint (git-fixes). - USB: serial: option: add missing RSVD(5) flag for Rolling RW135R-GL (git-fixes). - USB: serial: safe_serial: fix memory corruption with small endpoint (git-fixes). - usb: typec: tcpm: improve handling of DISCOVER_MODES failures (git-fixes). - usb: typec: ucsi: Don't update power_supply on power role change if notconnected (git-fixes). - usb: usbtmc: check URB actual_length for interrupt-IN notifications (git-fixes). - usb: usbtmc: reject interrupt endpoints with small wMaxPacketSize (git-fixes). - usbip: vudc: Fix use after free bug in vudc_remove due to race condition (git-fixes). - virt: sev-guest: Explicitly leak pages in unknown state (git-fixes). - wifi: ath10k: skip WMI and beacon transmission when device is wedged (git-fixes). - wifi: ath11k: clear shared SRNG pointer state on restart (git-fixes). - wifi: ath11k: fix error path leak in ath11k_tm_cmd_wmi_ftm() (git-fixes). - wifi: ath11k: fix error path leaks in some WMI calls (git-fixes). - wifi: ath11k: fix error path leaks in some WMI WOW calls (git-fixes). - wifi: ath11k: fix peer resolution on rx path when peer_id=0 (git-fixes). - wifi: ath11k: fix use after free in ath11k_dp_rx_msdu_coalesce() (git-fixes). - wifi: cfg80211: advance loop vars in cfg80211_merge_profile() (git-fixes). - wifi: mac80211: consume only present negotiated TTLM maps (git-fixes). - wifi: mac80211: fix MLE defragmentation (git-fixes). - wifi: mac80211: fix multi-link element inheritance (git-fixes). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-897=1 Package List: - openSUSE Leap 16.0: cluster-md-kmp-64kb-6.12.0-160000.34.1 cluster-md-kmp-azure-6.12.0-160000.34.1 cluster-md-kmp-default-6.12.0-160000.34.1 cluster-md-kmp-rt-6.12.0-160000.34.1 dlm-kmp-64kb-6.12.0-160000.34.1 dlm-kmp-azure-6.12.0-160000.34.1 dlm-kmp-default-6.12.0-160000.34.1 dlm-kmp-rt-6.12.0-160000.34.1 dtb-allwinner-6.12.0-160000.34.1 dtb-altera-6.12.0-160000.34.1 dtb-amazon-6.12.0-160000.34.1 dtb-amd-6.12.0-160000.34.1 dtb-amlogic-6.12.0-160000.34.1 dtb-apm-6.12.0-160000.34.1 dtb-apple-6.12.0-160000.34.1 dtb-arm-6.12.0-160000.34.1 dtb-broadcom-6.12.0-160000.34.1 dtb-cavium-6.12.0-160000.34.1 dtb-exynos-6.12.0-160000.34.1 dtb-freescale-6.12.0-160000.34.1 dtb-hisilicon-6.12.0-160000.34.1 dtb-lg-6.12.0-160000.34.1 dtb-marvell-6.12.0-160000.34.1 dtb-mediatek-6.12.0-160000.34.1 dtb-nvidia-6.12.0-160000.34.1 dtb-qcom-6.12.0-160000.34.1 dtb-renesas-6.12.0-160000.34.1 dtb-rockchip-6.12.0-160000.34.1 dtb-socionext-6.12.0-160000.34.1 dtb-sprd-6.12.0-160000.34.1 dtb-xilinx-6.12.0-160000.34.1 gfs2-kmp-64kb-6.12.0-160000.34.1 gfs2-kmp-azure-6.12.0-160000.34.1 gfs2-kmp-default-6.12.0-160000.34.1 gfs2-kmp-rt-6.12.0-160000.34.1 kernel-64kb-6.12.0-160000.34.1 kernel-64kb-devel-6.12.0-160000.34.1 kernel-64kb-extra-6.12.0-160000.34.1 kernel-64kb-optional-6.12.0-160000.34.1 kernel-azure-6.12.0-160000.34.1 kernel-azure-devel-6.12.0-160000.34.1 kernel-azure-extra-6.12.0-160000.34.1 kernel-azure-optional-6.12.0-160000.34.1 kernel-azure-vdso-6.12.0-160000.34.1 kernel-default-6.12.0-160000.34.1 kernel-default-base-6.12.0-160000.34.1.160000.2.15 kernel-default-devel-6.12.0-160000.34.1 kernel-default-extra-6.12.0-160000.34.1 kernel-default-optional-6.12.0-160000.34.1 kernel-default-vdso-6.12.0-160000.34.1 kernel-devel-6.12.0-160000.34.1 kernel-docs-6.12.0-160000.34.1 kernel-docs-html-6.12.0-160000.34.1 kernel-kvmsmall-6.12.0-160000.34.1 kernel-kvmsmall-devel-6.12.0-160000.34.1 kernel-kvmsmall-vdso-6.12.0-160000.34.1 kernel-macros-6.12.0-160000.34.1 kernel-obs-build-6.12.0-160000.34.1 kernel-obs-qa-6.12.0-160000.34.1 kernel-rt-6.12.0-160000.34.1 kernel-rt-devel-6.12.0-160000.34.1 kernel-rt-extra-6.12.0-160000.34.1 kernel-rt-optional-6.12.0-160000.34.1 kernel-rt-vdso-6.12.0-160000.34.1 kernel-source-6.12.0-160000.34.1 kernel-source-vanilla-6.12.0-160000.34.1 kernel-syms-6.12.0-160000.34.1 kernel-zfcpdump-6.12.0-160000.34.1 kselftests-kmp-64kb-6.12.0-160000.34.1 kselftests-kmp-azure-6.12.0-160000.34.1 kselftests-kmp-default-6.12.0-160000.34.1 kselftests-kmp-rt-6.12.0-160000.34.1 ocfs2-kmp-64kb-6.12.0-160000.34.1 ocfs2-kmp-azure-6.12.0-160000.34.1 ocfs2-kmp-default-6.12.0-160000.34.1 ocfs2-kmp-rt-6.12.0-160000.34.1 References: * https://www.suse.com/security/cve/CVE-2023-20585.html * https://www.suse.com/security/cve/CVE-2026-23359.html * https://www.suse.com/security/cve/CVE-2026-23380.html * https://www.suse.com/security/cve/CVE-2026-23444.html * https://www.suse.com/security/cve/CVE-2026-31464.html * https://www.suse.com/security/cve/CVE-2026-31480.html * https://www.suse.com/security/cve/CVE-2026-31483.html * https://www.suse.com/security/cve/CVE-2026-31493.html * https://www.suse.com/security/cve/CVE-2026-3150.html * https://www.suse.com/security/cve/CVE-2026-31516.html * https://www.suse.com/security/cve/CVE-2026-31521.html * https://www.suse.com/security/cve/CVE-2026-31568.html * https://www.suse.com/security/cve/CVE-2026-31575.html * https://www.suse.com/security/cve/CVE-2026-31613.html * https://www.suse.com/security/cve/CVE-2026-31614.html * https://www.suse.com/security/cve/CVE-2026-31729.html * https://www.suse.com/security/cve/CVE-2026-31736.html * https://www.suse.com/security/cve/CVE-2026-43009.html * https://www.suse.com/security/cve/CVE-2026-43012.html * https://www.suse.com/security/cve/CVE-2026-43013.html * https://www.suse.com/security/cve/CVE-2026-43054.html * https://www.suse.com/security/cve/CVE-2026-43112.html * https://www.suse.com/security/cve/CVE-2026-43234.html * https://www.suse.com/security/cve/CVE-2026-43252.html * https://www.suse.com/security/cve/CVE-2026-43325.html * https://www.suse.com/security/cve/CVE-2026-43328.html * https://www.suse.com/security/cve/CVE-2026-43333.html * https://www.suse.com/security/cve/CVE-2026-43338.html * https://www.suse.com/security/cve/CVE-2026-43341.html * https://www.suse.com/security/cve/CVE-2026-43359.html * https://www.suse.com/security/cve/CVE-2026-43360.html *https://www.suse.com/security/cve/CVE-2026-43361.html * https://www.suse.com/security/cve/CVE-2026-43362.html * https://www.suse.com/security/cve/CVE-2026-43414.html * https://www.suse.com/security/cve/CVE-2026-43499.html * https://www.suse.com/security/cve/CVE-2026-45843.html * https://www.suse.com/security/cve/CVE-2026-46110.html * https://www.suse.com/security/cve/CVE-2026-46243.html . openSUSE security update fixes 38 issues in kernel, ranging from important threats to various bug fixes. Immediate action recommended.. openSUSE security update, kernel bugs, openSUSE vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 08, 2026 Important OpenSUSE
172

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Several security issues were fixed in MySQL.. ========================================================================== Ubuntu Security Notice USN-8363-2 June 03, 2026 mysql-8.0 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in MySQL. Software Description: - mysql-8.0: MySQL database Details: USN-8363-1 fixed several vulnerabilities in MySQL. This update provides the corresponding fixes for MySQL on Ubuntu 20.04 LTS. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.46 in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. Ubuntu 25.10 and Ubuntu 26.04 LTS have been updated to MySQL 8.4.9. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-46.html https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-9.html https://www.oracle.com/security-alerts/cpuapr2026.html Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS mysql-server-8.0 8.0.46-0ubuntu0.20.04.1+esm2 Available with Ubuntu Pro This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8363-2 https://ubuntu.com/security/notices/USN-8363-1 CVE-2026-21998, CVE-2026-22001, CVE-2026-22002, CVE-2026-22004, CVE-2026-22005, CVE-2026-22009, CVE-2026-22015, CVE-2026-22017, CVE-2026-34267, CVE-2026-34270, CVE-2026-34271, CVE-2026-34276, CVE-2026-34278, CVE-2026-34293, CVE-2026-34303,CVE-2026-34304, CVE-2026-34308, CVE-2026-34317, CVE-2026-34318, CVE-2026-34319, CVE-2026-35236, CVE-2026-35237, CVE-2026-35238, CVE-2026-35239, CVE-2026-35240 . Critical updates for MySQL address multiple security issues in Ubuntu 20.04 LTS, enhancing database security.. MySQL security updates, Ubuntu 20.04 LTS, database vulnerabilities, MySQL fixes. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 03, 2026 Important Ubuntu
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200