Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 23 articles for you...
100
security advisorySuSEimportantSUSE Linux 12 SP5 Kernel Important Security Patch 2026-1305-1
An update that solves five vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 76 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1305-1 Release Date: 2026-04-13T18:34:02Z Rating: important References: * bsc#1255235 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE LinuxEnterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.290 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1305=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_290-default-4-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 . SUSE Linux Enterprise update resolves five important issues in the kernel with potential security risks.. SUSE Kernel Update, Security Patching, Linux Enterprise, Session State Fix. .Severity: Important. LinuxSecurity.com Team
Apr 14, 2026
•Important
SuSE
100
security advisorybuffer overflowimportantopenSUSE 15.5 openssl-1_1 Important Issues Buffer Overflow 2026-1290-1
An update that solves four vulnerabilities can now be installed.. # Security update for openssl-1_1 Announcement ID: SUSE-SU-2026:1290-1 Release Date: 2026-04-13T08:08:55Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1290=1 * SUSE Linux Enterprise Micro 5.5 zypper in-t patch SUSE-SLE-Micro-5.5-2026-1290=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1290=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1290=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1290=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1290=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1 * openssl-1_1-debugsource-1.1.1l-150500.17.51.1 * libopenssl1_1-1.1.1l-150500.17.51.1 * openssl-1_1-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-1.1.1l-150500.17.51.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.51.1 * openSUSE Leap 15.5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-32bit-1.1.1l-150500.17.51.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.51.1 * openSUSE Leap 15.5 (noarch) * openssl-1_1-doc-1.1.1l-150500.17.51.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl1_1-64bit-1.1.1l-150500.17.51.1 * libopenssl1_1-64bit-debuginfo-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-64bit-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-64bit-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1 * openssl-1_1-debugsource-1.1.1l-150500.17.51.1 * libopenssl1_1-1.1.1l-150500.17.51.1 * openssl-1_1-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-1.1.1l-150500.17.51.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) *libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1 * openssl-1_1-debugsource-1.1.1l-150500.17.51.1 * libopenssl1_1-1.1.1l-150500.17.51.1 * openssl-1_1-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-1.1.1l-150500.17.51.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.51.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1 * openssl-1_1-debugsource-1.1.1l-150500.17.51.1 * libopenssl1_1-1.1.1l-150500.17.51.1 * openssl-1_1-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-1.1.1l-150500.17.51.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.51.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1 * openssl-1_1-debugsource-1.1.1l-150500.17.51.1 * libopenssl1_1-1.1.1l-150500.17.51.1 * openssl-1_1-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-1.1.1l-150500.17.51.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.51.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1 * openssl-1_1-debugsource-1.1.1l-150500.17.51.1 *libopenssl1_1-1.1.1l-150500.17.51.1 * openssl-1_1-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-1.1.1l-150500.17.51.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.51.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.51.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 . An update for openssl-1_1 addresses four important issues, enhancing security in openSUSE systems.. openssl-1_1 update security issues SUSE important. . Severity: Important. LinuxSecurity.com Team
Apr 13, 2026
•Important
SuSE
99
security advisorydenial of serviceimportantUbuntu 22.04 libxml2 High NULL Pointer Dereference CVE-2023-4567
New expat packages are available for Slackware 15.0 and -current to fix security issues.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] expat (SSA:2026-077-01) New expat packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/expat-2.7.5-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Fix NULL function pointer dereference for empty external parameter entities; it takes use of both functions XML_ExternalEntityParserCreate and XML_SetParamEntityParsing for an application to be vulnerable. Protect from XML_TOK_INSTANCE_START infinite loop in function entityValueProcessor; it takes use of both functions XML_ExternalEntityParserCreate and XML_SetParamEntityParsing for an application to be vulnerable. Fix NULL dereference in function setContext on retry after an earlier ouf-of-memory condition; it takes use of function XML_ParserCreateNS or XML_ParserCreate_MM for an application to be vulnerable. For more information, see: https://www.cve.org/CVERecord?id=CVE-2026-32776 https://www.cve.org/CVERecord?id=CVE-2026-32777 https://www.cve.org/CVERecord?id=CVE-2026-32778 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/expat-2.7.5-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/expat-2.7.5-x86_64-1_slack15.0.txz Updated package for Slackware-current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.7.5-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.7.5-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: c86d353f2bec19c75d90d0c4736eaaf2 expat-2.7.5-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 3acb8cf368cc4fa7c989d84831b8f238 expat-2.7.5-x86_64-1_slack15.0.txz Slackware -current package: 6635c49608492641a1965bac5f83d4cc l/expat-2.7.5-i686-1.txz Slackware x86_64 -current package: e6297cf40af8a1d895af22d10712be8b l/expat-2.7.5-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg expat-2.7.5-i586-1_slack15.0.txz +-----+ . New expat packages for Slackware 15.0 fix critical security issues to protect against potential exploits.. Slackware expat security patch, Linux expat update, Linux package vulnerability. . Severity: Important. LinuxSecurity.com Team
Mar 18, 2026
•Important
Slackware
202
security advisorymoderateinteger overflowopenSUSE 2026 expat Moderate Integer Overflow Null Dereference 2026-0826-1
An update that solves two vulnerabilities can now be installed.. # Security update for expat Announcement ID: SUSE-SU-2026:0826-1 Release Date: 2026-03-05T15:16:41Z Rating: moderate References: * bsc#1257144 * bsc#1257496 Cross-References: * CVE-2026-24515 * CVE-2026-25210 CVSS scores: * CVE-2026-24515 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-24515 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-24515 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-24515 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25210 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-25210 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2026-25210 ( NVD ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves two vulnerabilities can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144) * CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-826=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-826=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-826=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-826=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-826=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-826=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-826=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libexpat1-debuginfo-2.7.1-150400.3.34.1 * expat-debuginfo-2.7.1-150400.3.34.1 * libexpat-devel-2.7.1-150400.3.34.1 * expat-debugsource-2.7.1-150400.3.34.1 * libexpat1-2.7.1-150400.3.34.1 * expat-2.7.1-150400.3.34.1 * openSUSE Leap 15.4 (x86_64) * libexpat-devel-32bit-2.7.1-150400.3.34.1 * expat-32bit-debuginfo-2.7.1-150400.3.34.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.34.1 * libexpat1-32bit-2.7.1-150400.3.34.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libexpat-devel-64bit-2.7.1-150400.3.34.1 * libexpat1-64bit-2.7.1-150400.3.34.1 * expat-64bit-debuginfo-2.7.1-150400.3.34.1 * libexpat1-64bit-debuginfo-2.7.1-150400.3.34.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libexpat1-debuginfo-2.7.1-150400.3.34.1 * expat-debuginfo-2.7.1-150400.3.34.1 * libexpat-devel-2.7.1-150400.3.34.1 * expat-debugsource-2.7.1-150400.3.34.1 * libexpat1-2.7.1-150400.3.34.1 * expat-2.7.1-150400.3.34.1 * openSUSE Leap 15.6 (x86_64) * libexpat-devel-32bit-2.7.1-150400.3.34.1 * expat-32bit-debuginfo-2.7.1-150400.3.34.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.34.1 * libexpat1-32bit-2.7.1-150400.3.34.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libexpat1-debuginfo-2.7.1-150400.3.34.1 * expat-debugsource-2.7.1-150400.3.34.1 * expat-debuginfo-2.7.1-150400.3.34.1 * libexpat1-2.7.1-150400.3.34.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libexpat1-debuginfo-2.7.1-150400.3.34.1 * expat-debugsource-2.7.1-150400.3.34.1 * expat-debuginfo-2.7.1-150400.3.34.1 * libexpat1-2.7.1-150400.3.34.1 * SUSELinux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libexpat1-debuginfo-2.7.1-150400.3.34.1 * expat-debugsource-2.7.1-150400.3.34.1 * expat-debuginfo-2.7.1-150400.3.34.1 * libexpat1-2.7.1-150400.3.34.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libexpat1-debuginfo-2.7.1-150400.3.34.1 * expat-debugsource-2.7.1-150400.3.34.1 * expat-debuginfo-2.7.1-150400.3.34.1 * libexpat1-2.7.1-150400.3.34.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libexpat1-debuginfo-2.7.1-150400.3.34.1 * expat-debugsource-2.7.1-150400.3.34.1 * expat-debuginfo-2.7.1-150400.3.34.1 * libexpat1-2.7.1-150400.3.34.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24515.html * https://www.suse.com/security/cve/CVE-2026-25210.html * https://bugzilla.suse.com/show_bug.cgi?id=1257144 * https://bugzilla.suse.com/show_bug.cgi?id=1257496 . A security advisory for openSUSE addressing two moderate vulnerabilities affecting expat and their patch instructions.. openSUSE security advisory, expat vulnerabilities, SUSE updates. . LinuxSecurity.com Team
Mar 05, 2026
OpenSUSE
100
security advisorybuffer overflowSuSESUSE Linux Micro 6.1 Expat Buffer Overflow NULL Deref Issue 2026-20481-1
An update that solves two vulnerabilities can now be installed.. # Security update for expat Announcement ID: SUSE-SU-2026:20481-1 Release Date: 2026-02-17T09:33:51Z Rating: important References: * bsc#1257144 * bsc#1257496 Cross-References: * CVE-2026-24515 * CVE-2026-25210 CVSS scores: * CVE-2026-24515 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-24515 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-24515 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-24515 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25210 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-25210 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2026-25210 ( NVD ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2026-24515: failure to copy the encoding handler data passed to XML_SetUnknownEncodingHandler may cause a NULL dereference (bsc#1257144). * CVE-2026-25210: lack of buffer size check can lead to an integer overflow (bsc#1257496). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-410=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-slfo.1.1_4.1 * libexpat1-2.7.1-slfo.1.1_4.1 * libexpat1-debuginfo-2.7.1-slfo.1.1_4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24515.html * https://www.suse.com/security/cve/CVE-2026-25210.html * https://bugzilla.suse.com/show_bug.cgi?id=1257144 *https://bugzilla.suse.com/show_bug.cgi?id=1257496 . Update for expat fixes critical issues related to NULL dereference and buffer overflow. Immediate attention recommended.. SUSE expat important security update buffer overflow NULL dereference integer overflow. . Severity: Important. LinuxSecurity.com Team
Feb 27, 2026
•Important
SuSE
100
security advisorySuSEimportantSUSE expat Moderate Update Integer Overflow Null Dereference 2026-0646-1
An update that solves two vulnerabilities can now be installed.. # Security update for expat Announcement ID: SUSE-SU-2026:0646-1 Release Date: 2026-02-25T16:29:25Z Rating: moderate References: * bsc#1257144 * bsc#1257496 Cross-References: * CVE-2026-24515 * CVE-2026-25210 CVSS scores: * CVE-2026-24515 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-24515 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-24515 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-24515 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25210 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-25210 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2026-25210 ( NVD ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144) * CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-646=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * expat-debuginfo-2.7.1-150700.3.9.2 * libexpat-devel-2.7.1-150700.3.9.2 * libexpat1-2.7.1-150700.3.9.2 * expat-debugsource-2.7.1-150700.3.9.2 * expat-2.7.1-150700.3.9.2 *libexpat1-debuginfo-2.7.1-150700.3.9.2 * Basesystem Module 15-SP7 (x86_64) * libexpat1-32bit-debuginfo-2.7.1-150700.3.9.2 * libexpat1-32bit-2.7.1-150700.3.9.2 * expat-32bit-debuginfo-2.7.1-150700.3.9.2 ## References: * https://www.suse.com/security/cve/CVE-2026-24515.html * https://www.suse.com/security/cve/CVE-2026-25210.html * https://bugzilla.suse.com/show_bug.cgi?id=1257144 * https://bugzilla.suse.com/show_bug.cgi?id=1257496 . Update available for expat addressing key vulnerabilities in SUSE systems. Install recommended patches to ensure security.. SUSE expat security update integer overflow null dereference. . Severity: Important. LinuxSecurity.com Team
Feb 26, 2026
•Important
SuSE
100
security advisorymoderateSuSESUSE Linux Enterprise 12 SP5 Expat Integer Overflow Issue CVE-2026-0647-1
An update that solves two vulnerabilities can now be installed.. # Security update for expat Announcement ID: SUSE-SU-2026:0647-1 Release Date: 2026-02-25T16:30:09Z Rating: moderate References: * bsc#1257144 * bsc#1257496 Cross-References: * CVE-2026-24515 * CVE-2026-25210 CVSS scores: * CVE-2026-24515 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-24515 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-24515 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-24515 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25210 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-25210 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2026-25210 ( NVD ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144) * CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-647=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libexpat1-32bit-2.7.1-21.49.1 * libexpat1-debuginfo-2.7.1-21.49.1 * expat-2.7.1-21.49.1 * libexpat-devel-2.7.1-21.49.1 * expat-debuginfo-2.7.1-21.49.1 *libexpat1-2.7.1-21.49.1 * expat-debugsource-2.7.1-21.49.1 * libexpat1-debuginfo-32bit-2.7.1-21.49.1 * expat-debuginfo-32bit-2.7.1-21.49.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24515.html * https://www.suse.com/security/cve/CVE-2026-25210.html * https://bugzilla.suse.com/show_bug.cgi?id=1257144 * https://bugzilla.suse.com/show_bug.cgi?id=1257496 . Latest security update for SUSE addressing two vulnerabilities in expat related to integer overflow and null dereference issues.. SUSE Linux Security Moderate Expat Update Integer Overflow Null Dereference. . LinuxSecurity.com Team
Feb 26, 2026
SuSE
89
security advisoryfedoraimportantFedora 42 p11-kit Important NULL Dereference Threat CVE-2026-2100
Notable changes from the rebase: * pkcs11: Update PKCS11 headers to version 3.2 * rpc: fix NULL dereference via C_DeriveKey with specific NULL parameters (CVE-2026-2100) * trust: Lookup DNs in reverse order (RFC4514 section 2.1). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-7982f70f74 2026-02-16 01:30:23.666216+00:00 -------------------------------------------------------------------------------- Name : p11-kit Product : Fedora 42 Version : 0.26.2 Release : 1.fc42 URL : https://p11-glue.github.io/p11-glue/p11-kit.html Summary : Library for loading and sharing PKCS#11 modules Description : p11-kit provides a way to load and enumerate PKCS#11 modules, as well as a standard configuration setup for installing PKCS#11 modules in such a way that they're discoverable. -------------------------------------------------------------------------------- Update Information: Notable changes from the rebase: * pkcs11: Update PKCS11 headers to version 3.2 * rpc: fix NULL dereference via C_DeriveKey with specific NULL parameters (CVE-2026-2100) * trust: Lookup DNs in reverse order (RFC4514 section 2.1) -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 10 2026 Packit - 0.26.2-1 - Update to 0.26.2 upstream release - Resolves: rhbz#2394340 * Tue Feb 10 2026 Zoltan Fridrich - 0.25.8-3 - Migrate STI tests to TMT * Tue Feb 10 2026 Zoltan Fridrich - 0.25.8-2 - Fix test trust-anchor-complains-about-invalid-attribute-and -------------------------------------------------------------------------------- References: [ 1 ] Bug #2383011 - p11-kit: STI tests will no longer be run in F43 https://bugzilla.redhat.com/show_bug.cgi?id=2383011 [ 2 ] Bug #2394340 - p11-kit-0.26.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2394340 [ 3 ] Bug #2437309 - CVE-2026-2100 p11-kit: p11-kit: NULL dereference viaC_DeriveKey with specific NULL parameters [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437309 [ 4 ] Bug #2437310 - CVE-2026-2100 p11-kit: p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437310 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-7982f70f74' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 16, 2026
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!