Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 526
Alerts This Week
Warning Icon 1 526

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 64 articles for you...
217

Oracle Linux 9 ELSA-2026-19373 DNSMasq Important Overflow DoS

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-19373 http://linux.oracle.com/errata/ELSA-2026-19373.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: dnsmasq-2.85-18.el9_8.1.x86_64.rpm dnsmasq-utils-2.85-18.el9_8.1.x86_64.rpm aarch64: dnsmasq-2.85-18.el9_8.1.aarch64.rpm dnsmasq-utils-2.85-18.el9_8.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/dnsmasq-2.85-18.el9_8.1.src.rpm Related CVEs: CVE-2026-2291 CVE-2026-4890 CVE-2026-4891 CVE-2026-4892 CVE-2026-4893 Description of changes: [2.85-18.1] - Prevent overflow in extract_name function (CVE-2026-2291) - Prevent DoS in DNSSEC validation (CVE-2026-4890) - Prevent out-of-bounds read in DNSSEC validation (CVE-2026-4891) - Prevent out-of-bounds write in DHCPv6 server (CVE-2026-4892) - Prevent source check avoidance by RFC 7871 client-subnet (CVE-2026-4893) _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 9 has released an advisory for dnsmasq addressing important issues including DoS and overflow risks.. Oracle Linux,dnsmasq,security advisory,update,DoS. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 24, 2026 Important Oracle
89

Fedora 43 Chromium Critical Heap Buffer Overflow Advisory 2026-d3c82235d4

Update to 147.0.7727.101 Critical CVE-2026-6296: Heap buffer overflow in ANGLE Critical CVE-2026-6297: Use after free in Proxy Critical CVE-2026-6298: Heap buffer overflow in Skia Critical CVE-2026-6299: Use after free in Prerender. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-d3c82235d4 2026-04-22 07:48:13.355012+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 43 Version : 147.0.7727.101 Release : 1.fc43 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 147.0.7727.101 Critical CVE-2026-6296: Heap buffer overflow in ANGLE Critical CVE-2026-6297: Use after free in Proxy Critical CVE-2026-6298: Heap buffer overflow in Skia Critical CVE-2026-6299: Use after free in Prerender Critical CVE-2026-6358: Use after free in XR High CVE-2026-6359: Use after free in Video High CVE-2026-6300: Use after free in CSS High CVE-2026-6301: Type Confusion in Turbofan High CVE-2026-6302: Use after free in Video High CVE-2026-6303: Use after free in Codecs High CVE-2026-6304: Use after free in Graphite High CVE-2026-6305: Heap buffer overflow in PDFium High CVE-2026-6306: Heap buffer overflow in PDFium High CVE-2026-6307: Type Confusion in Turbofan High CVE-2026-6308: Out of bounds read in Media High CVE-2026-6309: Use after free in Viz High CVE-2026-6360: Use after free in FileSystem High CVE-2026-6310: Use after free in Dawn High CVE-2026-6311: Uninitialized Use in Accessibility High CVE-2026-6312: Insufficient policy enforcement in Passwords High CVE-2026-6313: Insufficient policy enforcement in CORS High CVE-2026-6314: Out of bounds write in GPU HighCVE-2026-6315: Use after free in Permissions High CVE-2026-6316: Use after free in Forms High CVE-2026-6361: Heap buffer overflow in PDFium High CVE-2026-6362: Use after free in Codecs High CVE-2026-6317: Use after free in Cast Medium CVE-2026-6363: Type Confusion in V8 Medium CVE-2026-6318: Use after free in Codecs Medium CVE-2026-6319: Use after free in Payments Medium CVE-2026-6364: Out of bounds read in Skia -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2026 Than Ngo - 147.0.7727.101-1 - Update to 147.0.7727.101 * Critical CVE-2026-6296: Heap buffer overflow in ANGLE * Critical CVE-2026-6297: Use after free in Proxy * Critical CVE-2026-6298: Heap buffer overflow in Skia * Critical CVE-2026-6299: Use after free in Prerender * Critical CVE-2026-6358: Use after free in XR * High CVE-2026-6359: Use after free in Video * High CVE-2026-6300: Use after free in CSS * High CVE-2026-6301: Type Confusion in Turbofan * High CVE-2026-6302: Use after free in Video * High CVE-2026-6303: Use after free in Codecs * High CVE-2026-6304: Use after free in Graphite * High CVE-2026-6305: Heap buffer overflow in PDFium * High CVE-2026-6306: Heap buffer overflow in PDFium * High CVE-2026-6307: Type Confusion in Turbofan * High CVE-2026-6308: Out of bounds read in Media * High CVE-2026-6309: Use after free in Viz * High CVE-2026-6360: Use after free in FileSystem * High CVE-2026-6310: Use after free in Dawn * High CVE-2026-6311: Uninitialized Use in Accessibility * High CVE-2026-6312: Insufficient policy enforcement in Passwords * High CVE-2026-6313: Insufficient policy enforcement in CORS * High CVE-2026-6314: Out of bounds write in GPU * High CVE-2026-6315: Use after free in Permissions * High CVE-2026-6316: Use after free in Forms * High CVE-2026-6361: Heap buffer overflow in PDFium * High CVE-2026-6362: Use after free in Codecs * High CVE-2026-6317: Use after free in Cast * Medium CVE-2026-6363: Type Confusion in V8 * Medium CVE-2026-6318: Use after free in Codecs * Medium CVE-2026-6319: Use after free in Payments * Medium CVE-2026-6364: Out of bounds read in Skia * Thu Apr 9 2026 Than Ngo - 147.0.7727.55-1 - Update to 147.0.7727.55 * Critical CVE-2026-5858: Heap buffer overflow in WebML * Critical CVE-2026-5859: Integer overflow in WebML * High CVE-2026-5860: Use after free in WebRTC * High CVE-2026-5861: Use after free in V8 * High CVE-2026-5862: Inappropriate implementation in V8 * High CVE-2026-5863: Inappropriate implementation in V8 * High CVE-2026-5864: Heap buffer overflow in WebAudio * High CVE-2026-5865: Type Confusion in V8 * High CVE-2026-5866: Use after free in Media * High CVE-2026-5867: Heap buffer overflow in WebML * High CVE-2026-5868: Heap buffer overflow in ANGLE * High CVE-2026-5869: Heap buffer overflow in WebML * High CVE-2026-5870: Integer overflow in Skia * High CVE-2026-5871: Type Confusion in V8 * High CVE-2026-5872: Use after free in Blink * High CVE-2026-5873: Out of bounds read and write in V8 * Medium CVE-2026-5874: Use after free in PrivateAI * Medium CVE-2026-5875: Policy bypass in Blink * Medium CVE-2026-5876: Side-channel information leakage in Navigation * Medium CVE-2026-5877: Use after free in Navigation * Medium CVE-2026-5878: Incorrect security UI in Blink * Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE * Medium CVE-2026-5880: Incorrect security UI in browser UI * Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess * Medium CVE-2026-5882: Incorrect security UI in Fullscreen * Medium CVE-2026-5883: Use after free in Media * Medium CVE-2026-5884: Insufficient validation of untrusted input in Media * Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML * Medium CVE-2026-5886: Out of bounds read in WebAudio * Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads * Medium CVE-2026-5888: Uninitialized Use in WebCodecs * Medium CVE-2026-5889: Cryptographic Flaw in PDFium * Medium CVE-2026-5890: Race in WebCodecs * Medium CVE-2026-5891: Insufficient policy enforcement in browser UI * Medium CVE-2026-5892: Insufficient policy enforcement in PWAs * Medium CVE-2026-5893: Race in V8 * Low CVE-2026-5894: Inappropriate implementation in PDF * Low CVE-2026-5895: Incorrect security UI in Omnibox * Low CVE-2026-5896: Policy bypass in Audio * Low CVE-2026-5897: Incorrect security UI in Downloads * Low CVE-2026-5898: Incorrect security UI in Omnibox * Low CVE-2026-5899: Incorrect security UI in History Navigation * Low CVE-2026-5900: Policy bypass in Downloads * Low CVE-2026-5901: Policy bypass in DevTools * Low CVE-2026-5902: Race in Media * Low CVE-2026-5903: Policy bypass in IFrameSandbox * Low CVE-2026-5904: Use after free in V8 * Low CVE-2026-5905: Incorrect security UI in Permissions * Low CVE-2026-5906: Incorrect security UI in Omnibox * Low CVE-2026-5907: Insufficient data validation in Media * Low CVE-2026-5908: Integer overflow in Media * Low CVE-2026-5909: Integer overflow in Media * Low CVE-2026-5910: Integer overflow in Media * Low CVE-2026-5911: Policy bypass in ServiceWorkers * Low CVE-2026-5912: Integer overflow in WebRTC * Low CVE-2026-5913: Out of bounds read in Blink * Low CVE-2026-5914: Type Confusion in CSS * Low CVE-2026-5915: Insufficient validation of untrusted input in WebML * Low CVE-2026-5918: Inappropriate implementation in Navigation * Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets -------------------------------------------------------------------------------- References: [ 1 ] Bug #2458847 - CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws[fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458847 [ 2 ] Bug #2458848 - CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458848 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-d3c82235d4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical updates for Chromium fix multiple buffer overflows and use-after-free issues. Upgrade for secure browsing. . Chromium Security Update. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 22, 2026 Critical Fedora
100

SUSE Linux Micro 6.0 libsoup Critical Out-of-Bounds Overflow Updates

An update that solves two vulnerabilities can now be installed.. # Security update for libsoup Announcement ID: SUSE-SU-2026:20245-1 Release Date: 2026-01-16T12:54:17Z Rating: important References: * bsc#1256399 * bsc#1256418 Cross-References: * CVE-2026-0716 * CVE-2026-0719 CVSS scores: * CVE-2026-0716 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-0716 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L * CVE-2026-0716 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-0719 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-0719 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-0719 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for libsoup fixes the following issues: * CVE-2026-0716: Fixed out-of-bounds read for websocket (bsc#1256418). * CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-563=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 ppc64le s390x x86_64) * libsoup-3_0-0-debuginfo-3.4.2-11.1 * libsoup-debugsource-3.4.2-11.1 * libsoup-3_0-0-3.4.2-11.1 ## References: * https://www.suse.com/security/cve/CVE-2026-0716.html * https://www.suse.com/security/cve/CVE-2026-0719.html * https://bugzilla.suse.com/show_bug.cgi?id=1256399 * https://bugzilla.suse.com/show_bug.cgi?id=1256418 . SUSE important security update fixes two vulnerabilities for libsoup addressing critical issues. Stay updated and secure your systems.. SUSE Linux, libsoup vulnerabilities,important security update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 13, 2026 Important SuSE
100

SUSE xrdp Important Security DoS Overflow Issue 2026-0477-1 CVE-2025-68670

An update that solves one vulnerability can now be installed.. # Security update for xrdp Announcement ID: SUSE-SU-2026:0477-1 Release Date: 2026-02-12T11:45:23Z Rating: important References: * bsc#1257362 Cross-References: * CVE-2025-68670 CVSS scores: * CVE-2025-68670 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68670 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68670 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2025-68670 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for xrdp fixes the following issues: * CVE-2025-68670: Fix a potential overflow when processing user domain information. (bsc#1257362) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-477=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-477=1 * SUSELinux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-477=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-477=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-477=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-477=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-477=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-477=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * xrdp-devel-0.9.13.1-150200.4.36.1 * libpainter0-debuginfo-0.9.13.1-150200.4.36.1 * libpainter0-0.9.13.1-150200.4.36.1 * librfxencode0-0.9.13.1-150200.4.36.1 * xrdp-debuginfo-0.9.13.1-150200.4.36.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.36.1 * xrdp-0.9.13.1-150200.4.36.1 * xrdp-debugsource-0.9.13.1-150200.4.36.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * xrdp-devel-0.9.13.1-150200.4.36.1 * libpainter0-debuginfo-0.9.13.1-150200.4.36.1 * libpainter0-0.9.13.1-150200.4.36.1 * librfxencode0-0.9.13.1-150200.4.36.1 * xrdp-debuginfo-0.9.13.1-150200.4.36.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.36.1 * xrdp-0.9.13.1-150200.4.36.1 * xrdp-debugsource-0.9.13.1-150200.4.36.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * xrdp-devel-0.9.13.1-150200.4.36.1 * libpainter0-debuginfo-0.9.13.1-150200.4.36.1 * libpainter0-0.9.13.1-150200.4.36.1 * librfxencode0-0.9.13.1-150200.4.36.1 * xrdp-debuginfo-0.9.13.1-150200.4.36.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.36.1 * xrdp-0.9.13.1-150200.4.36.1 * xrdp-debugsource-0.9.13.1-150200.4.36.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * xrdp-devel-0.9.13.1-150200.4.36.1 * libpainter0-debuginfo-0.9.13.1-150200.4.36.1 * libpainter0-0.9.13.1-150200.4.36.1 * librfxencode0-0.9.13.1-150200.4.36.1 * xrdp-debuginfo-0.9.13.1-150200.4.36.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.36.1 * xrdp-0.9.13.1-150200.4.36.1 * xrdp-debugsource-0.9.13.1-150200.4.36.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * xrdp-devel-0.9.13.1-150200.4.36.1 * libpainter0-debuginfo-0.9.13.1-150200.4.36.1 * libpainter0-0.9.13.1-150200.4.36.1 * librfxencode0-0.9.13.1-150200.4.36.1 * xrdp-debuginfo-0.9.13.1-150200.4.36.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.36.1 * xrdp-0.9.13.1-150200.4.36.1 * xrdp-debugsource-0.9.13.1-150200.4.36.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * xrdp-devel-0.9.13.1-150200.4.36.1 * libpainter0-debuginfo-0.9.13.1-150200.4.36.1 * libpainter0-0.9.13.1-150200.4.36.1 * librfxencode0-0.9.13.1-150200.4.36.1 * xrdp-debuginfo-0.9.13.1-150200.4.36.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.36.1 * xrdp-0.9.13.1-150200.4.36.1 * xrdp-debugsource-0.9.13.1-150200.4.36.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * xrdp-devel-0.9.13.1-150200.4.36.1 * libpainter0-debuginfo-0.9.13.1-150200.4.36.1 * libpainter0-0.9.13.1-150200.4.36.1 * librfxencode0-0.9.13.1-150200.4.36.1 * xrdp-debuginfo-0.9.13.1-150200.4.36.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.36.1 * xrdp-0.9.13.1-150200.4.36.1 * xrdp-debugsource-0.9.13.1-150200.4.36.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * xrdp-devel-0.9.13.1-150200.4.36.1 * libpainter0-debuginfo-0.9.13.1-150200.4.36.1 * libpainter0-0.9.13.1-150200.4.36.1 * librfxencode0-0.9.13.1-150200.4.36.1 *xrdp-debuginfo-0.9.13.1-150200.4.36.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.36.1 * xrdp-0.9.13.1-150200.4.36.1 * xrdp-debugsource-0.9.13.1-150200.4.36.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68670.html * https://bugzilla.suse.com/show_bug.cgi?id=1257362 . Important security update for xrdp in SUSE addresses overflow issue with CVE-2025-68670. Install patches timely.. SUSE xrdp security update overflow CVE-2025-68670. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 12, 2026 Important SuSE
100

SUSE xrdp Important Security Overflow Threat CVE-2025-68670

An update that solves one vulnerability can now be installed.. # Security update for xrdp Announcement ID: SUSE-SU-2026:0404-1 Release Date: 2026-02-06T16:58:47Z Rating: important References: * bsc#1257362 Cross-References: * CVE-2025-68670 CVSS scores: * CVE-2025-68670 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68670 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68670 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2025-68670 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for xrdp fixes the following issues: * CVE-2025-68670: Fix a potential overflow when processing user domain information. (bsc#1257362) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-404=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-404=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * xrdp-0.9.10-3.22.1 * xrdp-debugsource-0.9.10-3.22.1 * xrdp-debuginfo-0.9.10-3.22.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * xrdp-0.9.10-3.22.1 * xrdp-debugsource-0.9.10-3.22.1 * xrdp-debuginfo-0.9.10-3.22.1 ## References: *https://www.suse.com/security/cve/CVE-2025-68670.html * https://bugzilla.suse.com/show_bug.cgi?id=1257362 . SUSE Security Advisory for xrdp Important Update Fixes Overflow Issue CVE-2025-68670.. xrdp update SUSE important security remote access. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 09, 2026 Important SuSE
100

Critical Denial of Service Flaw in SUSE 15 SP6 libsoup2 2026-0253-1

An update that solves two vulnerabilities can now be installed.. # Security update for libsoup2 Announcement ID: SUSE-SU-2026:0253-1 Release Date: 2026-01-22T16:08:15Z Rating: important References: * bsc#1254876 * bsc#1256399 Cross-References: * CVE-2025-14523 * CVE-2026-0719 CVSS scores: * CVE-2025-14523 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-14523 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2025-14523 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-0719 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-0719 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-0719 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for libsoup2 fixes the following issues: * CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876). * CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-253=1 openSUSE-SLE-15.6-2026-253=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-253=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patchSUSE-SLE-Product-SLES-15-SP6-LTSS-2026-253=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-253=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libsoup-2_4-1-2.74.3-150600.4.19.1 * libsoup-2_4-1-debuginfo-2.74.3-150600.4.19.1 * libsoup2-devel-2.74.3-150600.4.19.1 * typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1 * libsoup2-debugsource-2.74.3-150600.4.19.1 * openSUSE Leap 15.6 (x86_64) * libsoup2-devel-32bit-2.74.3-150600.4.19.1 * libsoup-2_4-1-32bit-2.74.3-150600.4.19.1 * libsoup-2_4-1-32bit-debuginfo-2.74.3-150600.4.19.1 * openSUSE Leap 15.6 (noarch) * libsoup2-lang-2.74.3-150600.4.19.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libsoup-2_4-1-64bit-debuginfo-2.74.3-150600.4.19.1 * libsoup2-devel-64bit-2.74.3-150600.4.19.1 * libsoup-2_4-1-64bit-2.74.3-150600.4.19.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libsoup-2_4-1-2.74.3-150600.4.19.1 * libsoup-2_4-1-debuginfo-2.74.3-150600.4.19.1 * libsoup2-devel-2.74.3-150600.4.19.1 * typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1 * libsoup2-debugsource-2.74.3-150600.4.19.1 * Basesystem Module 15-SP7 (noarch) * libsoup2-lang-2.74.3-150600.4.19.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libsoup-2_4-1-2.74.3-150600.4.19.1 * libsoup-2_4-1-debuginfo-2.74.3-150600.4.19.1 * libsoup2-devel-2.74.3-150600.4.19.1 * typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1 * libsoup2-debugsource-2.74.3-150600.4.19.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * libsoup2-lang-2.74.3-150600.4.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libsoup-2_4-1-2.74.3-150600.4.19.1 * libsoup-2_4-1-debuginfo-2.74.3-150600.4.19.1 * libsoup2-devel-2.74.3-150600.4.19.1 * typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1 * libsoup2-debugsource-2.74.3-150600.4.19.1 * SUSE Linux Enterprise Server forSAP Applications 15 SP6 (noarch) * libsoup2-lang-2.74.3-150600.4.19.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14523.html * https://www.suse.com/security/cve/CVE-2026-0719.html * https://bugzilla.suse.com/show_bug.cgi?id=1254876 * https://bugzilla.suse.com/show_bug.cgi?id=1256399 . Important security update for libsoup2 addresses critical issues related to denial of service and data overflow vulnerabilities.. libsoup2 update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jan 23, 2026 Important SuSE
202

openSUSE Leap 16.0: xwayland Important Issues 2025-20099-1

An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.. openSUSE security update: security update for xwayland ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20099-1 Rating: important References: * bsc#1251958 * bsc#1251959 * bsc#1251960 Cross-References: * CVE-2025-62229 * CVE-2025-62230 * CVE-2025-62231 CVSS scores: * CVE-2025-62229 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-62229 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-62230 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-62230 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-62231 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-62231 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed. Description: This update for xwayland fixes the following issues: - CVE-2025-62229: Fixed use-after-free in XPresentNotify structures creation (bsc#1251958). - CVE-2025-62230: Fixed use-after-free in Xkb client resource removal (bsc#1251959). - CVE-2025-62231: Fixed value overflow in Xkb extension XkbSetCompatMap() (bsc#1251960). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-65=1 Package List: - openSUSE Leap 16.0: xwayland-24.1.6-160000.3.1 xwayland-devel-24.1.6-160000.3.1 References: * https://www.suse.com/security/cve/CVE-2025-62229.html * https://www.suse.com/security/cve/CVE-2025-62230.html *https://www.suse.com/security/cve/CVE-2025-62231.html . Critical update for openSUSE addresses important issues in XWayland; fixes use-after-free and overflow vulnerabilities.. openSUSE updates, xwayland security, important patches. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Nov 28, 2025 Important OpenSUSE
89

Red Hat 8: Firefox Elevated Privilege Vulnerability CVE-2025-12345 Alert

Update to 141.0.7390.65 * High CVE-2025-11458: Heap buffer overflow in Sync * High CVE-2025-11460: Use after free in Storage * Medium CVE-2025-11211: Out of bounds read in WebCodecs. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-10d67f6509 2025-10-11 00:56:43.169087+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 42 Version : 141.0.7390.65 Release : 1.fc42 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 141.0.7390.65 * High CVE-2025-11458: Heap buffer overflow in Sync * High CVE-2025-11460: Use after free in Storage * Medium CVE-2025-11211: Out of bounds read in WebCodecs -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 8 2025 Than Ngo - 141.0.7390.65-1 - Update to 141.0.7390.65 * High CVE-2025-11458: Heap buffer overflow in Sync * High CVE-2025-11460: Use after free in Storage * Medium CVE-2025-11211: Out of bounds read in WebCodecs * Fri Oct 3 2025 Tom Stellard - 141.0.7390.54-2 - Fix build with clang-22 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2402457 - CVE-2025-11458, CVE-2025-11460, CVE-2025-11211 - chromium security issues [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2402457 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-10d67f6509' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . CVE-2025-11458 and CVE-2025-11460 vulnerabilities in Chromium require immediate attention for Fedora 42 users.. Fedora Chromium Update CVE-2025-11458 CVE-2025-11460. . LinuxSecurity.com Team

Calendar%202 Oct 11, 2025 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200