Explore top 10 tips to secure your open-source projects now. Read More
×
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-19373 http://linux.oracle.com/errata/ELSA-2026-19373.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: dnsmasq-2.85-18.el9_8.1.x86_64.rpm dnsmasq-utils-2.85-18.el9_8.1.x86_64.rpm aarch64: dnsmasq-2.85-18.el9_8.1.aarch64.rpm dnsmasq-utils-2.85-18.el9_8.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/dnsmasq-2.85-18.el9_8.1.src.rpm Related CVEs: CVE-2026-2291 CVE-2026-4890 CVE-2026-4891 CVE-2026-4892 CVE-2026-4893 Description of changes: [2.85-18.1] - Prevent overflow in extract_name function (CVE-2026-2291) - Prevent DoS in DNSSEC validation (CVE-2026-4890) - Prevent out-of-bounds read in DNSSEC validation (CVE-2026-4891) - Prevent out-of-bounds write in DHCPv6 server (CVE-2026-4892) - Prevent source check avoidance by RFC 7871 client-subnet (CVE-2026-4893) _______________________________________________ El-errata mailing list
Update to 147.0.7727.101 Critical CVE-2026-6296: Heap buffer overflow in ANGLE Critical CVE-2026-6297: Use after free in Proxy Critical CVE-2026-6298: Heap buffer overflow in Skia Critical CVE-2026-6299: Use after free in Prerender. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-d3c82235d4 2026-04-22 07:48:13.355012+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 43 Version : 147.0.7727.101 Release : 1.fc43 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 147.0.7727.101 Critical CVE-2026-6296: Heap buffer overflow in ANGLE Critical CVE-2026-6297: Use after free in Proxy Critical CVE-2026-6298: Heap buffer overflow in Skia Critical CVE-2026-6299: Use after free in Prerender Critical CVE-2026-6358: Use after free in XR High CVE-2026-6359: Use after free in Video High CVE-2026-6300: Use after free in CSS High CVE-2026-6301: Type Confusion in Turbofan High CVE-2026-6302: Use after free in Video High CVE-2026-6303: Use after free in Codecs High CVE-2026-6304: Use after free in Graphite High CVE-2026-6305: Heap buffer overflow in PDFium High CVE-2026-6306: Heap buffer overflow in PDFium High CVE-2026-6307: Type Confusion in Turbofan High CVE-2026-6308: Out of bounds read in Media High CVE-2026-6309: Use after free in Viz High CVE-2026-6360: Use after free in FileSystem High CVE-2026-6310: Use after free in Dawn High CVE-2026-6311: Uninitialized Use in Accessibility High CVE-2026-6312: Insufficient policy enforcement in Passwords High CVE-2026-6313: Insufficient policy enforcement in CORS High CVE-2026-6314: Out of bounds write in GPU HighCVE-2026-6315: Use after free in Permissions High CVE-2026-6316: Use after free in Forms High CVE-2026-6361: Heap buffer overflow in PDFium High CVE-2026-6362: Use after free in Codecs High CVE-2026-6317: Use after free in Cast Medium CVE-2026-6363: Type Confusion in V8 Medium CVE-2026-6318: Use after free in Codecs Medium CVE-2026-6319: Use after free in Payments Medium CVE-2026-6364: Out of bounds read in Skia -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2026 Than Ngo - 147.0.7727.101-1 - Update to 147.0.7727.101 * Critical CVE-2026-6296: Heap buffer overflow in ANGLE * Critical CVE-2026-6297: Use after free in Proxy * Critical CVE-2026-6298: Heap buffer overflow in Skia * Critical CVE-2026-6299: Use after free in Prerender * Critical CVE-2026-6358: Use after free in XR * High CVE-2026-6359: Use after free in Video * High CVE-2026-6300: Use after free in CSS * High CVE-2026-6301: Type Confusion in Turbofan * High CVE-2026-6302: Use after free in Video * High CVE-2026-6303: Use after free in Codecs * High CVE-2026-6304: Use after free in Graphite * High CVE-2026-6305: Heap buffer overflow in PDFium * High CVE-2026-6306: Heap buffer overflow in PDFium * High CVE-2026-6307: Type Confusion in Turbofan * High CVE-2026-6308: Out of bounds read in Media * High CVE-2026-6309: Use after free in Viz * High CVE-2026-6360: Use after free in FileSystem * High CVE-2026-6310: Use after free in Dawn * High CVE-2026-6311: Uninitialized Use in Accessibility * High CVE-2026-6312: Insufficient policy enforcement in Passwords * High CVE-2026-6313: Insufficient policy enforcement in CORS * High CVE-2026-6314: Out of bounds write in GPU * High CVE-2026-6315: Use after free in Permissions * High CVE-2026-6316: Use after free in Forms * High CVE-2026-6361: Heap buffer overflow in PDFium * High CVE-2026-6362: Use after free in Codecs * High CVE-2026-6317: Use after free in Cast * Medium CVE-2026-6363: Type Confusion in V8 * Medium CVE-2026-6318: Use after free in Codecs * Medium CVE-2026-6319: Use after free in Payments * Medium CVE-2026-6364: Out of bounds read in Skia * Thu Apr 9 2026 Than Ngo - 147.0.7727.55-1 - Update to 147.0.7727.55 * Critical CVE-2026-5858: Heap buffer overflow in WebML * Critical CVE-2026-5859: Integer overflow in WebML * High CVE-2026-5860: Use after free in WebRTC * High CVE-2026-5861: Use after free in V8 * High CVE-2026-5862: Inappropriate implementation in V8 * High CVE-2026-5863: Inappropriate implementation in V8 * High CVE-2026-5864: Heap buffer overflow in WebAudio * High CVE-2026-5865: Type Confusion in V8 * High CVE-2026-5866: Use after free in Media * High CVE-2026-5867: Heap buffer overflow in WebML * High CVE-2026-5868: Heap buffer overflow in ANGLE * High CVE-2026-5869: Heap buffer overflow in WebML * High CVE-2026-5870: Integer overflow in Skia * High CVE-2026-5871: Type Confusion in V8 * High CVE-2026-5872: Use after free in Blink * High CVE-2026-5873: Out of bounds read and write in V8 * Medium CVE-2026-5874: Use after free in PrivateAI * Medium CVE-2026-5875: Policy bypass in Blink * Medium CVE-2026-5876: Side-channel information leakage in Navigation * Medium CVE-2026-5877: Use after free in Navigation * Medium CVE-2026-5878: Incorrect security UI in Blink * Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE * Medium CVE-2026-5880: Incorrect security UI in browser UI * Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess * Medium CVE-2026-5882: Incorrect security UI in Fullscreen * Medium CVE-2026-5883: Use after free in Media * Medium CVE-2026-5884: Insufficient validation of untrusted input in Media * Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML * Medium CVE-2026-5886: Out of bounds read in WebAudio * Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads * Medium CVE-2026-5888: Uninitialized Use in WebCodecs * Medium CVE-2026-5889: Cryptographic Flaw in PDFium * Medium CVE-2026-5890: Race in WebCodecs * Medium CVE-2026-5891: Insufficient policy enforcement in browser UI * Medium CVE-2026-5892: Insufficient policy enforcement in PWAs * Medium CVE-2026-5893: Race in V8 * Low CVE-2026-5894: Inappropriate implementation in PDF * Low CVE-2026-5895: Incorrect security UI in Omnibox * Low CVE-2026-5896: Policy bypass in Audio * Low CVE-2026-5897: Incorrect security UI in Downloads * Low CVE-2026-5898: Incorrect security UI in Omnibox * Low CVE-2026-5899: Incorrect security UI in History Navigation * Low CVE-2026-5900: Policy bypass in Downloads * Low CVE-2026-5901: Policy bypass in DevTools * Low CVE-2026-5902: Race in Media * Low CVE-2026-5903: Policy bypass in IFrameSandbox * Low CVE-2026-5904: Use after free in V8 * Low CVE-2026-5905: Incorrect security UI in Permissions * Low CVE-2026-5906: Incorrect security UI in Omnibox * Low CVE-2026-5907: Insufficient data validation in Media * Low CVE-2026-5908: Integer overflow in Media * Low CVE-2026-5909: Integer overflow in Media * Low CVE-2026-5910: Integer overflow in Media * Low CVE-2026-5911: Policy bypass in ServiceWorkers * Low CVE-2026-5912: Integer overflow in WebRTC * Low CVE-2026-5913: Out of bounds read in Blink * Low CVE-2026-5914: Type Confusion in CSS * Low CVE-2026-5915: Insufficient validation of untrusted input in WebML * Low CVE-2026-5918: Inappropriate implementation in Navigation * Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets -------------------------------------------------------------------------------- References: [ 1 ] Bug #2458847 - CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws[fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458847 [ 2 ] Bug #2458848 - CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458848 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-d3c82235d4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that solves two vulnerabilities can now be installed.. # Security update for libsoup Announcement ID: SUSE-SU-2026:20245-1 Release Date: 2026-01-16T12:54:17Z Rating: important References: * bsc#1256399 * bsc#1256418 Cross-References: * CVE-2026-0716 * CVE-2026-0719 CVSS scores: * CVE-2026-0716 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-0716 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L * CVE-2026-0716 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-0719 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-0719 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-0719 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for libsoup fixes the following issues: * CVE-2026-0716: Fixed out-of-bounds read for websocket (bsc#1256418). * CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-563=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 ppc64le s390x x86_64) * libsoup-3_0-0-debuginfo-3.4.2-11.1 * libsoup-debugsource-3.4.2-11.1 * libsoup-3_0-0-3.4.2-11.1 ## References: * https://www.suse.com/security/cve/CVE-2026-0716.html * https://www.suse.com/security/cve/CVE-2026-0719.html * https://bugzilla.suse.com/show_bug.cgi?id=1256399 * https://bugzilla.suse.com/show_bug.cgi?id=1256418 . SUSE important security update fixes two vulnerabilities for libsoup addressing critical issues. Stay updated and secure your systems.. SUSE Linux, libsoup vulnerabilities,important security update. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for xrdp Announcement ID: SUSE-SU-2026:0477-1 Release Date: 2026-02-12T11:45:23Z Rating: important References: * bsc#1257362 Cross-References: * CVE-2025-68670 CVSS scores: * CVE-2025-68670 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68670 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68670 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2025-68670 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for xrdp fixes the following issues: * CVE-2025-68670: Fix a potential overflow when processing user domain information. (bsc#1257362) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-477=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-477=1 * SUSELinux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-477=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-477=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-477=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-477=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-477=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-477=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * xrdp-devel-0.9.13.1-150200.4.36.1 * libpainter0-debuginfo-0.9.13.1-150200.4.36.1 * libpainter0-0.9.13.1-150200.4.36.1 * librfxencode0-0.9.13.1-150200.4.36.1 * xrdp-debuginfo-0.9.13.1-150200.4.36.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.36.1 * xrdp-0.9.13.1-150200.4.36.1 * xrdp-debugsource-0.9.13.1-150200.4.36.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * xrdp-devel-0.9.13.1-150200.4.36.1 * libpainter0-debuginfo-0.9.13.1-150200.4.36.1 * libpainter0-0.9.13.1-150200.4.36.1 * librfxencode0-0.9.13.1-150200.4.36.1 * xrdp-debuginfo-0.9.13.1-150200.4.36.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.36.1 * xrdp-0.9.13.1-150200.4.36.1 * xrdp-debugsource-0.9.13.1-150200.4.36.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * xrdp-devel-0.9.13.1-150200.4.36.1 * libpainter0-debuginfo-0.9.13.1-150200.4.36.1 * libpainter0-0.9.13.1-150200.4.36.1 * librfxencode0-0.9.13.1-150200.4.36.1 * xrdp-debuginfo-0.9.13.1-150200.4.36.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.36.1 * xrdp-0.9.13.1-150200.4.36.1 * xrdp-debugsource-0.9.13.1-150200.4.36.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * xrdp-devel-0.9.13.1-150200.4.36.1 * libpainter0-debuginfo-0.9.13.1-150200.4.36.1 * libpainter0-0.9.13.1-150200.4.36.1 * librfxencode0-0.9.13.1-150200.4.36.1 * xrdp-debuginfo-0.9.13.1-150200.4.36.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.36.1 * xrdp-0.9.13.1-150200.4.36.1 * xrdp-debugsource-0.9.13.1-150200.4.36.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * xrdp-devel-0.9.13.1-150200.4.36.1 * libpainter0-debuginfo-0.9.13.1-150200.4.36.1 * libpainter0-0.9.13.1-150200.4.36.1 * librfxencode0-0.9.13.1-150200.4.36.1 * xrdp-debuginfo-0.9.13.1-150200.4.36.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.36.1 * xrdp-0.9.13.1-150200.4.36.1 * xrdp-debugsource-0.9.13.1-150200.4.36.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * xrdp-devel-0.9.13.1-150200.4.36.1 * libpainter0-debuginfo-0.9.13.1-150200.4.36.1 * libpainter0-0.9.13.1-150200.4.36.1 * librfxencode0-0.9.13.1-150200.4.36.1 * xrdp-debuginfo-0.9.13.1-150200.4.36.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.36.1 * xrdp-0.9.13.1-150200.4.36.1 * xrdp-debugsource-0.9.13.1-150200.4.36.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * xrdp-devel-0.9.13.1-150200.4.36.1 * libpainter0-debuginfo-0.9.13.1-150200.4.36.1 * libpainter0-0.9.13.1-150200.4.36.1 * librfxencode0-0.9.13.1-150200.4.36.1 * xrdp-debuginfo-0.9.13.1-150200.4.36.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.36.1 * xrdp-0.9.13.1-150200.4.36.1 * xrdp-debugsource-0.9.13.1-150200.4.36.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * xrdp-devel-0.9.13.1-150200.4.36.1 * libpainter0-debuginfo-0.9.13.1-150200.4.36.1 * libpainter0-0.9.13.1-150200.4.36.1 * librfxencode0-0.9.13.1-150200.4.36.1 *xrdp-debuginfo-0.9.13.1-150200.4.36.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.36.1 * xrdp-0.9.13.1-150200.4.36.1 * xrdp-debugsource-0.9.13.1-150200.4.36.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68670.html * https://bugzilla.suse.com/show_bug.cgi?id=1257362 . Important security update for xrdp in SUSE addresses overflow issue with CVE-2025-68670. Install patches timely.. SUSE xrdp security update overflow CVE-2025-68670. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for xrdp Announcement ID: SUSE-SU-2026:0404-1 Release Date: 2026-02-06T16:58:47Z Rating: important References: * bsc#1257362 Cross-References: * CVE-2025-68670 CVSS scores: * CVE-2025-68670 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68670 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68670 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2025-68670 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for xrdp fixes the following issues: * CVE-2025-68670: Fix a potential overflow when processing user domain information. (bsc#1257362) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-404=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-404=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * xrdp-0.9.10-3.22.1 * xrdp-debugsource-0.9.10-3.22.1 * xrdp-debuginfo-0.9.10-3.22.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * xrdp-0.9.10-3.22.1 * xrdp-debugsource-0.9.10-3.22.1 * xrdp-debuginfo-0.9.10-3.22.1 ## References: *https://www.suse.com/security/cve/CVE-2025-68670.html * https://bugzilla.suse.com/show_bug.cgi?id=1257362 . SUSE Security Advisory for xrdp Important Update Fixes Overflow Issue CVE-2025-68670.. xrdp update SUSE important security remote access. . Severity: Important. LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for libsoup2 Announcement ID: SUSE-SU-2026:0253-1 Release Date: 2026-01-22T16:08:15Z Rating: important References: * bsc#1254876 * bsc#1256399 Cross-References: * CVE-2025-14523 * CVE-2026-0719 CVSS scores: * CVE-2025-14523 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-14523 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2025-14523 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-0719 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-0719 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-0719 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for libsoup2 fixes the following issues: * CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876). * CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-253=1 openSUSE-SLE-15.6-2026-253=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-253=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patchSUSE-SLE-Product-SLES-15-SP6-LTSS-2026-253=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-253=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libsoup-2_4-1-2.74.3-150600.4.19.1 * libsoup-2_4-1-debuginfo-2.74.3-150600.4.19.1 * libsoup2-devel-2.74.3-150600.4.19.1 * typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1 * libsoup2-debugsource-2.74.3-150600.4.19.1 * openSUSE Leap 15.6 (x86_64) * libsoup2-devel-32bit-2.74.3-150600.4.19.1 * libsoup-2_4-1-32bit-2.74.3-150600.4.19.1 * libsoup-2_4-1-32bit-debuginfo-2.74.3-150600.4.19.1 * openSUSE Leap 15.6 (noarch) * libsoup2-lang-2.74.3-150600.4.19.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libsoup-2_4-1-64bit-debuginfo-2.74.3-150600.4.19.1 * libsoup2-devel-64bit-2.74.3-150600.4.19.1 * libsoup-2_4-1-64bit-2.74.3-150600.4.19.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libsoup-2_4-1-2.74.3-150600.4.19.1 * libsoup-2_4-1-debuginfo-2.74.3-150600.4.19.1 * libsoup2-devel-2.74.3-150600.4.19.1 * typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1 * libsoup2-debugsource-2.74.3-150600.4.19.1 * Basesystem Module 15-SP7 (noarch) * libsoup2-lang-2.74.3-150600.4.19.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libsoup-2_4-1-2.74.3-150600.4.19.1 * libsoup-2_4-1-debuginfo-2.74.3-150600.4.19.1 * libsoup2-devel-2.74.3-150600.4.19.1 * typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1 * libsoup2-debugsource-2.74.3-150600.4.19.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * libsoup2-lang-2.74.3-150600.4.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libsoup-2_4-1-2.74.3-150600.4.19.1 * libsoup-2_4-1-debuginfo-2.74.3-150600.4.19.1 * libsoup2-devel-2.74.3-150600.4.19.1 * typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1 * libsoup2-debugsource-2.74.3-150600.4.19.1 * SUSE Linux Enterprise Server forSAP Applications 15 SP6 (noarch) * libsoup2-lang-2.74.3-150600.4.19.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14523.html * https://www.suse.com/security/cve/CVE-2026-0719.html * https://bugzilla.suse.com/show_bug.cgi?id=1254876 * https://bugzilla.suse.com/show_bug.cgi?id=1256399 . Important security update for libsoup2 addresses critical issues related to denial of service and data overflow vulnerabilities.. libsoup2 update. . Severity: Important. LinuxSecurity.com Team
An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.. openSUSE security update: security update for xwayland ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20099-1 Rating: important References: * bsc#1251958 * bsc#1251959 * bsc#1251960 Cross-References: * CVE-2025-62229 * CVE-2025-62230 * CVE-2025-62231 CVSS scores: * CVE-2025-62229 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-62229 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-62230 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-62230 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-62231 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-62231 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed. Description: This update for xwayland fixes the following issues: - CVE-2025-62229: Fixed use-after-free in XPresentNotify structures creation (bsc#1251958). - CVE-2025-62230: Fixed use-after-free in Xkb client resource removal (bsc#1251959). - CVE-2025-62231: Fixed value overflow in Xkb extension XkbSetCompatMap() (bsc#1251960). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-65=1 Package List: - openSUSE Leap 16.0: xwayland-24.1.6-160000.3.1 xwayland-devel-24.1.6-160000.3.1 References: * https://www.suse.com/security/cve/CVE-2025-62229.html * https://www.suse.com/security/cve/CVE-2025-62230.html *https://www.suse.com/security/cve/CVE-2025-62231.html . Critical update for openSUSE addresses important issues in XWayland; fixes use-after-free and overflow vulnerabilities.. openSUSE updates, xwayland security, important patches. . Severity: Important. LinuxSecurity.com Team
Update to 141.0.7390.65 * High CVE-2025-11458: Heap buffer overflow in Sync * High CVE-2025-11460: Use after free in Storage * Medium CVE-2025-11211: Out of bounds read in WebCodecs. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-10d67f6509 2025-10-11 00:56:43.169087+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 42 Version : 141.0.7390.65 Release : 1.fc42 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 141.0.7390.65 * High CVE-2025-11458: Heap buffer overflow in Sync * High CVE-2025-11460: Use after free in Storage * Medium CVE-2025-11211: Out of bounds read in WebCodecs -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 8 2025 Than Ngo - 141.0.7390.65-1 - Update to 141.0.7390.65 * High CVE-2025-11458: Heap buffer overflow in Sync * High CVE-2025-11460: Use after free in Storage * Medium CVE-2025-11211: Out of bounds read in WebCodecs * Fri Oct 3 2025 Tom Stellard - 141.0.7390.54-2 - Fix build with clang-22 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2402457 - CVE-2025-11458, CVE-2025-11460, CVE-2025-11211 - chromium security issues [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2402457 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-10d67f6509' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.