Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 998 articles for you...
202

openSUSE Grafana Moderate Information Disclosure Fix 2026-21351-1

An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed.. openSUSE security update: security update for grafana ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21351-1 Rating: moderate References: * bsc#1262187 * bsc#1263272 Cross-References: * CVE-2025-12141 * CVE-2026-21725 * CVE-2026-41607 CVSS scores: * CVE-2025-12141 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-12141 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N * CVE-2026-21725 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L * CVE-2026-21725 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-41607 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-41607 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed. Description: This update for grafana fixes the following issues: Changes in grafana: - Add UI web assets as additional source tarball - Update to version 12.4.5 (jsc#PED-16512): * Datasources: return 400 when payload UID does not match URL UID in PUT /api/datasources/uid/:uid - Update to version 12.4.4: * Security and quality updates. * Various bug fixes and enhancements. - Update to version 12.4.3: * Analytics: Keep internal dashboard id. * Go: Update to 1.25.9. * Reporting: Correctly apply appSubURL to report settings requests. * Alerting: Document Grafana HA Alertmanager cluster metrics prefix change. - Update to version 12.4.2: * Various bug fixes and performance improvements. * Dependency updates to core plugins and UI libraries. - Update to version 12.4.1: * Bug fixes and minor quality-of-life enhancements. * Updates to data sourceprovisioning and dashboard schemas. - Update to version 12.4.0: * Introduced dynamic dashboards in public preview. * Added a new side toolbar that replaces the second top toolbar to provide additional vertical space. * Added the ability to create dashboards from templates using sample data. * Revamped the gauge visualization with rounded bars, configurable bar thickness, and endpoint markers. * Added support to map one variable to multiple values. * CVE-2025-12141: Fixed information leakage in Grafana Alerting (bsc#1262187) - Update to version 12.3.0: * Released a completely redesigned logs visualization. * Added the ability to export dashboards directly as PNG images. * Introduced an interactive learning experience within the Grafana UI. * Added a Switch template variable type to quickly toggle between values in queries. * Added functionality to style table cells using CSS properties via the field cell option. - Update to version 12.2.0: * Routine feature enhancements, minor bug fixes, and security patches. - Update to version 12.1.0: * Added support for Entra Workload Identity to enhance authentication capabilities with federated credentials. * Redesigned the alert rule list page. * Renamed Mute Timings to Active Time Intervals in Grafana Alerting. * Added support for Service Account Impersonation in the BigQuery data source. * Introduced the Grafana Advisor in public preview. - Update to version 12.0.0: * BREAKING: Removed AngularJS and all deprecated UI Extensions APIs. * BREAKING: Enforced stricter version compatibility checks in plugin CLI install commands. * BREAKING: Enabled the failWrongDSUID feature flag by default, which rejects data sources with incorrect UIDs. * MIGRATION: Triggered a full-table rewrite for the annotation table, which may temporarily increase disk usage. * Introduced a new dashboard schema to replace the original single grid layout. - CVE-2026-41607: Fix potentialinformation disclosure in Apache Thrift (bsc#1263272) Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-416=1 Package List: - openSUSE Leap 16.0: grafana-12.4.5-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2025-12141.html * https://www.suse.com/security/cve/CVE-2026-21725.html * https://www.suse.com/security/cve/CVE-2026-41607.html . An important security update for Grafana on openSUSE fixes several issues and vulnerabilities to enhance system protection.. opensuse grafana security update CVE information disclosure. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 15, 2026 moderate OpenSUSE
217

Oracle Linux 8 libtasn1 Low Remote Access Threat ELSA-2026-36728

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-36728 http://linux.oracle.com/errata/ELSA-2026-36728.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libtasn1-4.13-6.el8_10.i686.rpm libtasn1-4.13-6.el8_10.x86_64.rpm libtasn1-devel-4.13-6.el8_10.i686.rpm libtasn1-devel-4.13-6.el8_10.x86_64.rpm libtasn1-tools-4.13-6.el8_10.x86_64.rpm aarch64: libtasn1-4.13-6.el8_10.aarch64.rpm libtasn1-devel-4.13-6.el8_10.aarch64.rpm libtasn1-tools-4.13-6.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/libtasn1-4.13-6.el8_10.src.rpm Related CVEs: CVE-2025-13151 Description of changes: [4.13-6] - Backport the fix for CVE-2025-13151 (RHEL-139546) _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux Advisory ELSA-2026-36728 addresses a low severity security issue in libtasn1 with CVE-2025-13151.. Oracle Linux, Security Advisory, libtasn1, CVE-2025-13151, Low Severity. . Severity: Low. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 Low Oracle
89

Fedora 43 python-pendulum Important RUSTSEC Fix Update 2026-e55bcd0c54

Update to 3.2.0 (final). Update PyO3 to 0.29, fixing RUSTSEC-2026-0176 and RUSTSEC-2026-0177.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e55bcd0c54 2026-07-10 01:05:32.166888+00:00 -------------------------------------------------------------------------------- Name : python-pendulum Product : Fedora 43 Version : 3.2.0 Release : 1.fc43 URL : https://pendulum.eustace.io Summary : Python datetimes made easy Description : Unlike other datetime libraries for Python, Pendulum is a drop-in replacement for the standard datetime class (it inherits from it), so, basically, you can replace all your datetime instances by DateTime instances in you code. It also removes the notion of naive datetimes: each Pendulum instance is timezone-aware and by default in UTC for ease of use. -------------------------------------------------------------------------------- Update Information: Update to 3.2.0 (final). Update PyO3 to 0.29, fixing RUSTSEC-2026-0176 and RUSTSEC-2026-0177. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 30 2026 Benjamin A. Beasley - 3.2.0-1 - Update to 3.2.0 (final); Fixes RHBZ#2435482 - Update PyO3 to 0.29 (fixes RUSTSEC-2026-0176, RUSTSEC-2026-0177) * Thu Jun 4 2026 Python Maint - 3.2.0~dev0^20251024git628fd85-3 - Rebuilt for Python 3.15 * Sat Jan 17 2026 Fedora Release Engineering - 3.2.0~dev0^20251024git628fd85-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2435482 - python-pendulum-3.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2435482 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e55bcd0c54' at thecommand line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fedora 43 addresses important RUSTSEC issues on python-pendulum 3.2.0, requiring prompt updates for security.. Fedora security, python-pendulum, update notification, RUSTSEC, package fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 09, 2026 Important Fedora
202

openSUSE Tumbleweed Cargo Moderate Security Fix 2026-11210-1

An update that solves 8 vulnerabilities can now be installed.. # cargo-c-0.10.23-1.1 on GA media Announcement ID: openSUSE-SU-2026:11210-1 Rating: moderate Cross-References: * CVE-2026-41676 * CVE-2026-41677 * CVE-2026-41678 * CVE-2026-41681 * CVE-2026-41898 * CVE-2026-42327 * CVE-2026-44662 * CVE-2026-45784 CVSS scores: * CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-41676 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-41677 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-41677 ( SUSE ): 1.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U * CVE-2026-41678 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-41678 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-41681 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-41681 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-41898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L * CVE-2026-41898 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-42327 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-42327 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-44662 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-44662 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-45784 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-45784 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 8 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the cargo-c-0.10.23-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * cargo-c0.10.23-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41676.html * https://www.suse.com/security/cve/CVE-2026-41677.html * https://www.suse.com/security/cve/CVE-2026-41678.html * https://www.suse.com/security/cve/CVE-2026-41681.html * https://www.suse.com/security/cve/CVE-2026-41898.html * https://www.suse.com/security/cve/CVE-2026-42327.html * https://www.suse.com/security/cve/CVE-2026-44662.html * https://www.suse.com/security/cve/CVE-2026-45784.html . An update for openSUSE Tumbleweed fixes 8 moderate-security issues in cargo-c-0.10.23-1.1, enhancing system security.. openSUSE cargo-c update security issues package. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 09, 2026 moderate OpenSUSE
202

openSUSE Tumbleweed json-c-devel Moderate Update for 4 Issues 2026-11188-1

An update that solves 4 vulnerabilities can now be installed.. # json-c-devel-0.19-1.1 on GA media Announcement ID: openSUSE-SU-2026:11188-1 Rating: moderate Cross-References: * CVE-2013-6370 * CVE-2013-6371 * CVE-2026-11322 * CVE-2026-9146 Affected Products: * openSUSE Tumbleweed An update that solves 4 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the json-c-devel-0.19-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * json-c-devel 0.19-1.1 * json-c-doc 0.19-1.1 * libjson-c5 0.19-1.1 * libjson-c5-32bit 0.19-1.1 ## References: * https://www.suse.com/security/cve/CVE-2013-6370.html * https://www.suse.com/security/cve/CVE-2013-6371.html * https://www.suse.com/security/cve/CVE-2026-11322.html * https://www.suse.com/security/cve/CVE-2026-9146.html . New update for openSUSE Tumbleweed addresses 4 security issues in the json-c-devel package with moderate severity.. openSUSE Tumbleweed, json-c-devel, moderate severity, security update, package vulnerabilities. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 07, 2026 moderate OpenSUSE
100

SUSE 15 SP6 Buildah Important Denial Of Service Issues SUSE-SU-2026-2733-1

An update that solves 25 vulnerabilities can now be installed.. # Security update for buildah Announcement ID: SUSE-SU-2026:2733-1 Release Date: 2026-07-02T18:05:10Z Rating: important References: * bsc#1262953 * bsc#1266191 * bsc#1266648 * bsc#1267179 Cross-References: * CVE-2025-22869 * CVE-2025-27144 * CVE-2025-47913 * CVE-2025-47914 * CVE-2025-52881 * CVE-2026-25680 * CVE-2026-25681 * CVE-2026-27136 * CVE-2026-34986 * CVE-2026-39821 * CVE-2026-39827 * CVE-2026-39828 * CVE-2026-39829 * CVE-2026-39830 * CVE-2026-39831 * CVE-2026-39832 * CVE-2026-39833 * CVE-2026-39834 * CVE-2026-39835 * CVE-2026-42502 * CVE-2026-42506 * CVE-2026-42508 * CVE-2026-46595 * CVE-2026-46597 * CVE-2026-46598 CVSS scores: * CVE-2025-22869 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-22869 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-27144 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-27144 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-27144 ( NVD ): 6.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47914 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47914 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-52881 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-52881 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-52881 ( NVD ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-52881 ( NVD ): 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2026-25680 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25680 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-25681 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-25681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-25681 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-27136 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-27136 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-27136 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-34986 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39821 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-39821 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39827 ( SUSE ): 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39827 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39828 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-39828 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-39829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39829 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39829 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39830 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-39830 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39831 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N * CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-39832 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39832 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N * CVE-2026-39833 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39833 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39834 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39835 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-39835 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42502 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-42502 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-42502 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-42506 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-42506 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-42506 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-42508 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-42508 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-42508 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46595 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46595 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-46595 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46597 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46598 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Containers Module 15-SP7 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 25 vulnerabilities can now be installed. ## Description: This update for buildah fixes the following issues * CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files (bsc#1267179). * CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE input with a missing encrypted key can lead to a denial of service (bsc#1262953). * CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (bsc#1266648). * CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266191). * CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266191). * CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266191). * CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses ingolang.org/x/crypto/ssh (bsc#1266191). * CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh (bsc#1266191). * CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent (bsc#1266191). * CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266191). * CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266191). * CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266191). * CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts (bsc#1266191). * CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh (bsc#1266191). * CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266191). * CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266191). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2733=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2733=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2733=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2733=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-2733=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patchSUSE-SLE-Product-SLES_SAP-15-SP5-2026-2733=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2733=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-2733=1 ## Package List: * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * buildah-1.35.5-150500.3.62.1 * openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64) * buildah-1.35.5-150500.3.62.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * buildah-1.35.5-150500.3.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * buildah-1.35.5-150500.3.62.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * buildah-1.35.5-150500.3.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * buildah-1.35.5-150500.3.62.1 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * buildah-1.35.5-150500.3.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * buildah-1.35.5-150500.3.62.1 ## References: * https://www.suse.com/security/cve/CVE-2025-22869.html * https://www.suse.com/security/cve/CVE-2025-27144.html * https://www.suse.com/security/cve/CVE-2025-47913.html * https://www.suse.com/security/cve/CVE-2025-47914.html * https://www.suse.com/security/cve/CVE-2025-52881.html * https://www.suse.com/security/cve/CVE-2026-25680.html * https://www.suse.com/security/cve/CVE-2026-25681.html * https://www.suse.com/security/cve/CVE-2026-27136.html * https://www.suse.com/security/cve/CVE-2026-34986.html * https://www.suse.com/security/cve/CVE-2026-39821.html * https://www.suse.com/security/cve/CVE-2026-39827.html * https://www.suse.com/security/cve/CVE-2026-39828.html * https://www.suse.com/security/cve/CVE-2026-39829.html * https://www.suse.com/security/cve/CVE-2026-39830.html *https://www.suse.com/security/cve/CVE-2026-39831.html * https://www.suse.com/security/cve/CVE-2026-39832.html * https://www.suse.com/security/cve/CVE-2026-39833.html * https://www.suse.com/security/cve/CVE-2026-39834.html * https://www.suse.com/security/cve/CVE-2026-39835.html * https://www.suse.com/security/cve/CVE-2026-42502.html * https://www.suse.com/security/cve/CVE-2026-42506.html * https://www.suse.com/security/cve/CVE-2026-42508.html * https://www.suse.com/security/cve/CVE-2026-46595.html * https://www.suse.com/security/cve/CVE-2026-46597.html * https://www.suse.com/security/cve/CVE-2026-46598.html * https://bugzilla.suse.com/show_bug.cgi?id=1262953 * https://bugzilla.suse.com/show_bug.cgi?id=1266191 * https://bugzilla.suse.com/show_bug.cgi?id=1266648 * https://bugzilla.suse.com/show_bug.cgi?id=1267179 . Critical SUSE security update resolves 25 issues in Buildah, implementing important precautions against potential exploits. Install now.. SUSE security update Buildah vulnerabilities administration management. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 03, 2026 Important SuSE
172

Ubuntu 26.04 LTS libheif Critical Denial of Service CVE-2026-47178

Several security issues were fixed in libheif.. ========================================================================== Ubuntu Security Notice USN-8479-1 June 29, 2026 libheif vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 Summary: Several security issues were fixed in libheif. Software Description: - libheif: An ISO/IEC 23008-12:2017 HEIF and AVIF file format decoder and encoder Details: It was discovered that libheif incorrectly handled certain crafted HEIF files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-47178) It was discovered that libheif incorrectly validated offsets when decoding certain crafted HEIF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-49271) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS heif-gdk-pixbuf 1.21.2-3ubuntu0.2 heif-thumbnailer 1.21.2-3ubuntu0.2 heif-view 1.21.2-3ubuntu0.2 libheif-dev 1.21.2-3ubuntu0.2 libheif-plugin-aomdec 1.21.2-3ubuntu0.2 libheif-plugin-aomenc 1.21.2-3ubuntu0.2 libheif-plugin-dav1d 1.21.2-3ubuntu0.2 libheif-plugin-ffmpegdec 1.21.2-3ubuntu0.2 libheif-plugin-j2kdec 1.21.2-3ubuntu0.2 libheif-plugin-j2kenc 1.21.2-3ubuntu0.2 libheif-plugin-jpegdec 1.21.2-3ubuntu0.2 libheif-plugin-jpegenc 1.21.2-3ubuntu0.2 libheif-plugin-kvazaar 1.21.2-3ubuntu0.2 libheif-plugin-libde265 1.21.2-3ubuntu0.2 libheif-plugin-rav1e 1.21.2-3ubuntu0.2 libheif-plugin-svtenc 1.21.2-3ubuntu0.2 libheif-plugin-x265 1.21.2-3ubuntu0.2 libheif-plugins-all 1.21.2-3ubuntu0.2 libheif1 1.21.2-3ubuntu0.2 Ubuntu 25.10 heif-gdk-pixbuf 1.20.2-1ubuntu0.5 heif-thumbnailer 1.20.2-1ubuntu0.5 heif-view 1.20.2-1ubuntu0.5 libheif-dev 1.20.2-1ubuntu0.5 libheif-plugin-aomdec 1.20.2-1ubuntu0.5 libheif-plugin-aomenc 1.20.2-1ubuntu0.5 libheif-plugin-dav1d 1.20.2-1ubuntu0.5 libheif-plugin-ffmpegdec 1.20.2-1ubuntu0.5 libheif-plugin-j2kdec 1.20.2-1ubuntu0.5 libheif-plugin-j2kenc 1.20.2-1ubuntu0.5 libheif-plugin-jpegdec 1.20.2-1ubuntu0.5 libheif-plugin-jpegenc 1.20.2-1ubuntu0.5 libheif-plugin-kvazaar 1.20.2-1ubuntu0.5 libheif-plugin-libde265 1.20.2-1ubuntu0.5 libheif-plugin-rav1e 1.20.2-1ubuntu0.5 libheif-plugin-svtenc 1.20.2-1ubuntu0.5 libheif-plugin-x265 1.20.2-1ubuntu0.5 libheif-plugins-all 1.20.2-1ubuntu0.5 libheif1 1.20.2-1ubuntu0.5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8479-1 CVE-2026-47178, CVE-2026-49271 Package Information: https://launchpad.net/ubuntu/+source/libheif/1.21.2-3ubuntu0.2 https://launchpad.net/ubuntu/+source/libheif/1.20.2-1ubuntu0.5 . Several issues fixed in libheif on Ubuntu, addressing denial of service and code execution risks.. Ubuntu libheif security patch, Denial of service vulnerability, Code execution risk, Package update Ubuntu. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 29, 2026 Critical Ubuntu
217

Oracle Linux 9 Redis Important Update CVE-2026-25243 ELSA-2026-23229

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-23229 http://linux.oracle.com/errata/ELSA-2026-23229.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: redis-6.2.22-1.el9_8.x86_64.rpm redis-devel-6.2.22-1.el9_8.i686.rpm redis-devel-6.2.22-1.el9_8.x86_64.rpm redis-doc-6.2.22-1.el9_8.noarch.rpm aarch64: redis-6.2.22-1.el9_8.aarch64.rpm redis-devel-6.2.22-1.el9_8.aarch64.rpm redis-doc-6.2.22-1.el9_8.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/redis-6.2.22-1.el9_8.src.rpm Related CVEs: CVE-2026-25243 Description of changes: [6.2.22-1] - rebase to 6.2.22 for CVE-2026-25243 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Updated RPMs for Oracle Linux 9 include important security fixes for Redis, addressing CVE-2026-25243.. Oracle Linux, Security Advisory, Redis Update, CVE-2026-25243. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 26, 2026 Important Oracle
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200