Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 18 articles for you...
219
security advisoryimportantparsing issueRocky Linux 10 yggdrasil-worker Important Security Update CVE-2026-25679
Important: yggdrasil-worker-package-manager security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:11412", "synopsis": "Important: yggdrasil-worker-package-manager security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for yggdrasil-worker-package-manager.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "yggdrasil-worker-package-manager is a simple package manager yggd worker. It knows how to install and remove packages, add, remove, enable and disable repositories, and does rudimentary detection of the host it is running on to guess the package manager to use. It only installs packages that match one of the provided allow-pattern regular expressions.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}], "cves": [{"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}], "references": [], "publishedAt": "2026-05-01T12:06:42.394267Z", "rpms": {"Rocky Linux 10": {"nvras": ["yggdrasil-worker-package-manager-0:0.2.3-5.el10_1.ppc64le.rpm", "yggdrasil-worker-package-manager-0:0.2.3-5.el10_1.src.rpm", "yggdrasil-worker-package-manager-debuginfo-0:0.2.3-5.el10_1.aarch64.rpm", "yggdrasil-worker-package-manager-debugsource-0:0.2.3-5.el10_1.aarch64.rpm","yggdrasil-worker-package-manager-debuginfo-0:0.2.3-5.el10_1.s390x.rpm", "yggdrasil-worker-package-manager-debuginfo-0:0.2.3-5.el10_1.ppc64le.rpm", "yggdrasil-worker-package-manager-debuginfo-0:0.2.3-5.el10_1.x86_64.rpm", "yggdrasil-worker-package-manager-debugsource-0:0.2.3-5.el10_1.x86_64.rpm", "yggdrasil-worker-package-manager-0:0.2.3-5.el10_1.s390x.rpm", "yggdrasil-worker-package-manager-0:0.2.3-5.el10_1.x86_64.rpm", "yggdrasil-worker-package-manager-debugsource-0:0.2.3-5.el10_1.ppc64le.rpm", "yggdrasil-worker-package-manager-0:0.2.3-5.el10_1.aarch64.rpm", "yggdrasil-worker-package-manager-debugsource-0:0.2.3-5.el10_1.s390x.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Security update available for yggdrasil-worker-package-manager on Rocky Linux addressing CVE-2026-25679 with important impacts.. CVE-2026-25679, yggdrasil-worker, Rocky Linux, security update, package manager. . Severity: Important. LinuxSecurity.com Team
May 01, 2026
•Important
Rocky Linux
219
security advisorysecurity updateimportantMajor Vulnerability Found in Rocky Linux 11 RLSA-2026-11416 Zephyr Tool
Important: yggdrasil-worker-package-manager security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:11412", "synopsis": "Important: yggdrasil-worker-package-manager security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for yggdrasil-worker-package-manager.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "yggdrasil-worker-package-manager is a simple package manager yggd worker. It knows how to install and remove packages, add, remove, enable and disable repositories, and does rudimentary detection of the host it is running on to guess the package manager to use. It only installs packages that match one of the provided allow-pattern regular expressions.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}], "cves": [{"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}], "references": [], "publishedAt": "2026-05-01T12:06:42.394267Z", "rpms": {"Rocky Linux 10": {"nvras": ["yggdrasil-worker-package-manager-0:0.2.3-5.el10_1.ppc64le.rpm", "yggdrasil-worker-package-manager-0:0.2.3-5.el10_1.src.rpm", "yggdrasil-worker-package-manager-debuginfo-0:0.2.3-5.el10_1.aarch64.rpm", "yggdrasil-worker-package-manager-debugsource-0:0.2.3-5.el10_1.aarch64.rpm","yggdrasil-worker-package-manager-debuginfo-0:0.2.3-5.el10_1.s390x.rpm", "yggdrasil-worker-package-manager-debuginfo-0:0.2.3-5.el10_1.ppc64le.rpm", "yggdrasil-worker-package-manager-debuginfo-0:0.2.3-5.el10_1.x86_64.rpm", "yggdrasil-worker-package-manager-debugsource-0:0.2.3-5.el10_1.x86_64.rpm", "yggdrasil-worker-package-manager-0:0.2.3-5.el10_1.s390x.rpm", "yggdrasil-worker-package-manager-0:0.2.3-5.el10_1.x86_64.rpm", "yggdrasil-worker-package-manager-debugsource-0:0.2.3-5.el10_1.ppc64le.rpm", "yggdrasil-worker-package-manager-0:0.2.3-5.el10_1.aarch64.rpm", "yggdrasil-worker-package-manager-debugsource-0:0.2.3-5.el10_1.s390x.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Yggdrasil-worker-package-manager security update addresses a critical parsing issue in Rocky Linux affecting version 10.. Rocky Linux Yggdrasil Package Manager Security Important. . Severity: Important. LinuxSecurity.com Team
May 01, 2026
•Important
Rocky Linux
219
security advisorysecurity updateimportantRocky Linux 10 RLSA-2026-8840 go-rpm-macros Important IPv6 Parsing Issue
Important: go-rpm-macros security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:8840", "synopsis": "Important: go-rpm-macros security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for go-rpm-macros.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "This package provides build-stage rpm automation to simplify the creation of Go language (golang) packages. It does not need to be included in the default build root: go-srpm-macros will pull it in for Go packages only.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}], "cves": [{"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}], "references": [], "publishedAt": "2026-04-21T12:07:14.176910Z", "rpms": {"Rocky Linux 10": {"nvras": ["go-filesystem-0:3.6.0-8.el10_1.x86_64.rpm", "go-rpm-macros-debuginfo-0:3.6.0-8.el10_1.x86_64.rpm", "go-srpm-macros-0:3.6.0-8.el10_1.noarch.rpm", "go-rpm-templates-0:3.6.0-8.el10_1.s390x.rpm", "go-rpm-macros-0:3.6.0-8.el10_1.src.rpm", "go-rpm-macros-0:3.6.0-8.el10_1.ppc64le.rpm", "go-filesystem-0:3.6.0-8.el10_1.ppc64le.rpm", "go-rpm-macros-debugsource-0:3.6.0-8.el10_1.s390x.rpm", "go-rpm-macros-0:3.6.0-8.el10_1.x86_64.rpm", "go-rpm-macros-debugsource-0:3.6.0-8.el10_1.ppc64le.rpm","go-rpm-macros-0:3.6.0-8.el10_1.s390x.rpm", "go-rpm-macros-debugsource-0:3.6.0-8.el10_1.x86_64.rpm", "go-rpm-macros-0:3.6.0-8.el10_1.aarch64.rpm", "go-filesystem-0:3.6.0-8.el10_1.s390x.rpm", "go-rpm-templates-0:3.6.0-8.el10_1.aarch64.rpm", "go-filesystem-0:3.6.0-8.el10_1.aarch64.rpm", "go-rpm-templates-0:3.6.0-8.el10_1.ppc64le.rpm", "go-rpm-macros-debuginfo-0:3.6.0-8.el10_1.ppc64le.rpm", "go-rpm-templates-0:3.6.0-8.el10_1.x86_64.rpm", "go-rpm-macros-debuginfo-0:3.6.0-8.el10_1.s390x.rpm", "go-rpm-macros-debugsource-0:3.6.0-8.el10_1.aarch64.rpm", "go-rpm-macros-debuginfo-0:3.6.0-8.el10_1.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. go-rpm-macros security update available for Rocky Linux 10 addressing IPv6 parsing issues, including critical fixes.. Rocky Linux updates, Go language security, Security alerts for Linux, Important security updates, Network parsing vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Apr 21, 2026
•Important
Rocky Linux
219
security advisoryimportantipv6Major IPv6 Configuration Flaw Identified in Rocky Linux 10 RLSA-2026-8852
Important: go-rpm-macros security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:8840", "synopsis": "Important: go-rpm-macros security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for go-rpm-macros.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "This package provides build-stage rpm automation to simplify the creation of Go language (golang) packages. It does not need to be included in the default build root: go-srpm-macros will pull it in for Go packages only.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}], "cves": [{"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}], "references": [], "publishedAt": "2026-04-21T12:07:14.176910Z", "rpms": {"Rocky Linux 10": {"nvras": ["go-filesystem-0:3.6.0-8.el10_1.x86_64.rpm", "go-rpm-macros-debuginfo-0:3.6.0-8.el10_1.x86_64.rpm", "go-srpm-macros-0:3.6.0-8.el10_1.noarch.rpm", "go-rpm-templates-0:3.6.0-8.el10_1.s390x.rpm", "go-rpm-macros-0:3.6.0-8.el10_1.src.rpm", "go-rpm-macros-0:3.6.0-8.el10_1.ppc64le.rpm", "go-filesystem-0:3.6.0-8.el10_1.ppc64le.rpm", "go-rpm-macros-debugsource-0:3.6.0-8.el10_1.s390x.rpm", "go-rpm-macros-0:3.6.0-8.el10_1.x86_64.rpm", "go-rpm-macros-debugsource-0:3.6.0-8.el10_1.ppc64le.rpm","go-rpm-macros-0:3.6.0-8.el10_1.s390x.rpm", "go-rpm-macros-debugsource-0:3.6.0-8.el10_1.x86_64.rpm", "go-rpm-macros-0:3.6.0-8.el10_1.aarch64.rpm", "go-filesystem-0:3.6.0-8.el10_1.s390x.rpm", "go-rpm-templates-0:3.6.0-8.el10_1.aarch64.rpm", "go-filesystem-0:3.6.0-8.el10_1.aarch64.rpm", "go-rpm-templates-0:3.6.0-8.el10_1.ppc64le.rpm", "go-rpm-macros-debuginfo-0:3.6.0-8.el10_1.ppc64le.rpm", "go-rpm-templates-0:3.6.0-8.el10_1.x86_64.rpm", "go-rpm-macros-debuginfo-0:3.6.0-8.el10_1.s390x.rpm", "go-rpm-macros-debugsource-0:3.6.0-8.el10_1.aarch64.rpm", "go-rpm-macros-debuginfo-0:3.6.0-8.el10_1.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important update available for go-rpm-macros in Rocky Linux addressing IPv6 host parsing issues with CVE-2026-25679.. go-rpm-macros, rocky linux, security update, parsing issue. . Severity: Important. LinuxSecurity.com Team
Apr 21, 2026
•Important
Rocky Linux
219
security advisoryupdateimportantRocky Linux 8 grafana-pcp Important Security Fix for CVE-2026-25679
Important: grafana-pcp security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:7009", "synopsis": "Important: grafana-pcp security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for grafana-pcp.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}], "cves": [{"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}], "references": [], "publishedAt": "2026-04-10T12:01:16.786705Z", "rpms": {"Rocky Linux 8": {"nvras": ["grafana-pcp-0:5.1.1-13.el8_10.aarch64.rpm", "grafana-pcp-0:5.1.1-13.el8_10.src.rpm", "grafana-pcp-0:5.1.1-13.el8_10.x86_64.rpm", "grafana-pcp-debuginfo-0:5.1.1-13.el8_10.aarch64.rpm", "grafana-pcp-debuginfo-0:5.1.1-13.el8_10.x86_64.rpm", "grafana-pcp-debugsource-0:5.1.1-13.el8_10.aarch64.rpm", "grafana-pcp-debugsource-0:5.1.1-13.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Update available for grafana-pcp on Rocky Linux 8, addressing important security issues with parsing. Stay secure!. RockyLinux,grafana-pcp,security update,important update. . Severity: Important. LinuxSecurity.com Team
Apr 10, 2026
•Important
Rocky Linux
100
security advisorySuSEimportantSUSE Linux Micro 6.0 virtiofsd Key Stack Overflow Resolution 2026-20723-1
An update that solves one vulnerability can now be installed.. # Security update for virtiofsd Announcement ID: SUSE-SU-2026:20723-1 Release Date: 2026-03-12T09:58:13Z Rating: important References: * bsc#1257912 Cross-References: * CVE-2026-25727 CVSS scores: * CVE-2026-25727 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25727 ( NVD ): 6.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for virtiofsd fixes the following issue: * CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257912). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-618=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * virtiofsd-debuginfo-1.10.1-2.1 * virtiofsd-1.10.1-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25727.html * https://bugzilla.suse.com/show_bug.cgi?id=1257912 . SUSE's important advisory details a fix for virtiofsd addressing a critical parsing issue to mitigate stack exhaustion risks.. SUSE update, virtiofsd security, stack exhaustion risk, important advisory, parsing issue. . Severity: Important. LinuxSecurity.com Team
Mar 19, 2026
•Important
SuSE
202
security advisoryimportantparsing issueopenSUSE: alloy Important Parsing Memory Issues CVE-2025-47911 2026:20044-1
An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.. openSUSE security update: security update for alloy ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20044-1 Rating: important References: * bsc#1251509 * bsc#1251716 * bsc#1253609 Cross-References: * CVE-2025-47911 * CVE-2025-47913 * CVE-2025-58190 CVSS scores: * CVE-2025-47911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47911 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-58190 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed. Description: This update for alloy fixes the following issues: Upgrade to version 1.12.1. Security issues fixed: - CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents (bsc#1251509). - CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input (bsc#1251716). - CVE-2025-47913: golang.org/x/crypto: early client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253609). Other updates and bugfixes: - Version 1.12.1: * Bugfixes - update to Beyla 2.7.10. - Version 1.12.0: * Breaking changes - `prometheus.exporter.blackbox`, `prometheus.exporter.snmp` and `prometheus.exporter.statsd` now use the component ID instead of the hostname as their instance label in their exportedmetrics. * Features - (Experimental) Add an `otelcol.receiver.cloudflare` component to receive logs pushed by Cloudflare's LogPush jobs. - (Experimental) Additions to experimental `database_observability.mysql` component: - `explain_plans` - collector now changes schema before returning the connection to the pool. - collector now passes queries more permissively. - enable `explain_plans` collector by default - (Experimental) Additions to experimental `database_observability.postgres` component: - `explain_plans` - added the explain plan collector. - collector now passes queries more permissively. - `query_samples` - add user field to wait events within `query_samples` collector. - rework the query samples collector to buffer per-query execution state across scrapes and emit finalized entries. - process turned idle rows to calculate finalization times precisely and emit first seen idle rows. - `query_details` - escape queries coming from `pg_stat_statements` with quotes. - enable `explain_plans` collector by default. - safely generate `server_id` when UDP socket used for database connection. - add table registry and include "validated" in parsed table name logs. - Add `otelcol.exporter.googlecloudpubsub` community component to export metrics, traces, and logs to Google Cloud Pub/Sub topic. - Add `structured_metadata_drop` stage for `loki.process` to filter structured metadata. - Send remote config status to the remote server for the `remotecfg` service. - Send effective config to the remote server for the `remotecfg` service. - Add a `stat_statements` configuration block to the `prometheus.exporter.postgres` component to enable selecting both the query ID and the full SQL statement. The new block includes one option to enable statement selection, and another to configure the maximum length of the statement text. - Add truncate stagefor `loki.process` to truncate log entries, label values, and `structured_metadata` values. - Add `u_probe_links` & `load_probe` configuration fields to alloy `pyroscope.ebpf` to extend configuration of the `opentelemetry-ebpf-profiler` to allow uprobe profiling and dynamic probing. - Add `verbose_mode` configuration fields to `alloy pyroscope.ebpf` to be enable `ebpf-profiler` verbose mode. - Add `file_match` block to `loki.source.file` for built-in file discovery using glob patterns. - Add a regex argument to the `structured_metadata` stage in `loki.process` to extract labels matching a regular expression. - OpenTelemetry Collector dependencies upgraded from v0.134.0 to v0.139.0. - See the upstream [core](https://github.com/open-telemetry/opentelemetry-collector/blob/v0.139.0/CHANGELOG.md) and [contrib](https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/v0.139.0/CHANGELOG.md) changelogs for more details. - A new `mimir.alerts.kubernetes` component which discovers AlertmanagerConfig Kubernetes resources and loads them into a Mimir instance. - Mark `stage.windowsevent` block in the `loki.process` component as GA. * Enhancements - Add per-application rate limiting with the strategy attribute in the `faro.receiver` component, to prevent one application from consuming the rate limit quota of others. - Add support of tls in components `loki.source.(awsfirehose|gcplog|heroku|api)` and `prometheus.receive_http` and `pyroscope.receive_http`. - Remove `SendSIGKILL=no` from unit files and recommendations. - Reduce memory overhead of `prometheus.remote_write`'s WAL by lowering the size of the allocated series storage. - Reduce lock wait/contention on the `labelstore.LabelStore` by removing unecessary usage from `prometheus.relabel`. - `prometheus.exporter.postgres` dependency has been updated to v0.18.1. - Update Beyla component to 2.7.8. - Support delimiters in`stage.luhn`. - `pyroscope.java`: update `async-profiler` to 4.2. - `prometheus.exporter.unix`: Add an arp config block to configure the ARP collector. - `prometheus.exporter.snowflake` dependency has been updated to 20251016132346-6d442402afb2. - `loki.source.podlogs` now supports `preserve_discovered_labels` parameter to preserve discovered pod metadata labels for use by downstream components. - Rework underlying framework of Alloy UI to use Vite instead of Create React App. - Use POST requests for remote config requests to avoid hitting http2 header limits. - `loki.source.api` during component shutdown will now reject all the inflight requests with status code 503 after `graceful_shutdown_timeout` has expired. - `kubernetes.discovery`: Add support for attaching namespace metadata. - Add `meta_cache_address` to `beyla.ebpf` component. * Bugfixes - Stop `loki.source.kubernetes` discarding log lines with duplicate timestamps. - Fix direction of arrows for pyroscope components in UI graph. - Only log EOF errors for syslog port investigations in `loki.source.syslog` as Debug, not Warn. - Fix `prometheus.exporter.process` ignoring the `remove_empty_groups` argument. - Fix issues with "unknown series ref when trying to add exemplar" from `prometheus.remote_write` by allowing series ref links to be updated if they change. - Fix `loki.source.podlogs` component to register the Kubernetes field index for `spec.nodeName` when node filtering is enabled, preventing "Index with name `field:spec.nodeName` does not exist" errors. - Fix issue in `loki.source.file` where scheduling files could take too long. - Fix `loki.write` no longer includes internal labels __. - Fix missing native histograms custom buckets (NHCB) samples from `prometheus.remote_write`. - `otelcol.receiver.prometheus` now supports mixed histograms if `prometheus.scrape` has `honor_metadata` set to true. - `loki.source.file` has better support fornon-UTF-8 encoded files. - Fix the `loki.write` endpoint block's `enable_http2` attribute to actually affect the client. - Optionally remove trailing newlines before appending entries in `stage.multiline`. - `loki.source.api` no longer drops request when relabel rules drops a specific stream. Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-149=1 Package List: - openSUSE Leap 16.0: alloy-1.12.1-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2025-47911.html * https://www.suse.com/security/cve/CVE-2025-47913.html * https://www.suse.com/security/cve/CVE-2025-58190.html . This update addresses important vulnerabilities in openSUSE for alloy application, including memory issues and parsing vulnerabilities.. openSUSE important alloy update security fix. . Severity: Important. LinuxSecurity.com Team
Jan 17, 2026
•Important
OpenSUSE
89
security advisoryfedoracriticalFedora: python-starlette Critical Parsing Issue Fix FEDORA-2025-4154ea83d0
uv / python-uv-build 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md ruff 0.14.2 https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md Pydantic 2.12.3. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-4154ea83d0 2025-11-05 02:09:57.817569+00:00 -------------------------------------------------------------------------------- Name : python-starlette Product : Fedora 43 Version : 0.49.1 Release : 1.fc43 URL : https://www.starlette.io/ Summary : The little ASGI library that shines Description : Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: \u2022 A lightweight, low-complexity HTTP web framework. \u2022 WebSocket support. \u2022 In-process background tasks. \u2022 Startup and shutdown events. \u2022 Test client built on requests. \u2022 CORS, GZip, Static Files, Streaming responses. \u2022 Session and Cookie support. \u2022 100% test coverage. \u2022 100% type annotated codebase. \u2022 Few hard dependencies. \u2022 Compatible with asyncio and trio backends. \u2022 Great overall performance against independent benchmarks. -------------------------------------------------------------------------------- Update Information: uv / python-uv-build 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md ruff 0.14.2 https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md Pydantic 2.12.3 Blog post maturin 1.9.6 https://github.com/PyO3/maturin/blob/v1.9.6/Changelog.md python-typing-inspection 0.4.2 (2025-10-01) Add typing_objects.is_noextraitems() python-jiter 0.11.0 https://github.com/pydantic/jiter/releases/tag/v0.11.0 python-pydantic-extra-types 2.10.6 https://github.com/pydantic/pydantic-extra-types/releases/tag/v2.10.6 Typer 0.20.0 Features \u2728 Enable command suggestions on typo by default. Upgrades \u2b06\ufe0f Add (official) support for Python3.14. Internal Assorted small enhancements. FastAPI 0.120.1 Upgrades \u2b06\ufe0f Bump Starlette to
Nov 05, 2025
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!