Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 518
Alerts This Week
Warning Icon 1 518

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 148 articles for you...
89

Fedora 44 Goose Moderate Tar Permissions Fix 2026-6ff3ef2d32

Update goose to fix fedora#2449678. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-6ff3ef2d32 2026-04-25 01:21:36.171379+00:00 -------------------------------------------------------------------------------- Name : goose Product : Fedora 44 Version : 1.23.2 Release : 8.fc44 URL : https://github.com/block/goose Summary : Extensible AI agent client Description : Goose is your on-machine AI agent, capable of automating complex development tasks from start to finish. More than just code suggestions, goose can build entire projects from scratch, write and execute code, debug failures, orchestrate workflows, and interact with external APIs - autonomously. Whether you're prototyping an idea, refining existing code, or managing intricate engineering pipelines, goose adapts to your workflow and executes tasks with precision. Designed for maximum flexibility, goose works with any LLM and supports multi-model configuration to optimize performance and cost, seamlessly integrates with MCP servers, and is available as both a desktop app as well as CLI - making it the ultimate AI assistant for developers who want to move faster and focus on innovation. -------------------------------------------------------------------------------- Update Information: Update goose to fix fedora#2449678 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 27 2026 Manuel Moran - 1.23.2-8 - [skip changelog] Fix gating * Fri Mar 27 2026 Martin Litwora - 1.23.2-7 - Change the test plan URL to point directly to centos-stream test repository * Thu Mar 26 2026 Sam Doran - 1.23.2-6 - Fix CVE-2026-33056 for tar dependency * Wed Mar 25 2026 Sam Doran - 1.23.2-5 - Raise recursion limit on server_test.rs * Tue Mar 24 2026 Sam Doran - 1.23.2-4 - Add basic goose config * Mon Mar 23 2026 Manuel Moran - 1.23.2-3 - Addgating -------------------------------------------------------------------------------- References: [ 1 ] Bug #2449678 - CVE-2026-33056 goose: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449678 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6ff3ef2d32' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Goose update resolves significant security flaws in Fedora 44, improving stability and performance for users.. Goose AI Agent, Fedora 44 Update, Security Fix, Permissions Issue, Development Tools. . LinuxSecurity.com Team

Calendar%202 Apr 25, 2026 Fedora
172

Ubuntu 20.04 Rustc Important Permissions Elevation Vulnerability USN-8168-2

rustc could be made to modify permissions on arbitrary directories.. ========================================================================== Ubuntu Security Notice USN-8168-2 April 14, 2026 rustc, rustc-1.76, rustc-1.77, rustc-1.78, rustc-1.79, rustc-1.80 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: rustc could be made to modify permissions on arbitrary directories. Software Description: - rustc: Rust systems programming language - rustc-1.76: Rust systems programming language - rustc-1.77: Rust systems programming language - rustc-1.78: Rust systems programming language - rustc-1.79: Rust systems programming language - rustc-1.80: Rust systems programming language Details: USN-8168-1 fixed a vulnerability in Rust. This update provides the corresponding update to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that tar-rs embedded in rustc incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the extraction root, and possibly escalate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS rustc 1.75.0+dfsg0ubuntu1~bpo0-0ubuntu0.20.04.1 Available with Ubuntu Pro rustc-1.76 1.76.0+dfsg0ubuntu1~bpo0-0ubuntu0.20.04.1 Available with Ubuntu Pro rustc-1.77 1.77.2+dfsg1ubuntu1~bpo0-0ubuntu0.20.04.1 Available with Ubuntu Pro rustc-1.78 1.78.0+dfsg1ubuntu1~bpo0-0ubuntu0.20.04.1 Available with Ubuntu Pro rustc-1.79 1.79.0+dfsg1ubuntu1~bpo0-0ubuntu0.20.04.3 Available with Ubuntu Pro rustc-1.80 1.80.1+dfsg0ubuntu1~bpo0-0ubuntu0.20.04.1 Available with Ubuntu Pro Ubuntu 18.04 LTS rustc 1.65.0+dfsg0ubuntu1~llvm2-0ubuntu0.18.04.1 Available with Ubuntu Pro Ubuntu 16.04 LTS rustc 1.47.0+dfsg1+llvm-1ubuntu1~16.04.1ubuntu2 Available with Ubuntu Pro Ubuntu 14.04 LTS rustc 1.31.0+dfsg1+llvm-2ubuntu1~14.04.1ubuntu1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8168-2 https://ubuntu.com/security/notices/USN-8168-1 CVE-2026-33056 . A critical update for rustc addresses permissions issue in Ubuntu versions, affecting security and system integrity.. Ubuntu Rustc Update Permissions Issue Critical. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 14, 2026 Important Ubuntu
100

SUSE Linux Enterprise 12 SP5 tigervnc Key Permissions Problem 2026-1301-1

An update that solves one vulnerability can now be installed.. # Security update for tigervnc Announcement ID: SUSE-SU-2026:1301-1 Release Date: 2026-04-13T16:01:26Z Rating: important References: * bsc#1260871 Cross-References: * CVE-2026-34352 CVSS scores: * CVE-2026-34352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L * CVE-2026-34352 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34352 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for tigervnc fixes the following issues: * CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. (bsc#1260871) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1301=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1301=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * tigervnc-1.6.0-22.23.1 * libXvnc1-1.6.0-22.23.1 * xorg-x11-Xvnc-debuginfo-1.6.0-22.23.1 * tigervnc-debuginfo-1.6.0-22.23.1 * libXvnc1-debuginfo-1.6.0-22.23.1 * tigervnc-debugsource-1.6.0-22.23.1 * xorg-x11-Xvnc-1.6.0-22.23.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * tigervnc-1.6.0-22.23.1 * libXvnc1-1.6.0-22.23.1 * xorg-x11-Xvnc-debuginfo-1.6.0-22.23.1 * tigervnc-debuginfo-1.6.0-22.23.1 * libXvnc1-debuginfo-1.6.0-22.23.1 * tigervnc-debugsource-1.6.0-22.23.1 * xorg-x11-Xvnc-1.6.0-22.23.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34352.html * https://bugzilla.suse.com/show_bug.cgi?id=1260871 . An important update for tigervnc fixes a permissions issue, preventing unauthorized users from screen observation. Install now.. SUSE tigervnc permissions update major. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 14, 2026 Important SuSE
202

openSUSE Leap 15.5 Tigervnc Vital Screen Privacy Update CVE-2026-34352

An update that solves one vulnerability can now be installed.. # Security update for tigervnc Announcement ID: SUSE-SU-2026:1302-1 Release Date: 2026-04-13T16:02:17Z Rating: important References: * bsc#1260871 Cross-References: * CVE-2026-34352 CVSS scores: * CVE-2026-34352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L * CVE-2026-34352 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34352 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for tigervnc fixes the following issues: * CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. (bsc#1260871) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1302=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1302=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1302=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1302=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1302=1 ## Package List: * SUSE Linux Enterprise HighPerformance Computing LTSS 15 SP5 (aarch64 x86_64) * tigervnc-debugsource-1.12.0-150500.4.3.1 * tigervnc-1.12.0-150500.4.3.1 * libXvnc-devel-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-1.12.0-150500.4.3.1 * libXvnc1-debuginfo-1.12.0-150500.4.3.1 * libXvnc1-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1 * tigervnc-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * tigervnc-debugsource-1.12.0-150500.4.3.1 * tigervnc-1.12.0-150500.4.3.1 * libXvnc-devel-1.12.0-150500.4.3.1 * libXvnc1-debuginfo-1.12.0-150500.4.3.1 * libXvnc1-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1 * tigervnc-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le x86_64) * xorg-x11-Xvnc-module-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * tigervnc-debugsource-1.12.0-150500.4.3.1 * tigervnc-1.12.0-150500.4.3.1 * libXvnc-devel-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-1.12.0-150500.4.3.1 * libXvnc1-debuginfo-1.12.0-150500.4.3.1 * libXvnc1-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1 * tigervnc-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * tigervnc-debugsource-1.12.0-150500.4.3.1 * tigervnc-1.12.0-150500.4.3.1 * libXvnc-devel-1.12.0-150500.4.3.1 * libXvnc1-debuginfo-1.12.0-150500.4.3.1 * libXvnc1-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1 * tigervnc-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-1.12.0-150500.4.3.1 * openSUSE Leap 15.5 (noarch) * xorg-x11-Xvnc-java-1.12.0-150500.4.3.1 * tigervnc-x11vnc-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64 i586) * xorg-x11-Xvnc-module-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * tigervnc-debugsource-1.12.0-150500.4.3.1 * tigervnc-1.12.0-150500.4.3.1 * libXvnc-devel-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-1.12.0-150500.4.3.1 * libXvnc1-debuginfo-1.12.0-150500.4.3.1 * libXvnc1-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1 * tigervnc-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34352.html * https://bugzilla.suse.com/show_bug.cgi?id=1260871 . Critical update for tigervnc in openSUSE Leap 15.5 addresses important security flaws affecting screen privacy.. tigervnc security update, openSUSE vulnerability fix, permissions exploit. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 14, 2026 Important OpenSUSE
100

SUSE 2026 Tigervnc Important Permission Fix CVE-2026-34352

An update that solves one vulnerability can now be installed.. # Security update for tigervnc Announcement ID: SUSE-SU-2026:1302-1 Release Date: 2026-04-13T16:02:17Z Rating: important References: * bsc#1260871 Cross-References: * CVE-2026-34352 CVSS scores: * CVE-2026-34352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L * CVE-2026-34352 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34352 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for tigervnc fixes the following issues: * CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. (bsc#1260871) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1302=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1302=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1302=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1302=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1302=1 ## Package List: * SUSE Linux Enterprise HighPerformance Computing LTSS 15 SP5 (aarch64 x86_64) * tigervnc-debugsource-1.12.0-150500.4.3.1 * tigervnc-1.12.0-150500.4.3.1 * libXvnc-devel-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-1.12.0-150500.4.3.1 * libXvnc1-debuginfo-1.12.0-150500.4.3.1 * libXvnc1-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1 * tigervnc-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * tigervnc-debugsource-1.12.0-150500.4.3.1 * tigervnc-1.12.0-150500.4.3.1 * libXvnc-devel-1.12.0-150500.4.3.1 * libXvnc1-debuginfo-1.12.0-150500.4.3.1 * libXvnc1-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1 * tigervnc-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le x86_64) * xorg-x11-Xvnc-module-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * tigervnc-debugsource-1.12.0-150500.4.3.1 * tigervnc-1.12.0-150500.4.3.1 * libXvnc-devel-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-1.12.0-150500.4.3.1 * libXvnc1-debuginfo-1.12.0-150500.4.3.1 * libXvnc1-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1 * tigervnc-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * tigervnc-debugsource-1.12.0-150500.4.3.1 * tigervnc-1.12.0-150500.4.3.1 * libXvnc-devel-1.12.0-150500.4.3.1 * libXvnc1-debuginfo-1.12.0-150500.4.3.1 * libXvnc1-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1 * tigervnc-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-1.12.0-150500.4.3.1 * openSUSE Leap 15.5 (noarch) * xorg-x11-Xvnc-java-1.12.0-150500.4.3.1 * tigervnc-x11vnc-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64 i586) * xorg-x11-Xvnc-module-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * tigervnc-debugsource-1.12.0-150500.4.3.1 * tigervnc-1.12.0-150500.4.3.1 * libXvnc-devel-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-1.12.0-150500.4.3.1 * libXvnc1-debuginfo-1.12.0-150500.4.3.1 * libXvnc1-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1 * tigervnc-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34352.html * https://bugzilla.suse.com/show_bug.cgi?id=1260871 . Protect your systems with the important security update for tigervnc, ensuring no unauthorized screen access.. SUSE Security Update, Important Tigervnc Fix, CVE-2026-34352, Linux Security Issues. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 14, 2026 Important SuSE
172

Ubuntu 25.10 rustc Critical Permissions Escalation USN-8168-1

rustc could be made to modify permissions on arbitrary directories.. ========================================================================== Ubuntu Security Notice USN-8168-1 April 13, 2026 rustc vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: rustc could be made to modify permissions on arbitrary directories. Software Description: - rustc-1.85: Rust systems programming language - rustc-1.88: Rust systems programming language - rustc: Rust systems programming language - rustc-1.74: Rust systems programming language - rustc-1.76: Rust systems programming language - rustc-1.77: Rust systems programming language - rustc-1.78: Rust systems programming language - rustc-1.79: Rust systems programming language - rustc-1.80: Rust systems programming language - rustc-1.81: Rust systems programming language - rustc-1.82: Rust systems programming language - rustc-1.83: Rust systems programming language - rustc-1.84: Rust systems programming language - rustc-1.89: Rust systems programming language - rustc-1.91: Rust systems programming language - rustc-1.62: Rust systems programming language Details: It was discovered that tar-rs embedded in rustc incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the extraction root, and possibly escalate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 rustc-1.85 1.85.1+dfsg0ubuntu2-0ubuntu1.25.04.1 rustc-1.88 1.88.0+dfsg0ubuntu1-0ubuntu2 Ubuntu 24.04 LTS rustc 1.75.0+dfsg0ubuntu1-0ubuntu7.4 rustc-1.74 1.74.1+dfsg0ubuntu1-0ubuntu15 rustc-1.76 1.76.0+dfsg0ubuntu1-0ubuntu0.24.04.2 rustc-1.77 1.77.2+dfsg1ubuntu1-0ubuntu0.24.04.1 rustc-1.78 1.78.0+dfsg1ubuntu1-0ubuntu0.24.04.2 rustc-1.79 1.79.0+dfsg1ubuntu1-0ubuntu0.24.04.1 rustc-1.80 1.80.1+dfsg0ubuntu1-0ubuntu0.24.04.01 rustc-1.81 1.81.0+dfsg0ubuntu1-0ubuntu0.24.04.1 rustc-1.82 1.82.0+dfsg0ubuntu0-0ubuntu0.24.04.1 rustc-1.83 1.83.0+dfsg0ubuntu1~bpo2-0ubuntu0.24.04.1 rustc-1.84 1.84.1+dfsg0ubuntu1~bpo2-0ubuntu2.24.04.1 rustc-1.85 1.85.1+dfsg0ubuntu2~bpo0-0ubuntu0.24.04.2 rustc-1.89 1.89.0+dfsg~24.04-0ubuntu0.24.04.2 rustc-1.91 1.91.1+dfsg~24.04-0ubuntu0.24.04.2 Ubuntu 22.04 LTS rustc 1.75.0+dfsg0ubuntu1~bpo0-0ubuntu0.22.04.1 rustc-1.62 1.62.1+dfsg1-1ubuntu0.22.04.3 rustc-1.76 1.76.0+dfsg0ubuntu1~bpo0-0ubuntu0.22.04.1 rustc-1.77 1.77.2+dfsg1ubuntu1~bpo0-0ubuntu0.22.04.1 rustc-1.78 1.78.0+dfsg1ubuntu1~bpo0-0ubuntu0.22.04.1 rustc-1.79 1.79.0+dfsg1ubuntu1~bpo0-0ubuntu0.22.04.1 rustc-1.80 1.80.1+dfsg0ubuntu1~bpo0-0ubuntu0.22.04.1 rustc-1.81 1.81.0+dfsg0ubuntu0-0ubuntu0.22.04.1 rustc-1.82 1.82.0+dfsg0ubuntu0~jammy-0ubuntu0.22.04.1 rustc-1.83 1.83.0+dfsg0ubuntu2~bpo2-0ubuntu2.22.04.1 rustc-1.84 1.84.1+dfsg0ubuntu1~bpo10-0ubuntu4.22.04.1 rustc-1.85 1.85.1+dfsg0ubuntu2~bpo0-0ubuntu1.22.04.1 rustc-1.89 1.89.0+dfsg~24.04-0ubuntu0.22.04.2 rustc-1.91 1.91.1+dfsg~22.04-0ubuntu0.22.04.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8168-1 CVE-2026-33056 Package Information: https://launchpad.net/ubuntu/+source/rustc-1.85/1.85.1+dfsg0ubuntu2-0ubuntu1.25.04.1 https://launchpad.net/ubuntu/+source/rustc-1.88/1.88.0+dfsg0ubuntu1-0ubuntu2 https://launchpad.net/ubuntu/+source/rustc/1.75.0+dfsg0ubuntu1-0ubuntu7.4 https://launchpad.net/ubuntu/+source/rustc-1.74/1.74.1+dfsg0ubuntu1-0ubuntu15 https://launchpad.net/ubuntu/+source/rustc-1.76/1.76.0+dfsg0ubuntu1-0ubuntu0.24.04.2 https://launchpad.net/ubuntu/+source/rustc-1.77/1.77.2+dfsg1ubuntu1-0ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/rustc-1.78/1.78.0+dfsg1ubuntu1-0ubuntu0.24.04.2 https://launchpad.net/ubuntu/+source/rustc-1.79/1.79.0+dfsg1ubuntu1-0ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/rustc-1.80/1.80.1+dfsg0ubuntu1-0ubuntu0.24.04.01 https://launchpad.net/ubuntu/+source/rustc-1.81/1.81.0+dfsg0ubuntu1-0ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/rustc-1.82/1.82.0+dfsg0ubuntu0-0ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/rustc-1.83/1.83.0+dfsg0ubuntu1~bpo2-0ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/rustc-1.84/1.84.1+dfsg0ubuntu1~bpo2-0ubuntu2.24.04.1 https://launchpad.net/ubuntu/+source/rustc-1.85/1.85.1+dfsg0ubuntu2~bpo0-0ubuntu0.24.04.2 https://launchpad.net/ubuntu/+source/rustc-1.89/1.89.0+dfsg~24.04-0ubuntu0.24.04.2 https://launchpad.net/ubuntu/+source/rustc-1.91/1.91.1+dfsg~24.04-0ubuntu0.24.04.2 https://launchpad.net/ubuntu/+source/rustc/1.75.0+dfsg0ubuntu1~bpo0-0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/rustc-1.62/1.62.1+dfsg1-1ubuntu0.22.04.3 https://launchpad.net/ubuntu/+source/rustc-1.76/1.76.0+dfsg0ubuntu1~bpo0-0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/rustc-1.77/1.77.2+dfsg1ubuntu1~bpo0-0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/rustc-1.78/1.78.0+dfsg1ubuntu1~bpo0-0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/rustc-1.79/1.79.0+dfsg1ubuntu1~bpo0-0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/rustc-1.80/1.80.1+dfsg0ubuntu1~bpo0-0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/rustc-1.81/1.81.0+dfsg0ubuntu0-0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/rustc-1.82/1.82.0+dfsg0ubuntu0~jammy-0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/rustc-1.83/1.83.0+dfsg0ubuntu2~bpo2-0ubuntu2.22.04.1 https://launchpad.net/ubuntu/+source/rustc-1.84/1.84.1+dfsg0ubuntu1~bpo10-0ubuntu4.22.04.1 https://launchpad.net/ubuntu/+source/rustc-1.85/1.85.1+dfsg0ubuntu2~bpo0-0ubuntu1.22.04.1 https://launchpad.net/ubuntu/+source/rustc-1.89/1.89.0+dfsg~24.04-0ubuntu0.22.04.2 https://launchpad.net/ubuntu/+source/rustc-1.91/1.91.1+dfsg~22.04-0ubuntu0.22.04.3 . Explore the critical rustc security advisory on Ubuntu affecting multiple LTS versions linked to permission modifications.. rustc security, Ubuntu permissions, security advisory, Linux updates, application vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 13, 2026 Critical Ubuntu
100

openSUSE Leap 15.6 SUSE tigervnc Important Screen Access Fix CVE-2026-34352

An update that solves one vulnerability can now be installed.. # Security update for tigervnc Announcement ID: SUSE-SU-2026:1252-1 Release Date: 2026-04-10T11:37:03Z Rating: important References: * bsc#1260871 Cross-References: * CVE-2026-34352 CVSS scores: * CVE-2026-34352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L * CVE-2026-34352 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34352 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for tigervnc fixes the following issues: * CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. (bsc#1260871) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1252=1 openSUSE-SLE-15.6-2026-1252=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1252=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1252=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libXvnc1-debuginfo-1.13.1-150600.4.3.1 * tigervnc-debugsource-1.13.1-150600.4.3.1 * libXvnc1-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-1.13.1-150600.4.3.1 * libXvnc-devel-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-debuginfo-1.13.1-150600.4.3.1 * tigervnc-1.13.1-150600.4.3.1 * tigervnc-debuginfo-1.13.1-150600.4.3.1 * openSUSE Leap 15.6 (noarch) * tigervnc-x11vnc-1.13.1-150600.4.3.1 *xorg-x11-Xvnc-novnc-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-java-1.13.1-150600.4.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le x86_64 i586) * xorg-x11-Xvnc-module-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.13.1-150600.4.3.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libXvnc1-debuginfo-1.13.1-150600.4.3.1 * tigervnc-debugsource-1.13.1-150600.4.3.1 * libXvnc1-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-1.13.1-150600.4.3.1 * libXvnc-devel-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-debuginfo-1.13.1-150600.4.3.1 * tigervnc-1.13.1-150600.4.3.1 * tigervnc-debuginfo-1.13.1-150600.4.3.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le x86_64) * xorg-x11-Xvnc-module-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.13.1-150600.4.3.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * xorg-x11-Xvnc-novnc-1.13.1-150600.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libXvnc1-debuginfo-1.13.1-150600.4.3.1 * tigervnc-debugsource-1.13.1-150600.4.3.1 * libXvnc1-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-module-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-1.13.1-150600.4.3.1 * libXvnc-devel-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-debuginfo-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.13.1-150600.4.3.1 * tigervnc-1.13.1-150600.4.3.1 * tigervnc-debuginfo-1.13.1-150600.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * xorg-x11-Xvnc-novnc-1.13.1-150600.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34352.html * https://bugzilla.suse.com/show_bug.cgi?id=1260871 . SUSE releases important update for tigervnc addressing critical permissions issue to enhance system security.. important update,tigervnc permissions,SUSE tigervnc security,screen access fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 10, 2026 Important SuSE
89

Fedora 43 Chunkah Important Update Arbitrary Permissions Fix March 2026

Automatic update for chunkah-0.3.2-1.fc43. Changelog for chunkah * Mon Mar 23 2026 Packit - 0.3.2-1 - Update to 0.3.2 upstream release * Fri Mar 20 2026 Packit - 0.3.1-1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-1269948465 2026-04-01 00:56:24.864638+00:00 -------------------------------------------------------------------------------- Name : chunkah Product : Fedora 43 Version : 0.3.2 Release : 1.fc43 URL : https://github.com/coreos/chunkah Summary : OCI building tool for content-based container image layers Description : chunkah is an OCI building tool that takes a flat rootfs and outputs a layered OCI image with content-based layers. It optimizes container image layer reuse by grouping files based on their content (e.g., by RPM package) rather than by Dockerfile instruction order. It is a generalized successor to rpm-ostree's build-chunked-oci command. -------------------------------------------------------------------------------- Update Information: Automatic update for chunkah-0.3.2-1.fc43. Changelog for chunkah * Mon Mar 23 2026 Packit - 0.3.2-1 - Update to 0.3.2 upstream release * Fri Mar 20 2026 Packit - 0.3.1-1 - Update to 0.3.1 upstream release Automatic update for chunkah-0.3.1-1.fc43. Changelog for chunkah * Fri Mar 20 2026 Packit - 0.3.1-1 - Update to 0.3.1 upstream release -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 23 2026 Packit - 0.3.2-1 - Update to 0.3.2 upstream release * Fri Mar 20 2026 Packit - 0.3.1-1 - Update to 0.3.1 upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #2449673 - CVE-2026-33056 chunkah: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449673 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-1269948465' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Chunkah update for Fedora 43 addresses important permission modifications via crafted tar archive vulnerabilities.. Fedora 43, chunkah update, OCI building tool, security advisory, permission modification. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 01, 2026 Important Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200