Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
202
security advisoryimportantOpenSUSEopenSUSE phpunit Major Update - CVE-2026-24765 Poisoned Pipeline Issue
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for phpunit ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0061-1 Rating: important References: #1257381 Cross-References: CVE-2026-24765 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for phpunit fixes the following issues: version 9.6.34: - CVE-2026-24765: prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage (boo#1257381) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-61=1 Package List: - openSUSE Backports SLE-15-SP7 (noarch): php7-phpunit-9.6.34-bp157.2.3.1 php8-phpunit-9.6.34-bp157.2.3.1 References: https://www.suse.com/security/cve/CVE-2026-24765.html https://bugzilla.suse.com/1257381 . Critical security update for phpunit on openSUSE addresses CVE-2026-24765 vulnerabilities and enhances security.. openSUSE phpunit security patch CVE-2026-24765 important update. . Severity: Important. LinuxSecurity.com Team
Feb 24, 2026
•Important
OpenSUSE
197
security advisorysecurity updatesecurity issueDebian 11 phpunit Remote Code Execution Risk DLA-4470-1 CVE-2026-24765
PHPUnit is a testing framework for PHP. A vulnerability has been discovered involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the `cleanupForCoverage()` method, which deserializes code coverage files without validation, potentially allowing remote code execution if. Debian LTS Advisory DLA-4470-1
Feb 06, 2026
•Critical
Debian LTS
89
security advisoryfedoraupdateFedora 42 Security Advisory for PHPUnit 12.5.8 - CVE-2026-24765 Risk
Version 12.5.8 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-8c25940d05 2026-02-06 01:09:06.041429+00:00 -------------------------------------------------------------------------------- Name : phpunit12 Product : Fedora 42 Version : 12.5.8 Release : 1.fc42 URL : https://github.com/sebastianbergmann/phpunit Summary : The PHP Unit Testing framework version 12 Description : PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. This package provides the version 12 of PHPUnit, available using the phpunit12 command. Documentation: https://phpunit.de/documentation.html -------------------------------------------------------------------------------- Update Information: Version 12.5.8 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs Version 12.5.7 - 2026-01-24 Fixed #6362: Manually instantiated test doubles are broken since PHPUnit 11.2 #6470: Infinite recursion in Count::getCountOf() for unusal implementations of Iterator or IteratorAggregate Version 12.5.6 - 2026-01-16 Changed Reverted a change that caused a build failure for the PHP project's nightly community job Version 12.5.5 - 2026-01-15 Deprecated #6461: any() matcher (soft deprecation) Fixed #6470: Mocking a class with a property hook setter accepting more types than the property results in a fatalerror -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 27 2026 Remi Collet - 12.5.8-1 - update to 12.5.8 * Mon Jan 26 2026 Remi Collet - 12.5.7-1 - update to 12.5.7 - raise dependency on sebastian/comparator 7.1.4 * Sat Jan 17 2026 Remi Collet - 12.5.6-1 - update to 12.5.6 * Thu Jan 15 2026 Remi Collet - 12.5.5-1 - update to 12.5.5 - raise dependency on phpunit/php-code-coverage 12.5.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2433676 - CVE-2026-24765 phpunit12: PHPUnit: Arbitrary code execution via unsafe deserialization of code coverage files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2433676 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-8c25940d05' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 06, 2026
•Critical
Fedora
89
security advisoryfedoraarbitrary code executionFedora 42 phpunit11 Important Arbitrary Code Execution Vulner 2026-24765
Version 11.5.50 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c3b42a28dd 2026-02-06 01:09:06.041426+00:00 -------------------------------------------------------------------------------- Name : phpunit11 Product : Fedora 42 Version : 11.5.50 Release : 1.fc42 URL : https://github.com/sebastianbergmann/phpunit Summary : The PHP Unit Testing framework version 11 Description : PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. This package provides the version 11 of PHPUnit, available using the phpunit11 command. Documentation: https://phpunit.de/documentation.html -------------------------------------------------------------------------------- Update Information: Version 11.5.50 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs Version 11.5.49 - 2026-01-24 Fixed #6362: Manually instantiated test doubles are broken since PHPUnit 11.2 #6470: Infinite recursion in Count::getCountOf() for unusal implementations of Iterator or IteratorAggregate Version 11.5.48 - 2026-01-16 Changed Reverted a change that caused a build failure for the PHP project's nightly community job Version 11.5.47 - 2026-01-15 Fixed #6470: Mocking a class with a property hook setter accepting more types than the property results in a fatal error -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 27 2026 Remi Collet - 11.5.50-1 - update to 11.5.50 * Mon Jan 26 2026 Remi Collet - 11.5.49-1 - update to 11.5.49 - raise dependency on sebastian/comparator 6.3.3 * Sat Jan 17 2026 Remi Collet - 11.5.48-1 - update to 11.5.48 * Thu Jan 15 2026 Remi Collet - 11.5.47-1 - update to 11.5.47 - raise dependency on phpunit/php-code-coverage 11.0.12 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2433680 - CVE-2026-24765 phpunit11: PHPUnit: Arbitrary code execution via unsafe deserialization of code coverage files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2433680 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c3b42a28dd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 06, 2026
•Important
Fedora
89
security advisoryfedoracriticalFedora 42 PHPUnit8 Critical Code Exec Issue 2026-8a7678fa99
Version 8.5.52 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-8a7678fa99 2026-02-06 01:09:06.041418+00:00 -------------------------------------------------------------------------------- Name : phpunit8 Product : Fedora 42 Version : 8.5.52 Release : 1.fc42 URL : https://github.com/sebastianbergmann/phpunit Summary : The PHP Unit Testing framework version 8 Description : PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. This package provides the version 8 of PHPUnit, available using the phpunit8 command. Documentation: https://phpunit.de/documentation.html -------------------------------------------------------------------------------- Update Information: Version 8.5.52 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs Version 8.5.51 - 2026-01-24 Changed PHPUnit\Framework\MockObject exceptions subtypes of PHPUnit\Exception -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 27 2026 Remi Collet - 8.5.52-1 - update to 8.5.52 * Mon Jan 26 2026 Remi Collet - 8.5.51-1 - update to 8.5.51 - raise dependency on sebastian/comparator 3.0.7 - phpspec/prophecy is optional -------------------------------------------------------------------------------- References: [ 1 ] Bug #2433681 - CVE-2026-24765 phpunit8: PHPUnit: Arbitrary code execution via unsafe deserialization of code coveragefiles [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2433681 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-8a7678fa99' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 06, 2026
•Critical
Fedora
89
security advisoryfedoraupdateFedora 43 PHPUnit 10.5.63 Important Security Update 2026-24765
Version 10.5.63 - 2026-01-27 Fixed Regression introduced in PHPUnit 9.6.33 Version 10.5.62 - 2026-01-27 Changed. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ff411cd463 2026-02-05 00:57:20.049046+00:00 -------------------------------------------------------------------------------- Name : phpunit10 Product : Fedora 43 Version : 10.5.63 Release : 1.fc43 URL : https://github.com/sebastianbergmann/phpunit Summary : The PHP Unit Testing framework version 10 Description : PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. This package provides the version 10 of PHPUnit, available using the phpunit10 command. Documentation: https://phpunit.de/documentation.html -------------------------------------------------------------------------------- Update Information: Version 10.5.63 - 2026-01-27 Fixed Regression introduced in PHPUnit 9.6.33 Version 10.5.62 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs Version 10.5.61 - 2026-01-24 Changed PHPUnit\Framework\MockObject exceptions are now subtypes of PHPUnit\Exception -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 27 2026 Remi Collet - 10.5.63-1 - update to 10.5.63 * Mon Jan 26 2026 Remi Collet - 10.5.61-1 - update to 10.5.61 - raise dependency on sebastian/comparator 5.0.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2433679 - CVE-2026-24765 phpunit10: PHPUnit: Arbitrary code execution via unsafe deserialization of code coverage files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2433679 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ff411cd463' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 05, 2026
•Important
Fedora
89
security advisoryfedoracode executionFedora 43 phpunit9 Important Update for Code Execution Risk 2026-8d8a292bba
Version 9.6.34 - 2026-01-27 Fixed Regression introduced in PHPUnit 9.6.33 Version 9.6.33 - 2026-01-27 Changed. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-8d8a292bba 2026-02-05 00:57:20.049043+00:00 -------------------------------------------------------------------------------- Name : phpunit9 Product : Fedora 43 Version : 9.6.34 Release : 1.fc43 URL : https://github.com/sebastianbergmann/phpunit Summary : The PHP Unit Testing framework version 9 Description : PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. This package provides the version 9 of PHPUnit, available using the phpunit9 command. Documentation: https://phpunit.de/documentation.html -------------------------------------------------------------------------------- Update Information: Version 9.6.34 - 2026-01-27 Fixed Regression introduced in PHPUnit 9.6.33 Version 9.6.33 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs Version 9.6.32 - 2026-01-24 Changed PHPUnit\Framework\MockObject exceptions are now subtypes of PHPUnit\Exception -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 27 2026 Remi Collet - 9.6.34-1 - update to 9.6.34 * Mon Jan 26 2026 Remi Collet - 9.6.32-1 - update to 9.6.32 - raise dependency on sebastian/comparator 4.0.10 - phpspec/prophecy is optional -------------------------------------------------------------------------------- References: [ 1 ] Bug #2433678 - CVE-2026-24765 phpunit9: PHPUnit: Arbitrary code execution via unsafe deserialization of code coverage files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2433678 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-8d8a292bba' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 05, 2026
•Important
Fedora
172
security advisoryremote code executionUbuntuUbuntu 16.04 LTS: USN-7171-1 critical: phpunit remote code execution
PHPUnit could be made to crash or run programs if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-7171-1 December 18, 2024 phpunit vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: PHPUnit could be made to crash or run programs if it received specially crafted network traffic. Software Description: - phpunit: Unit testing suite for PHP Details: It was discovered that PHPUnit incorrectly handled web requests if exposed to the internet. An attacker could possibly use this issue to achive remote code execution or obtain sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS phpunit 5.1.3-1+ubuntu3+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7171-1 CVE-2017-9841 . PHPUnit 5.1.3-2 patch resolves a vulnerability enabling remote code execution on Ubuntu 20.04 via specially designed requests.. phpunit security, Ubuntu updates, remote execution, security advisory, network vulnerability. . Severity: Critical. LinuxSecurity.com Team
Dec 18, 2024
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!