Explore top 10 tips to secure your open-source projects now. Read More
×
Update to 2.2.1. Fixes rhbz#2479556. Mitigates CVE-2026-11837 (rhbz#2487430, rhbz#2487431, rhbz#2487432). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-50e5126be4 2026-07-17 01:08:58.262226+00:00 -------------------------------------------------------------------------------- Name : ansible-collection-ansible-posix Product : Fedora 43 Version : 2.2.1 Release : 1.fc43 URL : https://galaxy.ansible.com/ui/repo/published/ansible/posix Summary : Ansible Collection targeting POSIX and POSIX-ish platforms Description : Ansible Collection targeting POSIX and POSIX-ish platforms. -------------------------------------------------------------------------------- Update Information: Update to 2.2.1. Fixes rhbz#2479556. Mitigates CVE-2026-11837 (rhbz#2487430, rhbz#2487431, rhbz#2487432) -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 8 2026 Maxwell G - 2.2.1-1 - Update to 2.2.1. Fixes rhbz#2479556. - Mitigates CVE-2026-11837 (rhbz#2487430, rhbz#2487431, rhbz#2487432) * Fri Jan 16 2026 Fedora Release Engineering - 2.1.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering - 2.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2479556 - ansible-collection-ansible-posix-2.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2479556 [ 2 ] Bug #2487430 - CVE-2026-11837 ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2487430 [ 3 ] Bug #2487431 - CVE-2026-11837 ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown[fedora-44] https://bugzilla.redhat.com/show_bug.cgi?id=2487431 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-50e5126be4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that solves two vulnerabilities can now be installed.. # Security update for sssd Announcement ID: SUSE-SU-2026:3025-1 Release Date: 2026-07-15T09:49:27Z Rating: important References: * bsc#1270708 * bsc#1270709 Cross-References: * CVE-2026-14474 * CVE-2026-14476 CVSS scores: * CVE-2026-14474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-14474 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-14476 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-14476 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for sssd fixes the following issues * CVE-2026-14474: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation (bsc#1270709). * CVE-2026-14476: GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication bypass (bsc#1270708). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3025=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3025=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-3025=1 ## Package List: * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * sssd-dbus-2.10.2-150600.3.53.1 * libsss_simpleifp0-debuginfo-2.10.2-150600.3.53.1 * sssd-ipa-debuginfo-2.10.2-150600.3.53.1 * sssd-tools-debuginfo-2.10.2-150600.3.53.1 *python3-sss_nss_idmap-2.10.2-150600.3.53.1 * sssd-krb5-2.10.2-150600.3.53.1 * libsss_certmap0-debuginfo-2.10.2-150600.3.53.1 * libsss_simpleifp-devel-2.10.2-150600.3.53.1 * libnfsidmap-sss-debuginfo-2.10.2-150600.3.53.1 * python3-sss_nss_idmap-debuginfo-2.10.2-150600.3.53.1 * python3-sssd-config-2.10.2-150600.3.53.1 * sssd-krb5-common-debuginfo-2.10.2-150600.3.53.1 * python3-sssd-config-debuginfo-2.10.2-150600.3.53.1 * sssd-debugsource-2.10.2-150600.3.53.1 * sssd-proxy-2.10.2-150600.3.53.1 * sssd-ad-2.10.2-150600.3.53.1 * python3-ipa_hbac-debuginfo-2.10.2-150600.3.53.1 * sssd-ldap-debuginfo-2.10.2-150600.3.53.1 * libsss_idmap0-2.10.2-150600.3.53.1 * python3-ipa_hbac-2.10.2-150600.3.53.1 * libsss_nss_idmap0-2.10.2-150600.3.53.1 * sssd-ad-debuginfo-2.10.2-150600.3.53.1 * sssd-winbind-idmap-debuginfo-2.10.2-150600.3.53.1 * sssd-krb5-debuginfo-2.10.2-150600.3.53.1 * libipa_hbac0-debuginfo-2.10.2-150600.3.53.1 * libsss_nss_idmap0-debuginfo-2.10.2-150600.3.53.1 * libsss_nss_idmap-devel-2.10.2-150600.3.53.1 * sssd-winbind-idmap-2.10.2-150600.3.53.1 * sssd-proxy-debuginfo-2.10.2-150600.3.53.1 * sssd-tools-2.10.2-150600.3.53.1 * sssd-2.10.2-150600.3.53.1 * libsss_idmap0-debuginfo-2.10.2-150600.3.53.1 * sssd-debuginfo-2.10.2-150600.3.53.1 * libnfsidmap-sss-2.10.2-150600.3.53.1 * sssd-ldap-2.10.2-150600.3.53.1 * sssd-kcm-debuginfo-2.10.2-150600.3.53.1 * sssd-kcm-2.10.2-150600.3.53.1 * libsss_simpleifp0-2.10.2-150600.3.53.1 * sssd-krb5-common-2.10.2-150600.3.53.1 * libipa_hbac0-2.10.2-150600.3.53.1 * python3-sss-murmur-debuginfo-2.10.2-150600.3.53.1 * libsss_certmap0-2.10.2-150600.3.53.1 * libsss_certmap-devel-2.10.2-150600.3.53.1 * sssd-dbus-debuginfo-2.10.2-150600.3.53.1 * sssd-ipa-2.10.2-150600.3.53.1 * python3-sss-murmur-2.10.2-150600.3.53.1 * libipa_hbac-devel-2.10.2-150600.3.53.1 * libsss_idmap-devel-2.10.2-150600.3.53.1 * openSUSE Leap 15.6(x86_64) * sssd-32bit-2.10.2-150600.3.53.1 * sssd-32bit-debuginfo-2.10.2-150600.3.53.1 * openSUSE Leap 15.6 (aarch64_ilp32) * sssd-64bit-2.10.2-150600.3.53.1 * sssd-64bit-debuginfo-2.10.2-150600.3.53.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * sssd-dbus-2.10.2-150600.3.53.1 * libsss_certmap0-debuginfo-2.10.2-150600.3.53.1 * sssd-ipa-debuginfo-2.10.2-150600.3.53.1 * sssd-tools-debuginfo-2.10.2-150600.3.53.1 * libsss_simpleifp0-debuginfo-2.10.2-150600.3.53.1 * sssd-krb5-2.10.2-150600.3.53.1 * libsss_simpleifp-devel-2.10.2-150600.3.53.1 * python3-sssd-config-2.10.2-150600.3.53.1 * sssd-krb5-common-debuginfo-2.10.2-150600.3.53.1 * python3-sssd-config-debuginfo-2.10.2-150600.3.53.1 * sssd-debugsource-2.10.2-150600.3.53.1 * sssd-proxy-2.10.2-150600.3.53.1 * sssd-ad-2.10.2-150600.3.53.1 * sssd-ldap-debuginfo-2.10.2-150600.3.53.1 * libsss_idmap0-2.10.2-150600.3.53.1 * libsss_nss_idmap0-2.10.2-150600.3.53.1 * sssd-ad-debuginfo-2.10.2-150600.3.53.1 * sssd-winbind-idmap-debuginfo-2.10.2-150600.3.53.1 * sssd-krb5-debuginfo-2.10.2-150600.3.53.1 * libipa_hbac0-debuginfo-2.10.2-150600.3.53.1 * libsss_nss_idmap0-debuginfo-2.10.2-150600.3.53.1 * libsss_nss_idmap-devel-2.10.2-150600.3.53.1 * sssd-winbind-idmap-2.10.2-150600.3.53.1 * sssd-proxy-debuginfo-2.10.2-150600.3.53.1 * sssd-tools-2.10.2-150600.3.53.1 * sssd-2.10.2-150600.3.53.1 * libsss_idmap0-debuginfo-2.10.2-150600.3.53.1 * sssd-debuginfo-2.10.2-150600.3.53.1 * sssd-kcm-debuginfo-2.10.2-150600.3.53.1 * sssd-ldap-2.10.2-150600.3.53.1 * libipa_hbac0-2.10.2-150600.3.53.1 * libsss_simpleifp0-2.10.2-150600.3.53.1 * sssd-kcm-2.10.2-150600.3.53.1 * sssd-krb5-common-2.10.2-150600.3.53.1 * libsss_certmap0-2.10.2-150600.3.53.1 * libsss_certmap-devel-2.10.2-150600.3.53.1 * sssd-dbus-debuginfo-2.10.2-150600.3.53.1 * sssd-ipa-2.10.2-150600.3.53.1 *libipa_hbac-devel-2.10.2-150600.3.53.1 * libsss_idmap-devel-2.10.2-150600.3.53.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * sssd-32bit-2.10.2-150600.3.53.1 * sssd-32bit-debuginfo-2.10.2-150600.3.53.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * sssd-dbus-2.10.2-150600.3.53.1 * libsss_certmap0-debuginfo-2.10.2-150600.3.53.1 * sssd-ipa-debuginfo-2.10.2-150600.3.53.1 * sssd-tools-debuginfo-2.10.2-150600.3.53.1 * libsss_simpleifp0-debuginfo-2.10.2-150600.3.53.1 * sssd-krb5-2.10.2-150600.3.53.1 * libsss_simpleifp-devel-2.10.2-150600.3.53.1 * python3-sssd-config-2.10.2-150600.3.53.1 * sssd-krb5-common-debuginfo-2.10.2-150600.3.53.1 * python3-sssd-config-debuginfo-2.10.2-150600.3.53.1 * sssd-debugsource-2.10.2-150600.3.53.1 * sssd-proxy-2.10.2-150600.3.53.1 * sssd-ad-2.10.2-150600.3.53.1 * sssd-ldap-debuginfo-2.10.2-150600.3.53.1 * libsss_idmap0-2.10.2-150600.3.53.1 * libsss_nss_idmap0-2.10.2-150600.3.53.1 * sssd-ad-debuginfo-2.10.2-150600.3.53.1 * sssd-winbind-idmap-debuginfo-2.10.2-150600.3.53.1 * sssd-krb5-debuginfo-2.10.2-150600.3.53.1 * libipa_hbac0-debuginfo-2.10.2-150600.3.53.1 * libsss_nss_idmap0-debuginfo-2.10.2-150600.3.53.1 * libsss_nss_idmap-devel-2.10.2-150600.3.53.1 * sssd-winbind-idmap-2.10.2-150600.3.53.1 * sssd-proxy-debuginfo-2.10.2-150600.3.53.1 * sssd-tools-2.10.2-150600.3.53.1 * sssd-2.10.2-150600.3.53.1 * libsss_idmap0-debuginfo-2.10.2-150600.3.53.1 * sssd-krb5-common-2.10.2-150600.3.53.1 * sssd-kcm-debuginfo-2.10.2-150600.3.53.1 * sssd-ldap-2.10.2-150600.3.53.1 * libipa_hbac0-2.10.2-150600.3.53.1 * sssd-debuginfo-2.10.2-150600.3.53.1 * sssd-kcm-2.10.2-150600.3.53.1 * libsss_simpleifp0-2.10.2-150600.3.53.1 * libsss_certmap0-2.10.2-150600.3.53.1 * libsss_certmap-devel-2.10.2-150600.3.53.1 * sssd-dbus-debuginfo-2.10.2-150600.3.53.1 * sssd-ipa-2.10.2-150600.3.53.1 *libipa_hbac-devel-2.10.2-150600.3.53.1 * libsss_idmap-devel-2.10.2-150600.3.53.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * sssd-32bit-2.10.2-150600.3.53.1 * sssd-32bit-debuginfo-2.10.2-150600.3.53.1 ## References: * https://www.suse.com/security/cve/CVE-2026-14474.html * https://www.suse.com/security/cve/CVE-2026-14476.html * https://bugzilla.suse.com/show_bug.cgi?id=1270708 * https://bugzilla.suse.com/show_bug.cgi?id=1270709 . Two important vulnerabilities in sssd resolved by the latest openSUSE update are crucial for maintaining system security.. openSUSE updates, sssd vulnerabilities, security patches. . Severity: Important. LinuxSecurity.com Team
Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of these flaws for local root privilege escalation. For the stable distribution (trixie), these problems have been fixed in version 1:2022.10.3-5+deb13u2.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6389-1
Important: yggdrasil security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:39573", "synopsis": "Important: yggdrasil security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for yggdrasil.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child \"worker\" process, exchanging data with its worker processes through a D-Bus message broker.\n\nSecurity Fix(es):\n\n* net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME (CVE-2026-33811)\n\n* golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (CVE-2026-39821)\n\n* crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries (CVE-2026-27145)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2484207", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2484207", "description": ""}, {"ticket": "2480756", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756", "description": ""}, {"ticket": "2467822", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822", "description": ""}], "cves": [{"name": "CVE-2026-27145", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27145", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-606"}, {"name": "CVE-2026-33811", "sourceBy": "MITRE","sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33811", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1341"}, {"name": "CVE-2026-39821", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39821", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "cvss3BaseScore": "8.2", "cwe": "CWE-1289"}], "references": [], "publishedAt": "2026-07-15T12:06:01.640959Z", "rpms": {"Rocky Linux 10": {"nvras": ["yggdrasil-0:0.4.9.2-1.el10_2.ppc64le.rpm", "yggdrasil-0:0.4.9.2-1.el10_2.x86_64.rpm", "yggdrasil-debugsource-0:0.4.9.2-1.el10_2.x86_64.rpm", "yggdrasil-0:0.4.9.2-1.el10_2.s390x.rpm", "yggdrasil-debugsource-0:0.4.9.2-1.el10_2.aarch64.rpm", "yggdrasil-devel-0:0.4.9.2-1.el10_2.ppc64le.rpm", "yggdrasil-debuginfo-0:0.4.9.2-1.el10_2.aarch64.rpm", "yggdrasil-devel-0:0.4.9.2-1.el10_2.s390x.rpm", "yggdrasil-devel-0:0.4.9.2-1.el10_2.aarch64.rpm", "yggdrasil-debuginfo-0:0.4.9.2-1.el10_2.ppc64le.rpm", "yggdrasil-debuginfo-0:0.4.9.2-1.el10_2.s390x.rpm", "yggdrasil-debuginfo-0:0.4.9.2-1.el10_2.x86_64.rpm", "yggdrasil-0:0.4.9.2-1.el10_2.src.rpm", "yggdrasil-devel-0:0.4.9.2-1.el10_2.x86_64.rpm", "yggdrasil-debugsource-0:0.4.9.2-1.el10_2.s390x.rpm", "yggdrasil-debugsource-0:0.4.9.2-1.el10_2.ppc64le.rpm", "yggdrasil-0:0.4.9.2-1.el10_2.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. A critical yggdrasil security update for Rocky Linux 10 addressing multiple issues with denial of service and privilege escalation vulnerabilities.. Rocky Linux, Yggdrasil, security update, denial of service, privilege escalation. . Severity: Important. LinuxSecurity.com Team
Important: go-toolset:rhel8 security, bug fix, and enhancement update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:38995", "synopsis": "Important: go-toolset:rhel8 security, bug fix, and enhancement update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for delve, module.delve, module.golang, golang.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. \n\nSecurity Fix(es):\n\n* golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (CVE-2026-39821)\n\n* crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries (CVE-2026-27145)\n\n* os: golang: Go os.Root: Symlink following vulnerability allows directory traversal (CVE-2026-39822)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Go to version 1.26.5+1 [rhel-8.10.z] (JIRA:Rocky Linux-193478)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2480756", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756", "description": ""}, {"ticket": "2484207", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2484207", "description": ""}, {"ticket": "2498152", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2498152", "description": ""}], "cves": [{"name": "CVE-2026-27145", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27145", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore":"7.5", "cwe": "CWE-606"}, {"name": "CVE-2026-39821", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39821", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "cvss3BaseScore": "8.2", "cwe": "CWE-1289"}, {"name": "CVE-2026-39822", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39822", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-59"}], "references": [], "publishedAt": "2026-07-15T12:01:08.928069Z", "rpms": {"Rocky Linux 8": {"nvras": ["delve-0:1.26.1-1.module+el8.10.0+40244+e7cb3ff8.aarch64.rpm", "delve-0:1.26.1-1.module+el8.10.0+40244+e7cb3ff8.src.rpm", "delve-0:1.26.1-1.module+el8.10.0+40244+e7cb3ff8.x86_64.rpm", "delve-debuginfo-0:1.26.1-1.module+el8.10.0+40244+e7cb3ff8.aarch64.rpm", "delve-debuginfo-0:1.26.1-1.module+el8.10.0+40244+e7cb3ff8.x86_64.rpm", "delve-debugsource-0:1.26.1-1.module+el8.10.0+40244+e7cb3ff8.aarch64.rpm", "delve-debugsource-0:1.26.1-1.module+el8.10.0+40244+e7cb3ff8.x86_64.rpm", "golang-0:1.26.5-1.module+el8.10.0+40244+e7cb3ff8.aarch64.rpm", "golang-0:1.26.5-1.module+el8.10.0+40244+e7cb3ff8.src.rpm", "golang-0:1.26.5-1.module+el8.10.0+40244+e7cb3ff8.x86_64.rpm", "golang-bin-0:1.26.5-1.module+el8.10.0+40244+e7cb3ff8.aarch64.rpm", "golang-bin-0:1.26.5-1.module+el8.10.0+40244+e7cb3ff8.x86_64.rpm", "golang-docs-0:1.26.5-1.module+el8.10.0+40244+e7cb3ff8.noarch.rpm", "golang-misc-0:1.26.5-1.module+el8.10.0+40244+e7cb3ff8.noarch.rpm", "golang-race-0:1.26.5-1.module+el8.10.0+40244+e7cb3ff8.aarch64.rpm", "golang-race-0:1.26.5-1.module+el8.10.0+40244+e7cb3ff8.x86_64.rpm", "golang-src-0:1.26.5-1.module+el8.10.0+40244+e7cb3ff8.noarch.rpm", "golang-tests-0:1.26.5-1.module+el8.10.0+40244+e7cb3ff8.noarch.rpm", "go-toolset-0:1.26.5-1.module+el8.10.0+40244+e7cb3ff8.aarch64.rpm", "go-toolset-0:1.26.5-1.module+el8.10.0+40244+e7cb3ff8.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux updates for go-toolsetcontain important security fixes including denial of service and privilege escalation issues.. Rocky Linux, Go Toolset, Security Fixes, Privilege Escalation, Denial of Service. . Severity: Important. LinuxSecurity.com Team
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-8548-1 July 15, 2026 linux-aws, linux-fips, linux-lts-xenial vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-fips: Linux kernel with FIPS - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43503) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SCSI subsystem; - Thermal drivers; - USB over IP driver; - File systems infrastructure; - Ext4 file system; - Network file system (NFS) server daemon; - SMB network file system; - Tracing infrastructure; - B.A.T.M.A.N. meshing protocol; - Ceph Core library; - DCCP (Datagram Congestion Control Protocol); - IPv4 networking; - IPv6 networking; - Netfilter; - RxRPC session sockets; - X.25 network layer; (CVE-2021-47117, CVE-2021-47202, CVE-2023-52646, CVE-2024-56643, CVE-2026-23455, CVE-2026-31402, CVE-2026-31607, CVE-2026-31637, CVE-2026-31659, CVE-2026-31685, CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43383, CVE-2026-43407, CVE-2026-43414, CVE-2026-45988, CVE-2026-46119, CVE-2026-46243) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS linux-image-4.4.0-1126-fips 4.4.0-1126.133 Available with Ubuntu Pro linux-image-fips 4.4.0.1126.128 Available with Ubuntu Pro Ubuntu 14.04 LTS linux-image-4.4.0-1156-aws 4.4.0-1156.162 Available with Ubuntu Pro linux-image-4.4.0-283-generic 4.4.0-283.317~14.04.1 Available with Ubuntu Pro linux-image-4.4.0-283-lowlatency 4.4.0-283.317~14.04.1 Available with Ubuntu Pro linux-image-aws 4.4.0.1156.153 Available with Ubuntu Pro linux-image-generic-lts-xenial 4.4.0.283.317~14.04.1 Available with Ubuntu Pro linux-image-lowlatency-lts-xenial 4.4.0.283.317~14.04.1 Available with Ubuntu Pro linux-image-virtual-lts-xenial 4.4.0.283.317~14.04.1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8548-1 CVE-2021-47117, CVE-2021-47202, CVE-2023-52646, CVE-2024-56643, CVE-2026-23455, CVE-2026-31402, CVE-2026-31607, CVE-2026-31637, CVE-2026-31659, CVE-2026-31685, CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43383, CVE-2026-43407, CVE-2026-43414, CVE-2026-43503, CVE-2026-45988, CVE-2026-46119, CVE-2026-46243 Package Information: https://launchpad.net/ubuntu/+source/linux-fips/4.4.0-1126.133 . Securityupdate for Ubuntu addresses several critical flaws in the Linux kernel affecting multiple versions and subsystems.. Linux kernel security, Ubuntu update, Privilege escalation risk. . Severity: Important. LinuxSecurity.com Team
Security update. Publication date: 13 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0243.html Type: security Affected Mageia releases: 10, 9 CVE: CVE-2026-12289, CVE-2026-12290, CVE-2026-12291, CVE-2026-12292, CVE-2026-12294, CVE-2026-12295, CVE-2026-12296, CVE-2026-12297, CVE-2026-12298, CVE-2026-12299, CVE-2026-12302, CVE-2026-12304, CVE-2026-12305, CVE-2026-12306, CVE-2026-12307, CVE-2026-12308, CVE-2026-12309, CVE-2026-12310, CVE-2026-12311, CVE-2026-12312, CVE-2026-12313, CVE-2026-12314, CVE-2026-12315, CVE-2026-12330, CVE-2026-12324, CVE-2026-12325, CVE-2026-12327, CVE-2026-12328, CVE-2026-12329, CVE-2026-57962, CVE-2026-57963 Description: The updated packages fix security vulnerabilities: Privilege escalation in the Graphics: WebRender component. (CVE-2026-12289) Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12290) Use-after-free in the Networking: HTTP component. (CVE-2026-12291) Incorrect boundary conditions in the Web Audio component. (CVE-2026-12292) Sandbox escape in the DOM: Workers component. (CVE-2026-12294) Sandbox escape in the DOM: Navigation component. (CVE-2026-12295) Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12298) Sandbox escape in the Security: Process Sandboxing component. (CVE-2026-12296) Sandbox escape due to incorrect boundary conditions in the Networking component. (CVE-2026-12297) JIT miscompilation in the DOM: Core & HTML component. (CVE-2026-12299) Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12329) Mitigation bypass in the DOM: Security component. (CVE-2026-12302) Same-origin policy bypass in the Networking: Cookies component. (CVE-2026-12304) Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12305) Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12306) Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12307) Memory safety bug fixed inThunderbird ESR 140.12. (CVE-2026-12308) Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12309) Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12310) Information disclosure, sandbox escape in the Security: Process Sandboxing component. (CVE-2026-12311) Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12312) Information disclosure, sandbox escape in the Security: Process Sandboxing component. (CVE-2026-12313) Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12314) Mitigation bypass in the DOM: Security component. (CVE-2026-12315) Incorrect boundary conditions in the Internationalization component. (CVE-2026-12330) Incorrect boundary conditions in the Graphics: CanvasWebGL component. (CVE-2026-12324) Denial-of-service in the Graphics: ImageLib component. (CVE-2026-12325) Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152. (CVE-2026-12327) Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152. (CVE-2026-12328) Denial-of-service via malicious LDAP address-book server. (CVE-2026-57962) Chat UI manipulation by injection. (CVE-2026-57963) References: - https://bugs.mageia.org/show_bug.cgi?id=35716 - https://www.thunderbird.net/en-US/thunderbird/140.12.0esr/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/ - https://www.thunderbird.net/en-US/thunderbird/140.12.1esr/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa2026-64/ - https://www.cve.org/CVERecord?id=CVE-2026-12289 - https://www.cve.org/CVERecord?id=CVE-2026-12290 - https://www.cve.org/CVERecord?id=CVE-2026-12291 - https://www.cve.org/CVERecord?id=CVE-2026-12292 - https://www.cve.org/CVERecord?id=CVE-2026-12294 - https://www.cve.org/CVERecord?id=CVE-2026-12295 - https://www.cve.org/CVERecord?id=CVE-2026-12296 - https://www.cve.org/CVERecord?id=CVE-2026-12297 - https://www.cve.org/CVERecord?id=CVE-2026-12298 -https://www.cve.org/CVERecord?id=CVE-2026-12299 - https://www.cve.org/CVERecord?id=CVE-2026-12302 - https://www.cve.org/CVERecord?id=CVE-2026-12304 - https://www.cve.org/CVERecord?id=CVE-2026-12305 - https://www.cve.org/CVERecord?id=CVE-2026-12306 - https://www.cve.org/CVERecord?id=CVE-2026-12307 - https://www.cve.org/CVERecord?id=CVE-2026-12308 - https://www.cve.org/CVERecord?id=CVE-2026-12309 - https://www.cve.org/CVERecord?id=CVE-2026-12310 - https://www.cve.org/CVERecord?id=CVE-2026-12311 - https://www.cve.org/CVERecord?id=CVE-2026-12312 - https://www.cve.org/CVERecord?id=CVE-2026-12313 - https://www.cve.org/CVERecord?id=CVE-2026-12314 - https://www.cve.org/CVERecord?id=CVE-2026-12315 - https://www.cve.org/CVERecord?id=CVE-2026-12330 - https://www.cve.org/CVERecord?id=CVE-2026-12324 - https://www.cve.org/CVERecord?id=CVE-2026-12325 - https://www.cve.org/CVERecord?id=CVE-2026-12327 - https://www.cve.org/CVERecord?id=CVE-2026-12328 - https://www.cve.org/CVERecord?id=CVE-2026-12329 - https://www.cve.org/CVERecord?id=CVE-2026-57962 - https://www.cve.org/CVERecord?id=CVE-2026-57963 SRPMS: - 10/core/thunderbird-140.12.1-1.mga10 - 10/core/thunderbird-l10n-140.12.1-1.mga10 - 9/core/thunderbird-140.12.1-1.mga9 - 9/core/thunderbird-l10n-140.12.1-1.mga9 . Security updates fix several critical components in Thunderbird for Mageia including privilege escalation and memory safety bugs.. Mageia security advisory, Thunderbird update, privilege escalation, memory safety issues. . Severity: Important. LinuxSecurity.com Team
An update that solves three vulnerabilities, contains one feature and has two fixes can now be installed.. # Security update for qemu Announcement ID: SUSE-SU-2026:22550-1 Release Date: 2026-07-07T17:46:01Z Rating: important References: * bsc#1199023 * bsc#1268061 * bsc#1268279 * bsc#1268794 * bsc#1270133 * jsc#PED-9266 Cross-References: * CVE-2026-3886 * CVE-2026-48004 * CVE-2026-48914 CVSS scores: * CVE-2026-3886 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-48004 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48914 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H * CVE-2026-48914 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves three vulnerabilities, contains one feature and has two fixes can now be installed. ## Description: This update for qemu fixes the following issues: Update to version 10.0.11. Security issues fixed: * CVE-2026-3886: integer overflow leading to privilege escalation due to lack of proper validation of user-supplied data in the virtio-gpu driver (bsc#1268061). * CVE-2026-48914: heap buffer overflow due to improper size validation in virtio-blk SCSI request handling (bsc#1268794). * CVE-2026-48004: heap use-after-free race condition due to missing rename lock in v9fs_co_readdir_many (bsc#1270133). Other updates and bugfixes: * Version 10.0.11: * Full backport list here: https://lore.kernel.org/qemu- devel/
Get the latest Linux and open source security news straight to your inbox.