Explore top 10 tips to secure your open-source projects now. Read More
×Important: python3.12 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:39893", "synopsis": "Important: python3.12 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for python3.12.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations (CVE-2026-15308)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2498608", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2498608", "description": ""}], "cves": [{"name": "CVE-2026-15308", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-15308", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-835"}], "references": [], "publishedAt": "2026-07-16T00:01:09.519027Z", "rpms": {"Rocky Linux 8": {"nvras": ["python3.12-0:3.12.13-3.el8_10.aarch64.rpm", "python3.12-0:3.12.13-3.el8_10.i686.rpm", "python3.12-0:3.12.13-3.el8_10.src.rpm", "python3.12-0:3.12.13-3.el8_10.x86_64.rpm", "python3.12-debug-0:3.12.13-3.el8_10.aarch64.rpm", "python3.12-debug-0:3.12.13-3.el8_10.i686.rpm", "python3.12-debug-0:3.12.13-3.el8_10.x86_64.rpm", "python3.12-debuginfo-0:3.12.13-3.el8_10.aarch64.rpm","python3.12-debuginfo-0:3.12.13-3.el8_10.i686.rpm", "python3.12-debuginfo-0:3.12.13-3.el8_10.x86_64.rpm", "python3.12-debugsource-0:3.12.13-3.el8_10.aarch64.rpm", "python3.12-debugsource-0:3.12.13-3.el8_10.i686.rpm", "python3.12-debugsource-0:3.12.13-3.el8_10.x86_64.rpm", "python3.12-devel-0:3.12.13-3.el8_10.aarch64.rpm", "python3.12-devel-0:3.12.13-3.el8_10.i686.rpm", "python3.12-devel-0:3.12.13-3.el8_10.x86_64.rpm", "python3.12-idle-0:3.12.13-3.el8_10.aarch64.rpm", "python3.12-idle-0:3.12.13-3.el8_10.i686.rpm", "python3.12-idle-0:3.12.13-3.el8_10.x86_64.rpm", "python3.12-libs-0:3.12.13-3.el8_10.aarch64.rpm", "python3.12-libs-0:3.12.13-3.el8_10.i686.rpm", "python3.12-libs-0:3.12.13-3.el8_10.x86_64.rpm", "python3.12-rpm-macros-0:3.12.13-3.el8_10.noarch.rpm", "python3.12-test-0:3.12.13-3.el8_10.aarch64.rpm", "python3.12-test-0:3.12.13-3.el8_10.i686.rpm", "python3.12-test-0:3.12.13-3.el8_10.x86_64.rpm", "python3.12-tkinter-0:3.12.13-3.el8_10.aarch64.rpm", "python3.12-tkinter-0:3.12.13-3.el8_10.i686.rpm", "python3.12-tkinter-0:3.12.13-3.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. An important security update for python3.12 in Rocky Linux addresses a denial of service issue. Update recommended.. Rocky Linux, python3.12, Denial Of Service, Important Security, Update. . Severity: Important. LinuxSecurity.com Team
Important: python3.12 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:39183", "synopsis": "Important: python3.12 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for python3.12.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations (CVE-2026-15308)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2498608", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2498608", "description": ""}], "cves": [{"name": "CVE-2026-15308", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-15308", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-835"}], "references": [], "publishedAt": "2026-07-15T12:06:01.640959Z", "rpms": {"Rocky Linux 10": {"nvras": ["python3-test-0:3.12.13-2.el10_2.1.ppc64le.rpm", "python3-devel-0:3.12.13-2.el10_2.1.aarch64.rpm", "python3-libs-0:3.12.13-2.el10_2.1.ppc64le.rpm", "python3-debug-0:3.12.13-2.el10_2.1.ppc64le.rpm", "python3-devel-0:3.12.13-2.el10_2.1.x86_64.rpm", "python3-test-0:3.12.13-2.el10_2.1.aarch64.rpm", "python3-idle-0:3.12.13-2.el10_2.1.ppc64le.rpm", "python3.12-debugsource-0:3.12.13-2.el10_2.1.s390x.rpm","python3-libs-0:3.12.13-2.el10_2.1.x86_64.rpm", "python3-debug-0:3.12.13-2.el10_2.1.x86_64.rpm", "python3-test-0:3.12.13-2.el10_2.1.x86_64.rpm", "python3-0:3.12.13-2.el10_2.1.aarch64.rpm", "python3.12-debugsource-0:3.12.13-2.el10_2.1.ppc64le.rpm", "python3-libs-0:3.12.13-2.el10_2.1.s390x.rpm", "python3.12-debuginfo-0:3.12.13-2.el10_2.1.x86_64.rpm", "python3-tkinter-0:3.12.13-2.el10_2.1.s390x.rpm", "python3.12-debuginfo-0:3.12.13-2.el10_2.1.aarch64.rpm", "python3-0:3.12.13-2.el10_2.1.s390x.rpm", "python3-idle-0:3.12.13-2.el10_2.1.aarch64.rpm", "python3-devel-0:3.12.13-2.el10_2.1.ppc64le.rpm", "python3-idle-0:3.12.13-2.el10_2.1.s390x.rpm", "python3-0:3.12.13-2.el10_2.1.x86_64.rpm", "python3-idle-0:3.12.13-2.el10_2.1.x86_64.rpm", "python3-0:3.12.13-2.el10_2.1.ppc64le.rpm", "python3-test-0:3.12.13-2.el10_2.1.s390x.rpm", "python-unversioned-command-0:3.12.13-2.el10_2.1.noarch.rpm", "python3-tkinter-0:3.12.13-2.el10_2.1.ppc64le.rpm", "python3.12-debuginfo-0:3.12.13-2.el10_2.1.s390x.rpm", "python3-libs-0:3.12.13-2.el10_2.1.aarch64.rpm", "python3.12-0:3.12.13-2.el10_2.1.src.rpm", "python3-debug-0:3.12.13-2.el10_2.1.s390x.rpm", "python3-tkinter-0:3.12.13-2.el10_2.1.x86_64.rpm", "python3-devel-0:3.12.13-2.el10_2.1.s390x.rpm", "python3.12-debugsource-0:3.12.13-2.el10_2.1.aarch64.rpm", "python3-debug-0:3.12.13-2.el10_2.1.aarch64.rpm", "python3.12-debugsource-0:3.12.13-2.el10_2.1.x86_64.rpm", "python3-tkinter-0:3.12.13-2.el10_2.1.aarch64.rpm", "python3.12-debuginfo-0:3.12.13-2.el10_2.1.ppc64le.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Updated python3.12 releases for Rocky Linux 10 address a critical CPU denial of service issue affecting the HTML parser.. Rocky Linux python3 update, CPU denial service security, important security patch, python3.12 advisory. . Severity: Important. LinuxSecurity.com Team
idna could be made to consume resources if it received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-8549-1 July 15, 2026 python-idna vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: idna could be made to consume resources if it received specially crafted input. Software Description: - python-idna: Python IDNA2008 (RFC 5891) handling Details: It was discovered that idna did not properly reject oversized inputs before performing expensive processing. An attacker could possibly use this issue to cause idna to consume significant resources, leading to a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS python3-idna 3.11-1ubuntu0.1 Ubuntu 24.04 LTS python3-idna 3.6-2ubuntu0.2 Ubuntu 22.04 LTS python3-idna 3.3-1ubuntu0.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8549-1 CVE-2026-45409 Package Information: https://launchpad.net/ubuntu/+source/python-idna/3.11-1ubuntu0.1 https://launchpad.net/ubuntu/+source/python-idna/3.6-2ubuntu0.2 https://launchpad.net/ubuntu/+source/python-idna/3.3-1ubuntu0.2 . A significant security issue affects Ubuntu systems involving idna, which can lead to resource consumption with crafted input.. Ubuntu Security, Denial of Service, Python IDNA, Resource Consumption, Security Advisory. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # python313-django-debug-toolbar-7.0.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:11271-1 Rating: moderate Cross-References: * CVE-2021-30459 Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the python313-django-debug-toolbar-7.0.0-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * python313-django-debug-toolbar 7.0.0-1.1 * python314-django-debug-toolbar 7.0.0-1.1 ## References: * https://www.suse.com/security/cve/CVE-2021-30459.html . OpenSUSE Tumbleweed provides a moderate security fix for python313-django-debug-toolbar addressing CVE-2021-30459.. opensuse update, django debugger, security patch, moderate severity, python application. . Severity: moderate. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-38510 http://linux.oracle.com/errata/ELSA-2026-38510.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: vim-X11-8.0.1763-27.0.1.el8_10.x86_64.rpm vim-common-8.0.1763-27.0.1.el8_10.x86_64.rpm vim-enhanced-8.0.1763-27.0.1.el8_10.x86_64.rpm vim-filesystem-8.0.1763-27.0.1.el8_10.noarch.rpm vim-minimal-8.0.1763-27.0.1.el8_10.x86_64.rpm aarch64: vim-X11-8.0.1763-27.0.1.el8_10.aarch64.rpm vim-common-8.0.1763-27.0.1.el8_10.aarch64.rpm vim-enhanced-8.0.1763-27.0.1.el8_10.aarch64.rpm vim-filesystem-8.0.1763-27.0.1.el8_10.noarch.rpm vim-minimal-8.0.1763-27.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/vim-8.0.1763-27.0.1.el8_10.src.rpm Related CVEs: CVE-2026-46483 CVE-2026-47162 CVE-2026-47167 CVE-2026-52858 Description of changes: [8.0.1763-27.0.1] - Remove upstream references [Orabug: 31197557] - Added glibc-gconv-extra to common requires to provide ISO-8859-2 [Orabug: 34114984] [2:8.0.1763-27] - RHEL-186656 CVE-2026-47162 vim: netrw code injection via NetrwBookHistSave - RHEL-186648 CVE-2026-52858 vim: possible code execution with python3complete [2:8.0.1763-26] - CVE-2026-47167 vim: Code Injection in cucumber filetype plugin [2:8.0.1763-25] - RHEL-178234 CVE-2026-46483 vim: command injection in tar plugin via shellescape _______________________________________________ El-errata mailing list
An update that solves one vulnerability can now be installed.. # python313-websockets-16.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:11240-1 Rating: moderate Cross-References: * CVE-2018-1000518 Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the python313-websockets-16.0-2.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * python313-websockets 16.0-2.1 * python314-websockets 16.0-2.1 ## References: * https://www.suse.com/security/cve/CVE-2018-1000518.html . An update for openSUSE addresses moderate severity security issues in python313-websockets package.. openSUSE Tumbleweed, python313-websockets, security alert, package update. . Severity: moderate. LinuxSecurity.com Team
An update that solves nine vulnerabilities, contains one feature and has 12 fixes can now be installed.. # Security update for SUSE Manager Client Tools and Salt Bundle Announcement ID: SUSE-SU-2026:22527-1 Release Date: 2025-02-03T09:00:46Z Rating: important References: * bsc#1219041 * bsc#1220357 * bsc#1222842 * bsc#1226141 * bsc#1226447 * bsc#1226448 * bsc#1226469 * bsc#1227547 * bsc#1228105 * bsc#1228780 * bsc#1229109 * bsc#1229539 * bsc#1229654 * bsc#1229704 * bsc#1229873 * bsc#1229994 * bsc#1229995 * bsc#1229996 * bsc#1230058 * bsc#1230059 * bsc#1230322 * jsc#MSQA-863 Cross-References: * CVE-2024-0397 * CVE-2024-3651 * CVE-2024-37891 * CVE-2024-4032 * CVE-2024-5569 * CVE-2024-6345 * CVE-2024-6923 * CVE-2024-7592 * CVE-2024-8088 CVSS scores: * CVE-2024-0397 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2024-0397 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2024-3651 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-3651 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-3651 ( NVD ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-37891 ( SUSE ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2024-37891 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2024-37891 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-4032 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-4032 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-5569 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-5569 ( NVD ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-6345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-6345 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-6923 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-6923 ( NVD ): 5.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2024-7592 ( SUSE ): 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2024-7592 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-7592 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-8088 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-8088 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-8088 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:X/RE:L/U:X Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro 6.1 * SUSE Multi-Linux Manager Client Tools for SUSE Linux Micro 6 An update that solves nine vulnerabilities, contains one feature and has 12 fixes can now be installed. ## Description: This update for SUSE Manager Client Tools and Salt Bundle the following issues: uyuni-tools: venv-salt-minion: * Security fixes on Python 3.11 interpreter: * CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes (bsc#1229873, bsc#1230059) * CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, bsc#1230058) * CVE-2024-6923: Prevent email header injection due to unquoted newlines (bsc#1228780) * CVE-2024-4032: Rearranging definition of private global IP addresses (bsc#1226448) * CVE-2024-0397: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads (bsc#1226447) * Security fixes on Python dependencies: * CVE-2024-5569: zipp: Fixed a Denial of Service (DoS) vulnerability in the jaraco/zipp library (bsc#1227547, bsc#1229996) * CVE-2024-6345: setuptools: Sanitize any VCS URL used for download (bsc#1228105, bsc#1229995) * CVE-2024-3651:idna: Fix a potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842, bsc#1229994) * CVE-2024-37891: urllib3: Added the `Proxy-Authorization` header to the list of headers to strip from requests when redirecting to a different host (bsc#1226469, bsc#1229654) * Other bugs fixed: * Fixed failing x509 tests with OpenSSL < 1.1 * Avoid explicit reading of /etc/salt/minion (bsc#1220357) * Allow NamedLoaderContexts to be returned from loader * Reverted the change making reactor less blocking (bsc#1230322) * Use --cachedir for extension_modules in salt-call (bsc#1226141) * Prevent using SyncWrapper with no reason * Enable post_start_cleanup.sh to work in a transaction * Fixed the SELinux context for Salt Minion service (bsc#1219041) * Increase warn_until_date date for code we still support * Avoid crash on wrong output of systemctl version (bsc#1229539) * Improved error handling with different OpenSSL versions * Fixed cloud Minion configuration for multiple Masters (bsc#1229109) * Use Pygit2 id instead of deprecated oid in gitfs * Added passlib Python module to the bundle ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SUSE Linux Micro 6 zypper in -t patch Multi-Linux-ManagerTools-SL-Micro-669=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SUSE Linux Micro 6 (aarch64 ppc64le s390x x86_64) * mgrctl-debuginfo-0.1.23-2.1 * mgrctl-0.1.23-2.1 * venv-salt-minion-3006.0-3.1 * SUSE Multi-Linux Manager Client Tools for SUSE Linux Micro 6 (noarch) * mgrctl-zsh-completion-0.1.23-2.1 * mgrctl-lang-0.1.23-2.1 * mgrctl-bash-completion-0.1.23-2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-0397.html *https://www.suse.com/security/cve/CVE-2024-3651.html * https://www.suse.com/security/cve/CVE-2024-37891.html * https://www.suse.com/security/cve/CVE-2024-4032.html * https://www.suse.com/security/cve/CVE-2024-5569.html * https://www.suse.com/security/cve/CVE-2024-6345.html * https://www.suse.com/security/cve/CVE-2024-6923.html * https://www.suse.com/security/cve/CVE-2024-7592.html * https://www.suse.com/security/cve/CVE-2024-8088.html * https://bugzilla.suse.com/show_bug.cgi?id=1219041 * https://bugzilla.suse.com/show_bug.cgi?id=1220357 * https://bugzilla.suse.com/show_bug.cgi?id=1222842 * https://bugzilla.suse.com/show_bug.cgi?id=1226141 * https://bugzilla.suse.com/show_bug.cgi?id=1226447 * https://bugzilla.suse.com/show_bug.cgi?id=1226448 * https://bugzilla.suse.com/show_bug.cgi?id=1226469 * https://bugzilla.suse.com/show_bug.cgi?id=1227547 * https://bugzilla.suse.com/show_bug.cgi?id=1228105 * https://bugzilla.suse.com/show_bug.cgi?id=1228780 * https://bugzilla.suse.com/show_bug.cgi?id=1229109 * https://bugzilla.suse.com/show_bug.cgi?id=1229539 * https://bugzilla.suse.com/show_bug.cgi?id=1229654 * https://bugzilla.suse.com/show_bug.cgi?id=1229704 * https://bugzilla.suse.com/show_bug.cgi?id=1229873 * https://bugzilla.suse.com/show_bug.cgi?id=1229994 * https://bugzilla.suse.com/show_bug.cgi?id=1229995 * https://bugzilla.suse.com/show_bug.cgi?id=1229996 * https://bugzilla.suse.com/show_bug.cgi?id=1230058 * https://bugzilla.suse.com/show_bug.cgi?id=1230059 * https://bugzilla.suse.com/show_bug.cgi?id=1230322 * https://jira.suse.com/browse/MSQA-863 . Critical SUSE update addresses nine security issues in Manager Client Tools and Salt, emphasizing importance of patching promptly.. SUSE Manager Client Tools, Salt Bundle, security update. . Severity: Important. LinuxSecurity.com Team
Security update. Publication date: 10 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0240.html Type: security Affected Mageia releases: 10, 9 CVE: CVE-2026-52858, CVE-2026-52859, CVE-2026-52860, CVE-2026-55693, CVE-2026-55892, CVE-2026-55895, CVE-2026-57451, CVE-2026-57452, CVE-2026-57453, CVE-2026-57454, CVE-2026-57455, CVE-2026-57456 Description: The updated packages fix security vulnerabilities: Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.0561. (CVE-2026-52858) Out-of-bounds Read in Terminal Screen Snapshot in Vim < 9.2.0565. (CVE-2026-52859) Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.0597. (CVE-2026-52860) Out-of-bounds Write in Spell File Word Count in Vim < 9.2.0653. (CVE-2026-55693) Out-of-bounds Write in Spell File Prefix Dump in Vim < 9.2.0662. (CVE-2026-55892) Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename affects Vim < 9.2.0663. (CVE-2026-55895) Out-of-bounds Read in Text Property Count in Vim < 9.2.0670. (CVE-2026-57451) Out-of-bounds Read with libsodium-encrypted Files in Vim < 9.2.0671. (CVE-2026-57452) PowerShell Command Injection in zip.vim via Crafted Archive Entry Names in Vim > 9.1.1783 && Vim < 9.2.0678. (CVE-2026-57453) Out-of-bounds Read with Text Properties in Vim > = 9.2.0320 && Vim < 9.2.0679. (CVE-2026-57454) Out-of-bounds Write in SOFO Soundfolding in Vim < 9.2.0698. (CVE-2026-57455) Arbitrary Code Execution via Python Omni-Completion Docstrings in Vim < 9.2.0699. (CVE-2026-57456) References: - https://bugs.mageia.org/show_bug.cgi?id=35580 - https://www.openwall.com/lists/oss-security/2026/05/22/13 - https://github.com/vim/vim/security/advisories/GHSA-3h95-3962-mmvf - https://www.openwall.com/lists/oss-security/2026/05/29/5 - https://github.com/vim/vim/security/advisories/GHSA-52mc-rq6p-rc7c - https://www.openwall.com/lists/oss-security/2026/05/30/4 - https://github.com/vim/vim/security/advisories/GHSA-47gw-8gc3-mgcm -https://www.openwall.com/lists/oss-security/2026/06/04/14 - https://github.com/vim/vim/security/advisories/GHSA-65p9-mwwx-7468 - https://www.openwall.com/lists/oss-security/2026/06/15/8 - https://github.com/vim/vim/security/advisories/GHSA-wgh4-64f7-q3jq - https://www.openwall.com/lists/oss-security/2026/06/16/12 - https://github.com/vim/vim/security/advisories/GHSA-qm9w-fmpj-879h - https://www.openwall.com/lists/oss-security/2026/06/16/13 - https://github.com/vim/vim/security/advisories/GHSA-vhh8-v6wx-hjjh - https://www.openwall.com/lists/oss-security/2026/06/17/10 - https://github.com/vim/vim/security/advisories/GHSA-f36c-2qcp-7gpw - https://www.openwall.com/lists/oss-security/2026/06/18/7 - https://github.com/vim/vim/security/advisories/GHSA-c4j9-wr9j-4486 - https://www.openwall.com/lists/oss-security/2026/06/20/2 - https://github.com/vim/vim/security/advisories/GHSA-x5fg-h5w9-9frf - https://www.openwall.com/lists/oss-security/2026/06/20/3 - https://github.com/vim/vim/security/advisories/GHSA-ww8h-47xp-hp4w - https://www.openwall.com/lists/oss-security/2026/06/21/1 - https://github.com/vim/vim/security/advisories/GHSA-q8mh-6qm3-25g4 - https://www.openwall.com/lists/oss-security/2026/06/21/2 - https://github.com/vim/vim/security/advisories/GHSA-ppj8-wqjf-6fp3 - https://www.openwall.com/lists/oss-security/2026/06/24/9 - https://github.com/vim/vim/security/advisories/GHSA-m3hf-xcm3-xhm2 - https://www.openwall.com/lists/oss-security/2026/06/27/6 - https://github.com/vim/vim/security/advisories/GHSA-mf92-v4xw-j45x - https://www.openwall.com/lists/oss-security/2026/06/28/1 - https://github.com/vim/vim/security/advisories/GHSA-fh26-8f79-wj97 - https://www.cve.org/CVERecord?id=CVE-2026-52858 - https://www.cve.org/CVERecord?id=CVE-2026-52859 - https://www.cve.org/CVERecord?id=CVE-2026-52860 - https://www.cve.org/CVERecord?id=CVE-2026-55693 - https://www.cve.org/CVERecord?id=CVE-2026-55892 - https://www.cve.org/CVERecord?id=CVE-2026-55895 - https://www.cve.org/CVERecord?id=CVE-2026-57451 -https://www.cve.org/CVERecord?id=CVE-2026-57452 - https://www.cve.org/CVERecord?id=CVE-2026-57453 - https://www.cve.org/CVERecord?id=CVE-2026-57454 - https://www.cve.org/CVERecord?id=CVE-2026-57455 - https://www.cve.org/CVERecord?id=CVE-2026-57456 SRPMS: - 10/core/vim-9.2.782-1.mga10 - 9/core/vim-9.2.782-1.mga9 . Latest Mageia security update addresses critical issues in vim with multiple vulnerabilities fixed to enhance security.. Mageia vim security patch arbitrary code execution security fixes. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.