Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 73 articles for you...
89
security advisorysecurity issuefedoraFedora 44 uv Important Python Package Security Fix 2026-7aacc8ea7d
Update uv and python-uv-build to 0.11.11. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA- fp55-jw48-c537.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-7aacc8ea7d 2026-05-18 00:40:49.528970+00:00 -------------------------------------------------------------------------------- Name : uv Product : Fedora 44 Version : 0.11.11 Release : 1.fc44 URL : https://github.com/astral-sh/uv Summary : An extremely fast Python package installer and resolver, written in Rust Description : An extremely fast Python package and project manager, written in Rust. Highlights: \u2022 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twine, virtualenv, and more. \u2022 10-100x faster than pip. \u2022 Provides comprehensive project management, with a universal lockfile. \u2022 Runs scripts, with support for inline dependency metadata. \u2022 Installs and manages Python versions. \u2022 Runs and installs tools published as Python packages. \u2022 Includes a pip-compatible interface for a performance boost with a familiar CLI. \u2022 Supports Cargo-style workspaces for scalable projects. \u2022 Disk-space efficient, with a global cache for dependency deduplication. -------------------------------------------------------------------------------- Update Information: Update uv and python-uv-build to 0.11.11. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA-xx64-wwv2-hcqq and GHSA- fp55-jw48-c537. -------------------------------------------------------------------------------- ChangeLog: * Fri May 8 2026 Benjamin A. Beasley - 0.11.11-1 - Update to 0.11.11 (close RHBZ#2466908) * Wed May 6 2026 Benjamin A. Beasley - 0.11.10-1 - Update to 0.11.10 (close RHBZ#2466908) * Tue May 5 2026 Benjamin A. Beasley - 0.11.9-1 - Update to 0.11.9 (close RHBZ#2466654) * Thu Apr 16 2026 Benjamin A. Beasley -0.11.7-1 - Update to 0.11.7 (close RHBZ#2458860) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2466653 - python-uv-build-0.11.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=2466653 [ 2 ] Bug #2466654 - uv-0.11.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=2466654 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-7aacc8ea7d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update uv and python-uv-build to 0.11.11 addressing security advisories GHSA-xx64-wwv2-hcqq and GHSA-fp55-jw48-c537.. Fedora Security Update, Python Package Management, Rust Crate Security. . Severity: Important. LinuxSecurity.com Team
May 18, 2026
•Important
Fedora
89
security advisoryfedorapython packageFedora 44 Maturin Upgrade Addresses CVE-2026-32766 CVE-2026-33056 Issues
Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python- uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust- tar. Rebuild maturin with the latest rust-tar.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e22a7dbf2d 2026-03-28 00:15:26.019772+00:00 -------------------------------------------------------------------------------- Name : maturin Product : Fedora 44 Version : 1.9.6 Release : 5.fc44 URL : https://github.com/PyO3/maturin Summary : Build and publish Rust crates as Python packages Description : Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages. -------------------------------------------------------------------------------- Update Information: Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python- uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust- tar. Rebuild maturin with the latest rust-tar. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 21 2026 Benjamin A. Beasley - 1.9.6-5 - Rebuilt with rust-tar 0.4.45 for CVE-2026-33056 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2448054 [ 2 ] Bug #2449243 - uv-0.10.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449243 [ 3 ] Bug #2449274 - rust-tar-0.4.45 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449274 [ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449338 [ 5 ] Bug #2449645 - python-fastar-0.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449645 [ 6 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449681 [ 7 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449683 [ 8 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449684 [ 9 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449694 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e22a7dbf2d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 28, 2026
•Critical
Fedora
217
security advisoryupdatethreatOracle Linux 8 ELSA-2025-20364 Important: python3.12 Cryptography Update
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-20364 http://linux.oracle.com/errata/ELSA-2025-20364.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: python3.12-cryptography-41.0.7-1.0.1.el8.x86_64.rpm aarch64: python3.12-cryptography-41.0.7-1.0.1.el8.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//python3.12-cryptography-41.0.7-1.0.1.el8.src.rpm Related CVEs: CVE-2024-26130 Description of changes: [41.0.7-1.0.1] - CVE-2024-26130 [Orabug: 37982815] _______________________________________________ El-errata mailing list
Jun 10, 2025
•Important
Oracle
202
security advisorysecurity issueupdateopenSUSE Tumbleweed: 2025:15201-1 moderate: python311-nh3 security fix
An update that solves one vulnerability can now be installed.. # python311-nh3-0.2.17-2.1 on GA media Announcement ID: openSUSE-SU-2025:15201-1 Rating: moderate Cross-References: * CVE-2024-12224 CVSS scores: * CVE-2024-12224 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-12224 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the python311-nh3-0.2.17-2.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * python311-nh3 0.2.17-2.1 * python312-nh3 0.2.17-2.1 * python313-nh3 0.2.17-2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-12224.html . Recent patches for openSUSE Tumbleweed tackle notable security vulnerabilities in the python311-nh3 package, enhancing system resilience.. openSUSE security, python111-nh3 update, moderate security issues, openSUSE Tumbleweed. . LinuxSecurity.com Team
Jun 05, 2025
OpenSUSE
99
security advisorysecurity patchSlackwareSlackware 15.0 Python3 Update: Fixing Security Issues and Enhancements
New python3 packages are available for Slackware 15.0 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] python3 (SSA:2025-155-02) New python3 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/python3-3.9.23-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: gh-135034: [CVE-2024-12718] [CVE-2025-4138] [CVE-2025-4330] [CVE-2025-4435] [CVE-2025-4517] Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links. gh-133767: Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error handler. gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. gh-80222: Folding of quoted string in display_name violates RFC. For more information, see: https://pythoninsider.blogspot.com/2025/06/python-3134-31211-31113-31018-and-3923.html https://www.cve.org/CVERecord?id=CVE-2024-12718 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://www.cve.org/CVERecord?id=CVE-2025-4517 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/python3-3.9.23-i586-1_slack15.0.txz Updated package for Slackware x86_6415.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/python3-3.9.23-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/python3-3.12.11-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/python3-3.12.11-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 221c0d19ded8df959c82fa5cfb4141e9 python3-3.9.23-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 58375f728441d610b5507f2ad12bbec2 python3-3.9.23-x86_64-1_slack15.0.txz Slackware -current package: 3d036605891b77f96ec85811faa064da d/python3-3.12.11-i686-1.txz Slackware x86_64 -current package: 3ea85f0cb27edd007fa45ac6ac0535fc d/python3-3.12.11-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg python3-3.9.23-i586-1_slack15.0.txz +-----+ . Latest Python3 modules rolled out for Slackware 15.0 aimed at fixing vulnerabilities and improving reliability.. python package update, Slackware security, security patch, software upgrade, denial-of-service fix. . Severity: Critical. LinuxSecurity.com Team
Jun 05, 2025
•Critical
Slackware
202
security advisoryimportantCVE referenceopenSUSE 15.6: 2025:01774-1 important: python312-setuptools fix
An update that solves one vulnerability can now be installed.. # Security update for python312-setuptools Announcement ID: SUSE-SU-2025:01774-1 Release Date: 2025-05-30T12:10:45Z Rating: important References: * bsc#1243313 Cross-References: * CVE-2025-47273 CVSS scores: * CVE-2025-47273 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-47273 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-47273 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for python312-setuptools fixes the following issues: * CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-1774=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-1774=1 openSUSE-SLE-15.6-2025-1774=1 ## Package List: * Python 3 Module 15-SP6 (noarch) * python312-setuptools-68.1.2-150600.3.6.1 * openSUSE Leap 15.6 (noarch) * python312-setuptools-68.1.2-150600.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-47273.html * https://bugzilla.suse.com/show_bug.cgi?id=1243313 . Essential patch for openSUSE targeting adirectory traversal vulnerability in python312-setuptools, aimed at halting unauthorized file modifications.. openSUSE python update, path traversal, SUSE security fix, software vulnerability. . Severity: Important. LinuxSecurity.com Team
May 30, 2025
•Important
OpenSUSE
100
security advisorysoftware updateimportantSUSE: 2025:01774-1 important: python312-setuptools path traversal issue
* bsc#1243313 Cross-References: * CVE-2025-47273 . # Security update for python312-setuptools Announcement ID: SUSE-SU-2025:01774-1 Release Date: 2025-05-30T12:10:45Z Rating: important References: * bsc#1243313 Cross-References: * CVE-2025-47273 CVSS scores: * CVE-2025-47273 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-47273 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-47273 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for python312-setuptools fixes the following issues: * CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-1774=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-1774=1 openSUSE-SLE-15.6-2025-1774=1 ## Package List: * Python 3 Module 15-SP6 (noarch) * python312-setuptools-68.1.2-150600.3.6.1 * openSUSE Leap 15.6 (noarch) * python312-setuptools-68.1.2-150600.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-47273.html * https://bugzilla.suse.com/show_bug.cgi?id=1243313 . This memorandum outlines a crucial security patch forpython312-setuptools concerning a directory traversal vulnerability.. SUSE Updates, Python Security Fix, Software Management, Patch Methodologies. . Severity: Important. LinuxSecurity.com Team
May 30, 2025
•Important
SuSE
217
security advisorysecurity issueimportant updateOracle Linux 9: ELSA-2025-8136 python-tornado critical patch
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-8136 http://linux.oracle.com/errata/ELSA-2025-8136.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: python3-tornado-6.4.2-2.el9_6.2.x86_64.rpm aarch64: python3-tornado-6.4.2-2.el9_6.2.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//python-tornado-6.4.2-2.el9_6.2.src.rpm Related CVEs: CVE-2025-47287 Description of changes: [6.4.2-2.2] - tests: add ci_test.fmf + update gating.yaml Related: RHEL-91999 [6.4.2-2.1] - httputil: Raise errors instead of logging in multipart/form-data parsing Resolves: RHEL-91999 _______________________________________________ El-errata mailing list
May 27, 2025
•Critical
Oracle
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!