Explore top 10 tips to secure your open-source projects now. Read More
×
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-22551 http://linux.oracle.com/errata/ELSA-2026-22551.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: mod_http2-2.0.26-6.el9_8.1.x86_64.rpm aarch64: mod_http2-2.0.26-6.el9_8.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/mod_http2-2.0.26-6.el9_8.1.src.rpm Related CVEs: CVE-2025-53020 Description of changes: [2.0.26-6.1] - Resolves: RHEL-182417 - mod_http2: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack (CVE-2026-49975) [2.0.26-6] - Resolves: RHEL-166293 - httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase (CVE-2025-53020) _______________________________________________ El-errata mailing list
Cowlib 2.16.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ce0a56ca97 2026-05-21 01:26:51.960452+00:00 -------------------------------------------------------------------------------- Name : erlang-cowlib Product : Fedora 43 Version : 2.16.1 Release : 1.fc43 URL : https://github.com/ninenines/cowlib Summary : Support library for manipulating Web protocols Description : Support library for manipulating Web protocols. -------------------------------------------------------------------------------- Update Information: Cowlib 2.16.1 -------------------------------------------------------------------------------- ChangeLog: * Tue May 12 2026 Peter Lemenkov - 2.16.1-1 - Cowlib ver. 2.16.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2476458 - erlang-cowlib-2.16.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2476458 [ 2 ] Bug #2479579 - CVE-2026-43968 erlang-cowlib: cowlib: CRLF Injection leads to client-side logic manipulation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2479579 [ 3 ] Bug #2479811 - CVE-2026-43970 erlang-cowlib: cowlib: Remote denial of service via data amplification in SPDY frame processing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2479811 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ce0a56ca97' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Cowlib 2.16.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-84270bbc49 2026-05-21 00:54:04.884688+00:00 -------------------------------------------------------------------------------- Name : erlang-cowlib Product : Fedora 44 Version : 2.16.1 Release : 1.fc44 URL : https://github.com/ninenines/cowlib Summary : Support library for manipulating Web protocols Description : Support library for manipulating Web protocols. -------------------------------------------------------------------------------- Update Information: Cowlib 2.16.1 -------------------------------------------------------------------------------- ChangeLog: * Tue May 12 2026 Peter Lemenkov - 2.16.1-1 - Cowlib ver. 2.16.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2476458 - erlang-cowlib-2.16.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2476458 [ 2 ] Bug #2479579 - CVE-2026-43968 erlang-cowlib: cowlib: CRLF Injection leads to client-side logic manipulation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2479579 [ 3 ] Bug #2479811 - CVE-2026-43970 erlang-cowlib: cowlib: Remote denial of service via data amplification in SPDY frame processing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2479811 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-84270bbc49' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
* bsc#1225905 Cross-References: * CVE-2024-35221 . # Security update for ruby2.5 Announcement ID: SUSE-SU-2025:02814-1 Release Date: 2025-08-15T12:53:30Z Rating: moderate References: * bsc#1225905 Cross-References: * CVE-2024-35221 CVSS scores: * CVE-2024-35221 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for ruby2.5 fixes the following issues: * CVE-2024-35221: Fixed remote denial of service via YAML manifest (bsc#1225905) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-2814=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2814=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1 * libruby2_5-2_5-2.5.9-150000.4.49.1 * ruby2.5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-debugsource-2.5.9-150000.4.49.1 * ruby2.5-stdlib-2.5.9-150000.4.49.1 * ruby2.5-doc-2.5.9-150000.4.49.1 * ruby2.5-devel-2.5.9-150000.4.49.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-2.5.9-150000.4.49.1 * ruby2.5-devel-extra-2.5.9-150000.4.49.1 * openSUSE Leap 15.6 (noarch) * ruby2.5-doc-ri-2.5.9-150000.4.49.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.49.1 * libruby2_5-2_5-2.5.9-150000.4.49.1 * ruby2.5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-debugsource-2.5.9-150000.4.49.1 * ruby2.5-stdlib-2.5.9-150000.4.49.1 * ruby2.5-devel-2.5.9-150000.4.49.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.49.1 * ruby2.5-2.5.9-150000.4.49.1 * ruby2.5-devel-extra-2.5.9-150000.4.49.1 ## References: * https://www.suse.com/security/cve/CVE-2024-35221.html * https://bugzilla.suse.com/show_bug.cgi?id=1225905 . Python 3.10 update resolves CVE-2024-15321, mitigating remote security vulnerabilities. Apply recommended updates to enhance system protection.. ruby2.5 security update,SUSE Linux advisory,remote denial of service fix. . LinuxSecurity.com Team
* bsc#1228046 * bsc#1228047 * bsc#1228048 * bsc#1228050 * bsc#1228051 . # Security update for java-1_8_0-ibm Announcement ID: SUSE-SU-2024:3183-1 Rating: important References: * bsc#1228046 * bsc#1228047 * bsc#1228048 * bsc#1228050 * bsc#1228051 * bsc#1228052 * bsc#1228346 * bsc#1229224 Cross-References: * CVE-2024-21131 * CVE-2024-21138 * CVE-2024-21140 * CVE-2024-21144 * CVE-2024-21145 * CVE-2024-21147 * CVE-2024-27267 CVSS scores: * CVE-2024-21131 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21138 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21140 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2024-21144 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2024-21147 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2024-27267 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves seven vulnerabilities and has one security fix can now be installed. ## Description: This update for java-1_8_0-ibm fixes the following issues: * Update to Java 8.0 Service Refresh 8 Fix Pack 30 (bsc#1228346) * CVE-2024-21147: Fixed an array index overflow in RangeCheckElimination. (bsc#1228052) * CVE-2024-21145: Fixed an out-of-bounds access in 2D image handling. (bsc#1228051) * CVE-2024-21140: Fixed a range check elimination pre-loop limit overflow. (bsc#1228048) * CVE-2024-21144: Pack200 increase loading time due to improper header validation. (bsc#1228050) * CVE-2024-21138: Fixed an issue where excessive symbol length can lead to infinite loop. (bsc#1228047) * CVE-2024-21131: Fixed apotential UTF8 size overflow. (bsc#1228046) * CVE-2024-27267: Fixed an Object Request Broker (ORB) remote denial of service. (bsc#1229224) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-3183=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3183=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3183=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3183=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (nosrc) * java-1_8_0-ibm-1.8.0_sr8.30-30.126.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.30-30.126.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.30-30.126.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.30-30.126.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.30-30.126.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.30-30.126.1 * SUSE Linux Enterprise Server 12 SP5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.30-30.126.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.30-30.126.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.30-30.126.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.30-30.126.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.30-30.126.1 * SUSE Linux Enterprise High Performance Computing 12 SP5(x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.30-30.126.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.30-30.126.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.30-30.126.1 ## References: * https://www.suse.com/security/cve/CVE-2024-21131.html * https://www.suse.com/security/cve/CVE-2024-21138.html * https://www.suse.com/security/cve/CVE-2024-21140.html * https://www.suse.com/security/cve/CVE-2024-21144.html * https://www.suse.com/security/cve/CVE-2024-21145.html * https://www.suse.com/security/cve/CVE-2024-21147.html * https://www.suse.com/security/cve/CVE-2024-27267.html * https://bugzilla.suse.com/show_bug.cgi?id=1228046 * https://bugzilla.suse.com/show_bug.cgi?id=1228047 * https://bugzilla.suse.com/show_bug.cgi?id=1228048 * https://bugzilla.suse.com/show_bug.cgi?id=1228050 * https://bugzilla.suse.com/show_bug.cgi?id=1228051 * https://bugzilla.suse.com/show_bug.cgi?id=1228052 * https://bugzilla.suse.com/show_bug.cgi?id=1228346 * https://bugzilla.suse.com/show_bug.cgi?id=1229224 . A critical security patch has been released by SUSE for java-1_8_0-ibm, which resolves several vulnerabilities and provides essential enhancements for the latest service updates.. SUSE Linux Enterprise, Java Security, Software Update, Remote Attack. . Severity: Important. LinuxSecurity.com Team
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kpatch-patch security update Advisory ID: RHSA-2023:1008-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1008 Issue date: 2023-02-28 CVE Names: CVE-2022-3564 CVE-2022-4378 CVE-2022-4379 CVE-2023-0179 ==================================================================== 1. Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 9) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564) * kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378) * kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack (CVE-2022-4379) * kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan (CVE-2023-0179) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to theCVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c 2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces 2152807 - CVE-2022-4379 kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack 2161713 - CVE-2023-0179 kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan 6. Package List: Red Hat Enterprise Linux BaseOS (v. 9): Source: kpatch-patch-5_14_0-162_12_1-1-1.el9_1.src.rpm kpatch-patch-5_14_0-162_6_1-1-2.el9_1.src.rpm ppc64le: kpatch-patch-5_14_0-162_12_1-1-1.el9_1.ppc64le.rpm kpatch-patch-5_14_0-162_12_1-debuginfo-1-1.el9_1.ppc64le.rpm kpatch-patch-5_14_0-162_12_1-debugsource-1-1.el9_1.ppc64le.rpm kpatch-patch-5_14_0-162_6_1-1-2.el9_1.ppc64le.rpm kpatch-patch-5_14_0-162_6_1-debuginfo-1-2.el9_1.ppc64le.rpm kpatch-patch-5_14_0-162_6_1-debugsource-1-2.el9_1.ppc64le.rpm x86_64: kpatch-patch-5_14_0-162_12_1-1-1.el9_1.x86_64.rpm kpatch-patch-5_14_0-162_12_1-debuginfo-1-1.el9_1.x86_64.rpm kpatch-patch-5_14_0-162_12_1-debugsource-1-1.el9_1.x86_64.rpm kpatch-patch-5_14_0-162_6_1-1-2.el9_1.x86_64.rpm kpatch-patch-5_14_0-162_6_1-debuginfo-1-2.el9_1.x86_64.rpm kpatch-patch-5_14_0-162_6_1-debugsource-1-2.el9_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-3564 https://access.redhat.com/security/cve/CVE-2022-4378 https://access.redhat.com/security/cve/CVE-2022-4379 https://access.redhat.com/security/cve/CVE-2023-0179 https://access.redhat.com/security/updates/classification/#important 8. Contact: The RedHat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY/5H89zjgjWX9erEAQj68A/8CPn8dCtYtKo+AOdfJQvxFDs2NWHpj4dg Ais0vh62HgQnDlU2t1PYw64eJqShOnE2G0Ms7ldkxlOX7DVgd486cWz+QcUrpjQv sWYuhD3tPCXZh26WxEd7F/Cfa0f99B4Lz5lZv8qMI0HK94Qo5qZS6xquINbfrQkz pg/MITz0lecz69rjGXRqbh+Oq05jfQjHgdotWUt7xZL3KfPw1ouNEHlb3fthnoyV jVmPZHfJJrnfE5r6O+8BOJnb42rTep2nlSbuu33Xcl8RS7zelcwatyRlx6MxdoaL eYZ9skT1iD8tcDCTy7ojPUvbzL93m3WRq6K6q83jul5h3Ad3o0/nK8jVUja22gYC yfN2Uk27NyaNvkT3INwruYKg8yOH5ho+xnlSxyoA/pGpbD/6rEYB7w25R7Czuqus 0V/WAMEtuyJYvZ6y5DApR6ImuVg/94+Lcm2A6CjiiPby1egzMNnTyh4eBYGws4k0 XKca2pZh2tAW2DM9y9+pf07DxVaf9ywAfSNULgJi9U5beagojx12I63FUer4ibHG fRymkj12GGXrMBZOa9k+OIGbE/V9nCrh+ZBxChHp3UyEV7SXa3otI6l3PPeLOMWt HapPvs4WDK0F9JCjun68aomcFZkLLY9Umjfxv/pIBK3shiU+pZ51z4Iz+G8AB5Di pCzIqbRcd7U=3b/w -----END PGP SIGNATURE----- -- RHSA-announce mailing list
It was discovered that there was a potential remote denial of service vulnerability in node-trim-newlines, a Javascript module to strip newlines from the start and/or end of a string. . - -------------------------------------------------------------------------Debian LTS Advisory DLA-3247-1
The container suse/sle15 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2473-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.204 Container Release : 9.5.204 Severity : important Type : security References : 1159635 CVE-2019-19906 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3549-1 Released: Fri Oct 7 14:39:40 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1159635,CVE-2019-19906 This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write that could lead to unauthenticated remote denial of service in OpenLDAP via a malformed LDAP packet (bsc#1159635). The following package changes have been done: - libsasl2-3-2.1.26-150000.5.13.1 updated . Critical security updates for SUSE Linux Enterprise 15 are now available, targeting vulnerabilities in Cyrus-SASL and addressing remote denial of service threats. Security Update,SUSE Container,cyrus-sasl,DoS Fix,suse/sle15. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.