Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 169 articles for you...
100

SUSE Kubevirt Important Denial of Service Threat 2026-2804-1

An update that solves three vulnerabilities can now be installed.. # Security update for kubevirt Announcement ID: SUSE-SU-2026:2804-1 Release Date: 2026-07-08T19:35:34Z Rating: important References: * bsc#1256434 * bsc#1262265 * bsc#1266733 Cross-References: * CVE-2025-14525 * CVE-2026-35469 * CVE-2026-9804 CVSS scores: * CVE-2025-14525 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2025-14525 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2025-14525 ( NVD ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L * CVE-2026-35469 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35469 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35469 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-35469 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-9804 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2026-9804 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2026-9804 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * Containers Module 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for kubevirt fixes the following issues: * CVE-2026-9804: Symlink escape in the VMExport dir handler let an attacker controlling an exported PVC read sensitive files (TLS keys, tokens, service- account creds) from the exporter pod. (bsc#1266733) * CVE-2025-14525: A VM reporting many guest-internal interfaces via the guest agent could flood VMI status and fill etcd (denial of service). Caps reportedinterfaces at 10. (bsc#1256434) * CVE-2026-35469: resource-exhaustion in the SPDY/3 protocol implementation of github.com/moby/spdystream. (GHSA-pc3f-x583-g7j2,bsc#1262265) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-2804=1 ## Package List: * Containers Module 15-SP7 (aarch64 x86_64) * kubevirt-virtctl-1.7.4-150700.3.27.1 * kubevirt-virtctl-debuginfo-1.7.4-150700.3.27.1 * kubevirt-manifests-1.7.4-150700.3.27.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14525.html * https://www.suse.com/security/cve/CVE-2026-35469.html * https://www.suse.com/security/cve/CVE-2026-9804.html * https://bugzilla.suse.com/show_bug.cgi?id=1256434 * https://bugzilla.suse.com/show_bug.cgi?id=1262265 * https://bugzilla.suse.com/show_bug.cgi?id=1266733 . SUSE updates include security fixes for kubevirt addressing important vulnerabilities and their impacts.. SUSE Security Update, Kubevirt Vulnerabilities, Denial of Service Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 09, 2026 Important SuSE
100

SUSE KubeVirt 1.6 Major DoS Resource Exhaustion Vulnerability 2026-2783-1

An update that solves three vulnerabilities can now be installed.. # Security update for kubevirt-1.6 Announcement ID: SUSE-SU-2026:2783-1 Release Date: 2026-07-07T15:05:10Z Rating: important References: * bsc#1256434 * bsc#1262265 * bsc#1266733 Cross-References: * CVE-2025-14525 * CVE-2026-35469 * CVE-2026-9804 CVSS scores: * CVE-2025-14525 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2025-14525 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2025-14525 ( NVD ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L * CVE-2026-35469 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35469 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35469 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-35469 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-9804 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2026-9804 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2026-9804 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * Containers Module 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for kubevirt-1.6 fixes the following issues: * CVE-2026-9804: Symlink escape in the VMExport dir handler let an attacker controlling an exported PVC read sensitive files (TLS keys, tokens, service- account creds) from the exporter pod. (bsc#1266733) * CVE-2025-14525: A VM reporting many guest-internal interfaces via the guest agent could flood VMI status and fill etcd (denial of service). Caps reportedinterfaces at 10. (bsc#1256434) * CVE-2026-35469: resource-exhaustion in the SPDY/3 protocol implementation of github.com/moby/spdystream. (GHSA-pc3f-x583-g7j2,bsc#1262265) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-2783=1 ## Package List: * Containers Module 15-SP7 (aarch64 x86_64) * kubevirt-1.6-virtctl-debuginfo-1.6.6-150700.15.10.1 * kubevirt-1.6-virtctl-1.6.6-150700.15.10.1 * kubevirt-1.6-manifests-1.6.6-150700.15.10.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14525.html * https://www.suse.com/security/cve/CVE-2026-35469.html * https://www.suse.com/security/cve/CVE-2026-9804.html * https://bugzilla.suse.com/show_bug.cgi?id=1256434 * https://bugzilla.suse.com/show_bug.cgi?id=1262265 * https://bugzilla.suse.com/show_bug.cgi?id=1266733 . Install the important security update for kubevirt-1.6 to fix three critical issues affecting your system. Learn how.. KubeVirt Update Security Fixes Vulnerabilities Denial of Service. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 Important SuSE
219

Rocky Linux 10 mod_md Moderate DoS Vulnerability RLSA-2026-30845

Moderate: mod_md security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:30845", "synopsis": "Moderate: mod_md security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for mod_md.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal.\n\nSecurity Fix(es):\n\n* httpd: mod_md: unrestricted OCSP response leads to resource exhaustion (CVE-2026-29168)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2466753", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2466753", "description": ""}], "cves": [{"name": "CVE-2026-29168", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29168", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}], "references": [], "publishedAt": "2026-07-05T12:05:09.130757Z", "rpms": {"Rocky Linux 10": {"nvras": ["mod_md-debugsource-1:2.4.26-5.el10_2.1.ppc64le.rpm", "mod_md-1:2.4.26-5.el10_2.1.x86_64.rpm", "mod_md-debugsource-1:2.4.26-5.el10_2.1.aarch64.rpm", "mod_md-1:2.4.26-5.el10_2.1.s390x.rpm", "mod_md-1:2.4.26-5.el10_2.1.ppc64le.rpm", "mod_md-debuginfo-1:2.4.26-5.el10_2.1.ppc64le.rpm", "mod_md-debugsource-1:2.4.26-5.el10_2.1.x86_64.rpm", "mod_md-debugsource-1:2.4.26-5.el10_2.1.s390x.rpm", "mod_md-debuginfo-1:2.4.26-5.el10_2.1.s390x.rpm","mod_md-1:2.4.26-5.el10_2.1.src.rpm", "mod_md-debuginfo-1:2.4.26-5.el10_2.1.x86_64.rpm", "mod_md-1:2.4.26-5.el10_2.1.aarch64.rpm", "mod_md-debuginfo-1:2.4.26-5.el10_2.1.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Discover a moderate security update for mod_md in Rocky Linux 10, addressing resource exhaustion via CVE-2026-29168.. Rocky Linux mod_md security update resource exhaustion CVE-2026-29168. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 05, 2026 moderate Rocky Linux
219

Rocky Linux 9 mod_md Moderate Resource Exhaustion Risk RLSA-2026-30844

Moderate: mod_md security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:30844", "synopsis": "Moderate: mod_md security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for mod_md.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal.\n\nSecurity Fix(es):\n\n* httpd: mod_md: unrestricted OCSP response leads to resource exhaustion (CVE-2026-29168)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2466753", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2466753", "description": ""}], "cves": [{"name": "CVE-2026-29168", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29168", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}], "references": [], "publishedAt": "2026-07-01T12:03:26.775911Z", "rpms": {"Rocky Linux 9": {"nvras": ["mod_md-1:2.4.26-2.el9_8.1.aarch64.rpm", "mod_md-1:2.4.26-2.el9_8.1.ppc64le.rpm", "mod_md-1:2.4.26-2.el9_8.1.s390x.rpm", "mod_md-1:2.4.26-2.el9_8.1.src.rpm", "mod_md-1:2.4.26-2.el9_8.1.x86_64.rpm", "mod_md-debuginfo-1:2.4.26-2.el9_8.1.aarch64.rpm", "mod_md-debuginfo-1:2.4.26-2.el9_8.1.ppc64le.rpm", "mod_md-debuginfo-1:2.4.26-2.el9_8.1.s390x.rpm", "mod_md-debuginfo-1:2.4.26-2.el9_8.1.x86_64.rpm", "mod_md-debugsource-1:2.4.26-2.el9_8.1.aarch64.rpm","mod_md-debugsource-1:2.4.26-2.el9_8.1.ppc64le.rpm", "mod_md-debugsource-1:2.4.26-2.el9_8.1.s390x.rpm", "mod_md-debugsource-1:2.4.26-2.el9_8.1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Update for mod_md addresses moderate security issues on Rocky Linux 9 with a CVSS score of 7.5 and critical recovery measures.. mod_md update, Rocky Linux security, resource exhaustion fix, CVSS score, advisory update. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 moderate Rocky Linux
203

Mageia 9 libssh Security Flaw in SCP Causes Resource Exhaustion Issues

Security update. Publication date: 12 Jun 2026 URL: https://advisories.mageia.org/MGASA-2026-0202.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-0964, CVE-2026-0965, CVE-2026-0966, CVE-2026-0967, CVE-2026-0968 Description: CVE-2026-0964 Improper sanitation of paths received from SCP servers CVE-2026-0965 The libssh can attempt to read non-regular files when misconfigured, which could cause resource exhaustion or blocking. CVE-2026-0966 Providing 0-length input for the ssh_get_hexa() causes 1-byte buffer underflow on heap, possibly causing memory corruption. CVE-2026-0967 Pattern matching at various places in libssh could lead to complex backtracking causing timeouts. CVE-2026-0968 Possible read behind bounds of longname References: - https://bugs.mageia.org/show_bug.cgi?id=35138 - http://www.slackware.com/security/viewer.php?l=slackware-security&y=2026&m=slackware-security.387438 - https://www.libssh.org/security/advisories/CVE-2026-0964.txt - https://www.libssh.org/security/advisories/CVE-2026-0965.txt - https://www.libssh.org/security/advisories/CVE-2026-0966.txt - https://www.libssh.org/security/advisories/CVE-2026-0967.txt - https://www.libssh.org/security/advisories/CVE-2026-0968.txt - https://www.cve.org/CVERecord?id=CVE-2026-0964 - https://www.cve.org/CVERecord?id=CVE-2026-0965 - https://www.cve.org/CVERecord?id=CVE-2026-0966 - https://www.cve.org/CVERecord?id=CVE-2026-0967 - https://www.cve.org/CVERecord?id=CVE-2026-0968 SRPMS: - 9/core/libssh-0.10.6-1.2.mga9 . Mageia 9 libssh security update addresses critical issues including buffer underflow and resource exhaustion.. libssh, Mageia, security update, resource exhaustion, memory corruption. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 12, 2026 Critical Mageia
99

Slackware 15.0 httpd Important DoS Fix for CVE-2026-49975 2026-154-01

New httpd packages are available for Slackware 15.0 and -current to fix a security issue.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2026-154-01) New httpd packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.67-i586-2_slack15.0.txz: Rebuilt. This update fixes "HTTP/2 Bomb", a resource exhaustion denial-of-service attack against HTTP/2. For more information, see: https://seclists.org/oss-sec/2026/q2/790 https://www.cve.org/CVERecord?id=CVE-2026-49975 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/httpd-2.4.67-i586-2_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/httpd-2.4.67-x86_64-2_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.67-i686-2.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.67-x86_64-2.txz MD5 signatures: +-------------+ Slackware 15.0 package: fe1db72c286841174ff38534c6e6918d httpd-2.4.67-i586-2_slack15.0.txz Slackware x86_64 15.0 package: b14dd1a6d97a842eee7a5ecd7b8f0855 httpd-2.4.67-x86_64-2_slack15.0.txz Slackware -current package: eee9bd40cb210f87590334e724d2bde0 n/httpd-2.4.67-i686-2.txz Slackware x86_64 -current package: 594fcc2edd5ca2f41a3aade3b7d467bb n/httpd-2.4.67-x86_64-2.txz Installationinstructions: +------------------------+ Upgrade the package as root: # upgradepkg httpd-2.4.67-i586-2_slack15.0.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ . New httpd packages address security issues in Slackware 15.0 and -current ensuring system stability. Updates recommended.. HTTPD Security Update, Slackware Linux, Resource Exhaustion, Denial of Service, Security Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 03, 2026 Important Slackware
100

SUSE Python-Pillow Denial of Service and Overflow Security Fix 2026-21861-1

An update that solves three vulnerabilities can now be installed.. # Security update for python-Pillow Announcement ID: SUSE-SU-2026:21861-1 Release Date: 2026-05-28T16:02:39Z Rating: important References: * bsc#1265153 * bsc#1265154 * bsc#1265359 Cross-References: * CVE-2026-42308 * CVE-2026-42309 * CVE-2026-42310 CVSS scores: * CVE-2026-42308 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42308 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42308 ( NVD ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-42308 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42309 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42309 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-42309 ( NVD ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-42309 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42310 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42310 ( NVD ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-42310 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for python-Pillow fixes the following issues * CVE-2026-42308: integer overflow in font processing can lead to denial of service(bsc#1265359). * CVE-2026-42309: heap buffer overflow when processing nested list coordinates (bsc#1265153). * CVE-2026-42310: infinite loop and resource exhaustion when processing specially crafted PDFs (bsc#1265154). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-820=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-820=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * python-Pillow-debuginfo-11.3.0-160000.5.1 * python313-Pillow-tk-debuginfo-11.3.0-160000.5.1 * python313-Pillow-debuginfo-11.3.0-160000.5.1 * python313-Pillow-11.3.0-160000.5.1 * python-Pillow-debugsource-11.3.0-160000.5.1 * python313-Pillow-tk-11.3.0-160000.5.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * python-Pillow-debuginfo-11.3.0-160000.5.1 * python313-Pillow-tk-debuginfo-11.3.0-160000.5.1 * python313-Pillow-debuginfo-11.3.0-160000.5.1 * python313-Pillow-11.3.0-160000.5.1 * python-Pillow-debugsource-11.3.0-160000.5.1 * python313-Pillow-tk-11.3.0-160000.5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-42308.html * https://www.suse.com/security/cve/CVE-2026-42309.html * https://www.suse.com/security/cve/CVE-2026-42310.html * https://bugzilla.suse.com/show_bug.cgi?id=1265153 * https://bugzilla.suse.com/show_bug.cgi?id=1265154 * https://bugzilla.suse.com/show_bug.cgi?id=1265359 . Update fixes important security issues in python-Pillow for SUSE, addressing critical threats in processing.. python-Pillow update, SUSE security patch, security threat resolution, denial of service, heap overflow. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 01, 2026 Important SuSE
172

Ubuntu 24.04 Critical Qt Declarative Resource Exhaustion USN-8357-1

Qt Declarative could be made to use excessive resources if it received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-8357-1 June 01, 2026 qtdeclarative-opensource-src vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Qt Declarative could be made to use excessive resources if it received specially crafted input. Software Description: - qtdeclarative-opensource-src: Qt 5 declarative modules Details: It was discovered that Qt Declarative did not properly validate the width and height attributes of image tags in the Text component of Qt Quick. An attacker could possibly use this issue to cause Qt Declarative to use excessive resources, leading to a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libqt5quick5 5.15.13+dfsg-1ubuntu0.1+esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS libqt5quick5 5.15.3+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS libqt5quick5 5.12.8-0ubuntu1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8357-1 CVE-2025-12385 . Excessive resource usage in Qt Declarative could lead to a DoS attack. Update your Ubuntu system for a fix.. Qt Declarative Security Update, Ubuntu Resource Exhaustion Fix, DoS Vulnerability Mitigation. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 01, 2026 Critical Ubuntu
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200