Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":100,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 127 articles for you...
202

openSUSE dracut Important Command Injection Threat CVE-2026-6893

An update that solves one vulnerability can now be installed.. # Security update for dracut Announcement ID: SUSE-SU-2026:2721-1 Release Date: 2026-07-01T13:15:53Z Rating: important References: * bsc#1268322 Cross-References: * CVE-2026-6893 CVSS scores: * CVE-2026-6893 ( SUSE ): 8.7 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-6893 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for dracut fixes the following issue * CVE-2026-6893: Root code execution via DHCP options command injection (bsc#1268322). Changes for dracut: * Update to version 055+suse.402.g2720eea: * fix(network-legacy): sanitize DHCP values in dhclient-script.sh (bsc#1268322, CVE-2026-6893) * fix(network-legacy): add input validation to RFC 3442 route parser ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2721=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2721=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patchSUSE-SLE-Micro-5.5-2026-2721=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2721=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2721=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-2721=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * dracut-fips-055+suse.402.g2720eea-150500.3.41.1 * dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1 * dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1 * dracut-mkinitrd-deprecated-055+suse.402.g2720eea-150500.3.41.1 * dracut-055+suse.402.g2720eea-150500.3.41.1 * dracut-ima-055+suse.402.g2720eea-150500.3.41.1 * openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64) * dracut-fips-055+suse.402.g2720eea-150500.3.41.1 * dracut-tools-055+suse.402.g2720eea-150500.3.41.1 * dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1 * dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1 * dracut-mkinitrd-deprecated-055+suse.402.g2720eea-150500.3.41.1 * dracut-055+suse.402.g2720eea-150500.3.41.1 * dracut-ima-055+suse.402.g2720eea-150500.3.41.1 * dracut-extra-055+suse.402.g2720eea-150500.3.41.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * dracut-fips-055+suse.402.g2720eea-150500.3.41.1 * dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1 * dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1 * dracut-mkinitrd-deprecated-055+suse.402.g2720eea-150500.3.41.1 * dracut-055+suse.402.g2720eea-150500.3.41.1 * dracut-ima-055+suse.402.g2720eea-150500.3.41.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1 * dracut-fips-055+suse.402.g2720eea-150500.3.41.1 * dracut-055+suse.402.g2720eea-150500.3.41.1 * dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1 * SUSELinux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * dracut-fips-055+suse.402.g2720eea-150500.3.41.1 * dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1 * dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1 * dracut-mkinitrd-deprecated-055+suse.402.g2720eea-150500.3.41.1 * dracut-055+suse.402.g2720eea-150500.3.41.1 * dracut-ima-055+suse.402.g2720eea-150500.3.41.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * dracut-fips-055+suse.402.g2720eea-150500.3.41.1 * dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1 * dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1 * dracut-mkinitrd-deprecated-055+suse.402.g2720eea-150500.3.41.1 * dracut-055+suse.402.g2720eea-150500.3.41.1 * dracut-ima-055+suse.402.g2720eea-150500.3.41.1 ## References: * https://www.suse.com/security/cve/CVE-2026-6893.html * https://bugzilla.suse.com/show_bug.cgi?id=1268322 . An important update for openSUSE addresses a critical command injection issue in dracut, enhancing system security.. dracut update, openSUSE patch, command injection risk, root access fix. . LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 OpenSUSE
100

SUSE Dracut Important Root Command Injection Vuln 2026-2721-1

An update that solves one vulnerability can now be installed.. # Security update for dracut Announcement ID: SUSE-SU-2026:2721-1 Release Date: 2026-07-01T13:15:53Z Rating: important References: * bsc#1268322 Cross-References: * CVE-2026-6893 CVSS scores: * CVE-2026-6893 ( SUSE ): 8.7 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-6893 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for dracut fixes the following issue * CVE-2026-6893: Root code execution via DHCP options command injection (bsc#1268322). Changes for dracut: * Update to version 055+suse.402.g2720eea: * fix(network-legacy): sanitize DHCP values in dhclient-script.sh (bsc#1268322, CVE-2026-6893) * fix(network-legacy): add input validation to RFC 3442 route parser ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2721=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2721=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patchSUSE-SLE-Micro-5.5-2026-2721=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2721=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2721=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-2721=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * dracut-fips-055+suse.402.g2720eea-150500.3.41.1 * dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1 * dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1 * dracut-mkinitrd-deprecated-055+suse.402.g2720eea-150500.3.41.1 * dracut-055+suse.402.g2720eea-150500.3.41.1 * dracut-ima-055+suse.402.g2720eea-150500.3.41.1 * openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64) * dracut-fips-055+suse.402.g2720eea-150500.3.41.1 * dracut-tools-055+suse.402.g2720eea-150500.3.41.1 * dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1 * dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1 * dracut-mkinitrd-deprecated-055+suse.402.g2720eea-150500.3.41.1 * dracut-055+suse.402.g2720eea-150500.3.41.1 * dracut-ima-055+suse.402.g2720eea-150500.3.41.1 * dracut-extra-055+suse.402.g2720eea-150500.3.41.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * dracut-fips-055+suse.402.g2720eea-150500.3.41.1 * dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1 * dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1 * dracut-mkinitrd-deprecated-055+suse.402.g2720eea-150500.3.41.1 * dracut-055+suse.402.g2720eea-150500.3.41.1 * dracut-ima-055+suse.402.g2720eea-150500.3.41.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1 * dracut-fips-055+suse.402.g2720eea-150500.3.41.1 * dracut-055+suse.402.g2720eea-150500.3.41.1 * dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1 * SUSELinux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * dracut-fips-055+suse.402.g2720eea-150500.3.41.1 * dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1 * dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1 * dracut-mkinitrd-deprecated-055+suse.402.g2720eea-150500.3.41.1 * dracut-055+suse.402.g2720eea-150500.3.41.1 * dracut-ima-055+suse.402.g2720eea-150500.3.41.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * dracut-fips-055+suse.402.g2720eea-150500.3.41.1 * dracut-debugsource-055+suse.402.g2720eea-150500.3.41.1 * dracut-debuginfo-055+suse.402.g2720eea-150500.3.41.1 * dracut-mkinitrd-deprecated-055+suse.402.g2720eea-150500.3.41.1 * dracut-055+suse.402.g2720eea-150500.3.41.1 * dracut-ima-055+suse.402.g2720eea-150500.3.41.1 ## References: * https://www.suse.com/security/cve/CVE-2026-6893.html * https://bugzilla.suse.com/show_bug.cgi?id=1268322 . A security update for dracut on SUSE addresses important vulnerabilities related to root access issues.. dracut security update, SUSE vulnerability fix, root command injection, important patch SUSE, Linux security advisory. . LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 SuSE
100

SUSE Dracut Important Root Code Execution Security Fix 2026-22358-1

An update that solves one vulnerability can now be installed.. # Security update for dracut Announcement ID: SUSE-SU-2026:22358-1 Release Date: 2026-06-24T21:37:46Z Rating: important References: * bsc#1268322 Cross-References: * CVE-2026-6893 CVSS scores: * CVE-2026-6893 ( SUSE ): 8.7 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-6893 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for dracut fixes the following issue * CVE-2026-6893: Root code execution via DHCP options command injection (bsc#1268322). Changes for dracut: * Update to version 059+suse.722.gdd9d67ff5: * fix(network-legacy): sanitize DHCP values in dhclient-script.sh (bsc#1268322, CVE-2026-6893) * fix(network-legacy): add input validation to RFC 3442 route parser ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-1067=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-1067=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * dracut-tools-059+suse.722.gdd9d67ff5-160000.1.1 * dracut-ima-059+suse.722.gdd9d67ff5-160000.1.1 * dracut-059+suse.722.gdd9d67ff5-160000.1.1 * dracut-extra-059+suse.722.gdd9d67ff5-160000.1.1 * dracut-fips-059+suse.722.gdd9d67ff5-160000.1.1 * dracut-debugsource-059+suse.722.gdd9d67ff5-160000.1.1 *dracut-debuginfo-059+suse.722.gdd9d67ff5-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * dracut-tools-059+suse.722.gdd9d67ff5-160000.1.1 * dracut-ima-059+suse.722.gdd9d67ff5-160000.1.1 * dracut-059+suse.722.gdd9d67ff5-160000.1.1 * dracut-extra-059+suse.722.gdd9d67ff5-160000.1.1 * dracut-fips-059+suse.722.gdd9d67ff5-160000.1.1 * dracut-debugsource-059+suse.722.gdd9d67ff5-160000.1.1 * dracut-debuginfo-059+suse.722.gdd9d67ff5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-6893.html * https://bugzilla.suse.com/show_bug.cgi?id=1268322 . Important security update for dracut addressing root code execution through DHCP options command injection in SUSE.. SUSE Security Update, Dracut Vulnerability, Command Injection Fix. . LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 SuSE
202

openSUSE 2026-2681-1 libheif Moderate Information Leak and Root Access

An update that solves two vulnerabilities can now be installed.. # Security update for libheif Announcement ID: SUSE-SU-2026:2681-1 Release Date: 2026-06-29T13:27:52Z Rating: moderate References: * bsc#1261658 * bsc#1265878 Cross-References: * CVE-2026-32282 * CVE-2026-32814 CVSS scores: * CVE-2026-32282 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32814 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-32814 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-32814 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 An update that solves two vulnerabilities can now be installed. ## Description: This update for libheif fixes the following issues * CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658). * CVE-2026-32814: Uninitialized Heap Memory Information Leak via Failed Grid Tiles (bsc#1265878). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2681=1 ## Package List: * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * libheif-devel-1.12.0-150400.3.20.1 * libheif-debugsource-1.12.0-150400.3.20.1 * gdk-pixbuf-loader-libheif-debuginfo-1.12.0-150400.3.20.1 * libheif1-debuginfo-1.12.0-150400.3.20.1 * gdk-pixbuf-loader-libheif-1.12.0-150400.3.20.1 * libheif1-1.12.0-150400.3.20.1 * openSUSE Leap 15.4 (x86_64) * libheif1-32bit-debuginfo-1.12.0-150400.3.20.1 * libheif1-32bit-1.12.0-150400.3.20.1 * openSUSE Leap 15.4 (aarch64_ilp32) *libheif1-64bit-debuginfo-1.12.0-150400.3.20.1 * libheif1-64bit-1.12.0-150400.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32282.html * https://www.suse.com/security/cve/CVE-2026-32814.html * https://bugzilla.suse.com/show_bug.cgi?id=1261658 * https://bugzilla.suse.com/show_bug.cgi?id=1265878 . # Security update for libheif Announcement ID: SUSE-SU-2026:2681-1 Release Date: 2026-06-29T13:27:52. update, solves, vulnerabilities, installed, security, libheif, announ. . LinuxSecurity.com Team

Calendar%202 Jun 29, 2026 OpenSUSE
219

Rocky Linux dracut Important Command Injection Threat RLSA-2026-26532

Important: dracut security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:26532", "synopsis": "Important: dracut security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for dracut.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The dracut packages contain an event-driven initial RAM file system (initramfs) generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition.\n\nSecurity Fix(es):\n\n* dracut: dracut: Root code execution via DHCP options command injection (CVE-2026-6893)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2459963", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2459963", "description": ""}], "cves": [{"name": "CVE-2026-6893", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6893", "cvss3ScoringVector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-78"}], "references": [], "publishedAt": "2026-06-19T06:04:41.448408Z", "rpms": {"Rocky Linux 10": {"nvras": ["dracut-debugsource-0:107-7.el10_2.s390x.rpm", "dracut-squash-0:107-7.el10_2.s390x.rpm", "dracut-0:107-7.el10_2.s390x.rpm", "dracut-debugsource-0:107-7.el10_2.ppc64le.rpm", "dracut-debuginfo-0:107-7.el10_2.s390x.rpm", "dracut-config-generic-0:107-7.el10_2.x86_64.rpm", "dracut-0:107-7.el10_2.x86_64.rpm", "dracut-config-rescue-0:107-7.el10_2.x86_64.rpm", "dracut-caps-0:107-7.el10_2.aarch64.rpm", "dracut-debugsource-0:107-7.el10_2.aarch64.rpm","dracut-caps-0:107-7.el10_2.s390x.rpm", "dracut-caps-0:107-7.el10_2.x86_64.rpm", "dracut-network-0:107-7.el10_2.ppc64le.rpm", "dracut-live-0:107-7.el10_2.s390x.rpm", "dracut-network-0:107-7.el10_2.x86_64.rpm", "dracut-debuginfo-0:107-7.el10_2.aarch64.rpm", "dracut-tools-0:107-7.el10_2.ppc64le.rpm", "dracut-0:107-7.el10_2.aarch64.rpm", "dracut-config-rescue-0:107-7.el10_2.ppc64le.rpm", "dracut-config-rescue-0:107-7.el10_2.s390x.rpm", "dracut-config-generic-0:107-7.el10_2.ppc64le.rpm", "dracut-tools-0:107-7.el10_2.x86_64.rpm", "dracut-squash-0:107-7.el10_2.aarch64.rpm", "dracut-debugsource-0:107-7.el10_2.x86_64.rpm", "dracut-squash-0:107-7.el10_2.x86_64.rpm", "dracut-debuginfo-0:107-7.el10_2.ppc64le.rpm", "dracut-config-generic-0:107-7.el10_2.aarch64.rpm", "dracut-live-0:107-7.el10_2.aarch64.rpm", "dracut-0:107-7.el10_2.src.rpm", "dracut-network-0:107-7.el10_2.aarch64.rpm", "dracut-live-0:107-7.el10_2.x86_64.rpm", "dracut-live-0:107-7.el10_2.ppc64le.rpm", "dracut-config-generic-0:107-7.el10_2.s390x.rpm", "dracut-squash-0:107-7.el10_2.ppc64le.rpm", "dracut-debuginfo-0:107-7.el10_2.x86_64.rpm", "dracut-config-rescue-0:107-7.el10_2.aarch64.rpm", "dracut-network-0:107-7.el10_2.s390x.rpm", "dracut-tools-0:107-7.el10_2.aarch64.rpm", "dracut-0:107-7.el10_2.ppc64le.rpm", "dracut-caps-0:107-7.el10_2.ppc64le.rpm", "dracut-tools-0:107-7.el10_2.s390x.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Dracut security update for Rocky Linux addresses a critical command injection flaw with root access risk.. Rocky Linux Dracut Update, Security Advisory, Command Injection, Linux Sysadmin, Security Patching. . LinuxSecurity.com Team

Calendar%202 Jun 19, 2026 Rocky Linux
219

Rocky Linux 10 Yggdrasil Worker Package Manager Moderate Root Chmod Issue

Moderate: yggdrasil-worker-package-manager security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:25999", "synopsis": "Moderate: yggdrasil-worker-package-manager security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for yggdrasil-worker-package-manager.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "yggdrasil-worker-package-manager is a simple package manager yggd worker. It knows how to install and remove packages, add, remove, enable and disable repositories, and does rudimentary detection of the host it is running on to guess the package manager to use. It only installs packages that match one of the provided allow-pattern regular expressions.\n\nSecurity Fix(es):\n\n* golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2456336", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "description": ""}], "cves": [{"name": "CVE-2026-32282", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-367"}], "references": [], "publishedAt": "2026-06-19T06:04:41.448408Z", "rpms": {"Rocky Linux 10": {"nvras": ["yggdrasil-worker-package-manager-debugsource-0:0.2.3-7.el10_2.aarch64.rpm", "yggdrasil-worker-package-manager-debuginfo-0:0.2.3-7.el10_2.ppc64le.rpm", "yggdrasil-worker-package-manager-0:0.2.3-7.el10_2.src.rpm", "yggdrasil-worker-package-manager-debuginfo-0:0.2.3-7.el10_2.aarch64.rpm","yggdrasil-worker-package-manager-0:0.2.3-7.el10_2.x86_64.rpm", "yggdrasil-worker-package-manager-0:0.2.3-7.el10_2.ppc64le.rpm", "yggdrasil-worker-package-manager-debugsource-0:0.2.3-7.el10_2.x86_64.rpm", "yggdrasil-worker-package-manager-debugsource-0:0.2.3-7.el10_2.s390x.rpm", "yggdrasil-worker-package-manager-debuginfo-0:0.2.3-7.el10_2.s390x.rpm", "yggdrasil-worker-package-manager-0:0.2.3-7.el10_2.aarch64.rpm", "yggdrasil-worker-package-manager-debugsource-0:0.2.3-7.el10_2.ppc64le.rpm", "yggdrasil-worker-package-manager-debuginfo-0:0.2.3-7.el10_2.x86_64.rpm", "yggdrasil-worker-package-manager-0:0.2.3-7.el10_2.s390x.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. yggdrasil-worker-package-manager in Rocky Linux 10 has a moderate security update addressing root access issue.. Rocky Linux yggdrasil worker security update moderate root access. . LinuxSecurity.com Team

Calendar%202 Jun 19, 2026 Rocky Linux
219

Rocky Linux RLSA-2026-25999 yggdrasil-worker Moderate Risk Security Update

Moderate: yggdrasil-worker-package-manager security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:25999", "synopsis": "Moderate: yggdrasil-worker-package-manager security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for yggdrasil-worker-package-manager.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "yggdrasil-worker-package-manager is a simple package manager yggd worker. It knows how to install and remove packages, add, remove, enable and disable repositories, and does rudimentary detection of the host it is running on to guess the package manager to use. It only installs packages that match one of the provided allow-pattern regular expressions.\n\nSecurity Fix(es):\n\n* golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2456336", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "description": ""}], "cves": [{"name": "CVE-2026-32282", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-367"}], "references": [], "publishedAt": "2026-06-19T06:04:41.448408Z", "rpms": {"Rocky Linux 10": {"nvras": ["yggdrasil-worker-package-manager-debugsource-0:0.2.3-7.el10_2.aarch64.rpm", "yggdrasil-worker-package-manager-debuginfo-0:0.2.3-7.el10_2.ppc64le.rpm", "yggdrasil-worker-package-manager-0:0.2.3-7.el10_2.src.rpm", "yggdrasil-worker-package-manager-debuginfo-0:0.2.3-7.el10_2.aarch64.rpm","yggdrasil-worker-package-manager-0:0.2.3-7.el10_2.x86_64.rpm", "yggdrasil-worker-package-manager-0:0.2.3-7.el10_2.ppc64le.rpm", "yggdrasil-worker-package-manager-debugsource-0:0.2.3-7.el10_2.x86_64.rpm", "yggdrasil-worker-package-manager-debugsource-0:0.2.3-7.el10_2.s390x.rpm", "yggdrasil-worker-package-manager-debuginfo-0:0.2.3-7.el10_2.s390x.rpm", "yggdrasil-worker-package-manager-0:0.2.3-7.el10_2.aarch64.rpm", "yggdrasil-worker-package-manager-debugsource-0:0.2.3-7.el10_2.ppc64le.rpm", "yggdrasil-worker-package-manager-debuginfo-0:0.2.3-7.el10_2.x86_64.rpm", "yggdrasil-worker-package-manager-0:0.2.3-7.el10_2.s390x.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. A security update for yggdrasil-worker-package-manager on Rocky Linux addresses a moderate risk issue affecting the package manager.. yggdrasil package update, Rocky Linux security, package manager vulnerabilities, yggdrasil-worker-manager, Rocky Linux RLSA-2026. . LinuxSecurity.com Team

Calendar%202 Jun 19, 2026 Rocky Linux
219

Rocky Linux 10 Dracut Important Root Code Execution CVE-2026-6893

Important: dracut security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:26532", "synopsis": "Important: dracut security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for dracut.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The dracut packages contain an event-driven initial RAM file system (initramfs) generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition.\n\nSecurity Fix(es):\n\n* dracut: dracut: Root code execution via DHCP options command injection (CVE-2026-6893)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2459963", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2459963", "description": ""}], "cves": [{"name": "CVE-2026-6893", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6893", "cvss3ScoringVector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-78"}], "references": [], "publishedAt": "2026-06-19T06:04:41.448408Z", "rpms": {"Rocky Linux 10": {"nvras": ["dracut-debugsource-0:107-7.el10_2.s390x.rpm", "dracut-squash-0:107-7.el10_2.s390x.rpm", "dracut-0:107-7.el10_2.s390x.rpm", "dracut-debugsource-0:107-7.el10_2.ppc64le.rpm", "dracut-debuginfo-0:107-7.el10_2.s390x.rpm", "dracut-config-generic-0:107-7.el10_2.x86_64.rpm", "dracut-0:107-7.el10_2.x86_64.rpm", "dracut-config-rescue-0:107-7.el10_2.x86_64.rpm", "dracut-caps-0:107-7.el10_2.aarch64.rpm", "dracut-debugsource-0:107-7.el10_2.aarch64.rpm","dracut-caps-0:107-7.el10_2.s390x.rpm", "dracut-caps-0:107-7.el10_2.x86_64.rpm", "dracut-network-0:107-7.el10_2.ppc64le.rpm", "dracut-live-0:107-7.el10_2.s390x.rpm", "dracut-network-0:107-7.el10_2.x86_64.rpm", "dracut-debuginfo-0:107-7.el10_2.aarch64.rpm", "dracut-tools-0:107-7.el10_2.ppc64le.rpm", "dracut-0:107-7.el10_2.aarch64.rpm", "dracut-config-rescue-0:107-7.el10_2.ppc64le.rpm", "dracut-config-rescue-0:107-7.el10_2.s390x.rpm", "dracut-config-generic-0:107-7.el10_2.ppc64le.rpm", "dracut-tools-0:107-7.el10_2.x86_64.rpm", "dracut-squash-0:107-7.el10_2.aarch64.rpm", "dracut-debugsource-0:107-7.el10_2.x86_64.rpm", "dracut-squash-0:107-7.el10_2.x86_64.rpm", "dracut-debuginfo-0:107-7.el10_2.ppc64le.rpm", "dracut-config-generic-0:107-7.el10_2.aarch64.rpm", "dracut-live-0:107-7.el10_2.aarch64.rpm", "dracut-0:107-7.el10_2.src.rpm", "dracut-network-0:107-7.el10_2.aarch64.rpm", "dracut-live-0:107-7.el10_2.x86_64.rpm", "dracut-live-0:107-7.el10_2.ppc64le.rpm", "dracut-config-generic-0:107-7.el10_2.s390x.rpm", "dracut-squash-0:107-7.el10_2.ppc64le.rpm", "dracut-debuginfo-0:107-7.el10_2.x86_64.rpm", "dracut-config-rescue-0:107-7.el10_2.aarch64.rpm", "dracut-network-0:107-7.el10_2.s390x.rpm", "dracut-tools-0:107-7.el10_2.aarch64.rpm", "dracut-0:107-7.el10_2.ppc64le.rpm", "dracut-caps-0:107-7.el10_2.ppc64le.rpm", "dracut-tools-0:107-7.el10_2.s390x.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important security update for dracut on Rocky Linux addresses potential root code execution issues via command injection.. Rocky Linux dracut security important. . LinuxSecurity.com Team

Calendar%202 Jun 19, 2026 Rocky Linux
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":100,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Your message here