Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 228 articles for you...
197

Debian LTS OpenVPN Security Update Addresses Segmentation Fault Issue

A regression has been discovered in the latest release of openvpn 2.5.1-3+deb11u3. The fix adressing CVE-2026-40215 contained a bug which could lead to segmentation faults. Furthermore, the function backported for the fix has recently been disovered to be vulnerable to CVE-2026- 12996.. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4653-2 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Daniel Leidert July 06, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : openvpn Version : 2.5.1-3+deb11u4 CVE ID : CVE-2026-12996 Debian Bug : 1141326 A regression has been discovered in the latest release of openvpn 2.5.1-3+deb11u3. The fix adressing CVE-2026-40215 contained a bug which could lead to segmentation faults. Furthermore, the function backported for the fix has recently been disovered to be vulnerable to CVE-2026- 12996. For Debian 11 bullseye, these problems have been fixed in version 2.5.1-3+deb11u4. We recommend that you upgrade your openvpn packages. For the detailed security status of openvpn please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openvpn Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . A regression in openvpn update affects stability, exposing CVE-2026-12996. Upgrade to mitigate risks with Debian LTS.. openvpn bug fix, Debian LTS security, CVE-2026-12996, segmentation fault, Linux application security. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 05, 2026 Important Debian LTS
203

Mageia php8 Important Bugfix Seg Fault Update 2026-0038

Security update. Publication date: 04 Jul 2026 URL: https://advisories.mageia.org/MGAA-2026-0038.html Type: bugfix Affected Mageia releases: 10 Description: Update php-mailparse to the latest version. This release fixes a segmentation fault References: - https://bugs.mageia.org/show_bug.cgi?id=35674 - https://pecl.php.net/package-changelog.php?package=mailparse&release=3.2.0 SRPMS: - 10/core/php8.5-mailparse-3.2.0-1.mga10 - 10/core/php8.4-mailparse-3.2.0-1.mga10 . Update for Mageia addresses segmentation fault in php-mailparse, enhancing system stability and performance.. Mageia php8 update, php-mailparse security fix, Mageia 10 patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 04, 2026 Important Mageia
100

SUSE Linux 15 SP7 Avahi Moderate Crash Risk Advisory SUSE-SU-2026-1441-1

An update that solves one vulnerability can now be installed.. # Security update for avahi Announcement ID: SUSE-SU-2026:1441-1 Release Date: 2026-04-17T14:18:38Z Rating: moderate References: * bsc#1257235 Cross-References: * CVE-2026-24401 CVSS scores: * CVE-2026-24401 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for avahi fixes the following issue: * CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record (bsc#1257235). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1441=1 openSUSE-SLE-15.6-2026-1441=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1441=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1441=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1441=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libavahi-glib-devel-0.8-150600.15.15.1 * avahi-qt5-debugsource-0.8-150600.15.15.1 * libavahi-common3-debuginfo-0.8-150600.15.15.1 *libavahi-glib1-debuginfo-0.8-150600.15.15.1 * python3-avahi-gtk-0.8-150600.15.15.1 * avahi-0.8-150600.15.15.1 * libdns_sd-0.8-150600.15.15.1 * avahi-utils-debuginfo-0.8-150600.15.15.1 * libavahi-qt5-1-0.8-150600.15.15.1 * libavahi-libevent1-debuginfo-0.8-150600.15.15.1 * avahi-utils-gtk-0.8-150600.15.15.1 * avahi-debugsource-0.8-150600.15.15.1 * libavahi-gobject0-0.8-150600.15.15.1 * avahi-compat-howl-devel-0.8-150600.15.15.1 * libhowl0-0.8-150600.15.15.1 * avahi-autoipd-0.8-150600.15.15.1 * python3-avahi-0.8-150600.15.15.1 * libavahi-libevent1-0.8-150600.15.15.1 * libavahi-qt5-1-debuginfo-0.8-150600.15.15.1 * libavahi-qt5-devel-0.8-150600.15.15.1 * libavahi-ui-gtk3-0-0.8-150600.15.15.1 * libavahi-common3-0.8-150600.15.15.1 * typelib-1_0-Avahi-0_6-0.8-150600.15.15.1 * libavahi-client3-0.8-150600.15.15.1 * avahi-utils-gtk-debuginfo-0.8-150600.15.15.1 * avahi-utils-0.8-150600.15.15.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150600.15.15.1 * avahi-autoipd-debuginfo-0.8-150600.15.15.1 * libdns_sd-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-0.8-150600.15.15.1 * libavahi-gobject0-debuginfo-0.8-150600.15.15.1 * avahi-compat-mDNSResponder-devel-0.8-150600.15.15.1 * libavahi-core7-0.8-150600.15.15.1 * avahi-glib2-debugsource-0.8-150600.15.15.1 * libavahi-core7-debuginfo-0.8-150600.15.15.1 * libavahi-client3-debuginfo-0.8-150600.15.15.1 * libavahi-devel-0.8-150600.15.15.1 * libavahi-gobject-devel-0.8-150600.15.15.1 * libhowl0-debuginfo-0.8-150600.15.15.1 * avahi-debuginfo-0.8-150600.15.15.1 * openSUSE Leap 15.6 (x86_64) * libavahi-glib1-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-common3-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-32bit-0.8-150600.15.15.1 * avahi-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-common3-32bit-0.8-150600.15.15.1 * libdns_sd-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-32bit-0.8-150600.15.15.1 * libdns_sd-32bit-0.8-150600.15.15.1 * openSUSE Leap 15.6 (noarch) * avahi-lang-0.8-150600.15.15.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libavahi-glib1-64bit-0.8-150600.15.15.1 * avahi-64bit-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-64bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-64bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-64bit-0.8-150600.15.15.1 * libdns_sd-64bit-0.8-150600.15.15.1 * libdns_sd-64bit-debuginfo-0.8-150600.15.15.1 * libavahi-common3-64bit-debuginfo-0.8-150600.15.15.1 * libavahi-common3-64bit-0.8-150600.15.15.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libavahi-glib-devel-0.8-150600.15.15.1 * libavahi-common3-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-debuginfo-0.8-150600.15.15.1 * avahi-0.8-150600.15.15.1 * libdns_sd-0.8-150600.15.15.1 * avahi-utils-debuginfo-0.8-150600.15.15.1 * libavahi-libevent1-debuginfo-0.8-150600.15.15.1 * libavahi-gobject0-0.8-150600.15.15.1 * avahi-debugsource-0.8-150600.15.15.1 * avahi-compat-howl-devel-0.8-150600.15.15.1 * libhowl0-0.8-150600.15.15.1 * libavahi-libevent1-0.8-150600.15.15.1 * libavahi-ui-gtk3-0-0.8-150600.15.15.1 * libavahi-common3-0.8-150600.15.15.1 * typelib-1_0-Avahi-0_6-0.8-150600.15.15.1 * libavahi-client3-0.8-150600.15.15.1 * avahi-utils-0.8-150600.15.15.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150600.15.15.1 * libdns_sd-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-0.8-150600.15.15.1 * libavahi-gobject0-debuginfo-0.8-150600.15.15.1 * avahi-compat-mDNSResponder-devel-0.8-150600.15.15.1 * libavahi-core7-0.8-150600.15.15.1 * avahi-glib2-debugsource-0.8-150600.15.15.1 * libavahi-core7-debuginfo-0.8-150600.15.15.1 * libavahi-client3-debuginfo-0.8-150600.15.15.1 * libavahi-devel-0.8-150600.15.15.1 * libhowl0-debuginfo-0.8-150600.15.15.1 * avahi-debuginfo-0.8-150600.15.15.1 * Basesystem Module 15-SP7 (noarch) * avahi-lang-0.8-150600.15.15.1 * Basesystem Module 15-SP7 (x86_64) * libavahi-common3-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-32bit-0.8-150600.15.15.1 * avahi-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-common3-32bit-0.8-150600.15.15.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * avahi-glib2-debugsource-0.8-150600.15.15.1 * avahi-autoipd-0.8-150600.15.15.1 * libavahi-gobject-devel-0.8-150600.15.15.1 * avahi-utils-gtk-debuginfo-0.8-150600.15.15.1 * avahi-debuginfo-0.8-150600.15.15.1 * avahi-autoipd-debuginfo-0.8-150600.15.15.1 * avahi-utils-gtk-0.8-150600.15.15.1 * avahi-debugsource-0.8-150600.15.15.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * avahi-debugsource-0.8-150600.15.15.1 * python3-avahi-0.8-150600.15.15.1 * avahi-debuginfo-0.8-150600.15.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24401.html * https://bugzilla.suse.com/show_bug.cgi?id=1257235 . Update for avahi resolves a moderate issue with potential remote access crashes via unsolicited responses.. SUSE, Avahi, Security Update, Remote Access, CVE-2026-24401. . LinuxSecurity.com Team

Calendar%202 Apr 17, 2026 SuSE
202

openSUSE Backports SLE-15-SP7 micropython Vulnerability 2026-0050-1

An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for micropython ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0050-1 Rating: low References: #1257803 Cross-References: CVE-2025-59438 CVE-2026-1998 CVSS scores: CVE-2025-59438 (SUSE): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for micropython fixes the following issues: - CVE-2026-1998: Fixed a segmentation fault in 'mp_map_lookup' via 'mp_import_all' (boo#1257803) - Version 1.26.1 * esp32: update esp_tinyusb component to v1.7.6 * tools: add an environment variable MICROPY_MAINTAINER_BUILD * esp32: add IDF Component Lockfiles to git repo * shared/tinyusb: fix hang from new tx_overwritabe_if_not_connected flag * shared/tinyusb/mp_usbd_cdc: rewrite USB CDC TX loop * tools/mpremote: don't apply Espressif DTR/RTS quirk to TinyUSB CDC dev - Fix building on single core systems * Skip tests/thread/stress_schedule.py when single core system detected - Build with mbedtls-3.6.5 instead of bundled 3.6.2 to fix CVE-2025-59438 - Version 1.26.0 * Added machine.I2CTarget for creating I2C target devices on multiple ports. * New MCU support: STM32N6xx (800 MHz, ML accel) and ESP32-C2 (WiFi + BLE). * Major float accuracy boost (~28% ~98%), constant folding in compiler. * Optimized native/Viper emitters; reduced heap use for slices. * Time functions standardized (1970 2099); new boards across ESP32, SAMD, STM32, Zephyr. * ESP32: ESP-IDF 5.4.2, flash auto-detect, PCNT class, LAN8670 PHY. * RP2: compressed errors, better lightsleep, hardIRQ timers. * Zephyr v4.0.0: PWM, SoftI2C/SPI, BLE runtime services, boot.py/main.py support. * mpremote adds fs tree, improved df, portable config paths. * Updated lwIP, LittleFS, libhydrogen, stm32lib; expanded hardware/CI tests. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-50=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 x86_64): micropython-1.26.1-bp157.5.1 mpy-tools-1.26.1-bp157.5.1 - openSUSE Backports SLE-15-SP7 (noarch): mpremote-1.26.1-bp157.5.1 References: https://www.suse.com/security/cve/CVE-2025-59438.html https://www.suse.com/security/cve/CVE-2026-1998.html https://bugzilla.suse.com/1257803 . Update for micropython resolves two identified issues in openSUSE 15, advising installation of security patches.. openSUSE micropython update low severity security patch CVE-2025-59438. . Severity: Low. LinuxSecurity.com Team

Calendar%202 Feb 15, 2026 Low OpenSUSE
100

SUSE Linux Micro iperf Moderate Fix for Segmentation Fault 2024-53580

An update that solves one vulnerability can now be installed.. # Security update for iperf Announcement ID: SUSE-SU-2026:20295-1 Release Date: 2025-04-22T14:08:15Z Rating: moderate References: * bsc#1234705 Cross-References: * CVE-2024-53580 CVSS scores: * CVE-2024-53580 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-53580 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53580 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro Extras 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for iperf fixes the following issues: Update to 3.18 (bsc#1234705, CVE-2024-53580): * SECURITY NOTE: Thanks to Leonid Krolle Bi.Zone for discovering a JSON type security vulnerability that caused a segmentation fault in the server. (CVE-2024-53580) This has now been fixed. (PR#1810) * UDP packets per second now reports the correct number of packets, by reporting NET_SOFTERROR if there's a EAGAIN/EINTR errno if no data was sent (#1367/PR#1379). * Several segmentation faults related to threading were fixed. One where `pthread_cancel` was called on an improperly initialized thread (#1801), another where threads were being recycled (#1760/PR#1761), and another where threads were improperly handling signals (#1750/PR#1752). * A segmentation fault from calling `freeaddrinfo` with `NULL` was fixed (PR#1755). * Some JSON options were fixed, including checking the size for `json_read` (PR#1709), but the size limit was removed for received server output (PR#1779). * A rcv-timeout error has been fixed. The Nread timeout was hardcoded and timed out before the `--rcv-timeout` option * There is no longer a limit on the omit time period * Fixed an output crash under 32-bit big-endian systems * An issue was fixed where CPU utilization was unexpectedly highduring limited baud rate tests. The `--pacing-timer` option was removed, but it is still available in the library * Add SCTP information to `--json` output and fixed compile error when SCTP is not supported (#1731). * `--fq-rate` was changed from a uint to a uint64 to allow pacing above 32G. Not yet tested on big-endian systems * Build with OpenSSL for key based authentication support ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.0 zypper in -t patch SUSE-SLE-Micro-Extras-6.0-296=1 ## Package List: * SUSE Linux Micro Extras 6.0 (aarch64 ppc64le s390x x86_64) * libiperf0-debuginfo-3.18-1.1 * iperf-debugsource-3.18-1.1 * libiperf0-3.18-1.1 * iperf-debuginfo-3.18-1.1 * iperf-3.18-1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-53580.html * https://bugzilla.suse.com/show_bug.cgi?id=1234705 . Mitigate the JSON security flaw in iperf with this crucial SUSE update. Ensure system reliability and performance improvements.. iperf update,SUSE patch,security flaw resolution,network performance fix,SUSE Linux Micro. . LinuxSecurity.com Team

Calendar%202 Feb 13, 2026 SuSE
202

openSUSE MicroPython Minor Crash Warning for version 2026-20199-2

An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for micropython ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20199-1 Rating: low References: * bsc#1257803 Cross-References: * CVE-2026-1998 Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for micropython fixes the following issues: Changes in micropython: - CVE-2026-1998: Fixed segmentation fault in `mp_map_lookup` via `mp_import_all` (bsc#1257803). - Version 1.26.1 * esp32: update esp_tinyusb component to v1.7.6 * tools: add an environment variable MICROPY_MAINTAINER_BUILD * esp32: add IDF Component Lockfiles to git repo * shared/tinyusb: fix hang from new tx_overwritabe_if_not_connected flag * shared/tinyusb/mp_usbd_cdc: rewrite USB CDC TX loop * tools/mpremote: don't apply Espressif DTR/RTS quirk to TinyUSB CDC dev - Fix building on single core systems * Skip tests/thread/stress_schedule.py when single core system detected Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-122=1 Package List: - openSUSE Leap 16.0: micropython-1.26.1-bp160.1.1 mpremote-1.26.1-bp160.1.1 mpy-tools-1.26.1-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2026-1998.html . Install the latest openSUSE micropython update to resolve a segmentation fault issue and improve stability for users.. openSUSE, Micropython, Patch Update. . Severity: Low. LinuxSecurity.com Team

Calendar%202 Feb 12, 2026 Low OpenSUSE
197

Debian 11: DLA-4443-1 DCMTK Important MemCorruption SegFault CVE-2025-14607

Two vulnerabilities have been addressed in DCMTK, a collection of libraries and applications implementing large parts of the DICOM standard for medical images. CVE-2025-14607 Possible memory corruption caused by illegal attributes in datasets which. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4443-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany January 19, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : dcmtk Version : 3.6.5-1+deb11u6 CVE ID : CVE-2025-14607 CVE-2025-14841 Debian Bug : 1122926 1123584 Two vulnerabilities have been addressed in DCMTK, a collection of libraries and applications implementing large parts of the DICOM standard for medical images. CVE-2025-14607 Possible memory corruption caused by illegal attributes in datasets which are processed by DcmByteString functions. CVE-2025-14841 Invalid messages sent to dcmqrscp, the Image Central Test Node, may trigger a segmentation fault due to a NULL pointer being de-referenced. For Debian 11 bullseye, these problems have been fixed in version 3.6.5-1+deb11u6. We recommend that you upgrade your dcmtk packages. For the detailed security status of dcmtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/dcmtk Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Two vulnerabilities in DCMTK affect medical image processing; upgrades are necessary to mitigate security risks.. DCMTK Security Update, Debian LTS, Memory Corruption, Segmentation Fault. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jan 19, 2026 Important Debian LTS
202

openSUSE: dcmtk Moderate Memory Issues Segmentation Faults 2026:0005-1

An update that solves two vulnerabilities and has one errata is now available.. openSUSE Security Update: Security update for dcmtk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0005-1 Rating: moderate References: #1254123 #1255292 #1255464 Cross-References: CVE-2025-14607 CVE-2025-14841 Affected Products: openSUSE Backports SLE-15-SP6 openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for dcmtk fixes the following issues: - Update to 3.7.0. See docs/CHANGES.370 for the full list of changes * CVE-2025-14841: invalid messages may trigger a segmentation fault due to a NULL pointer dereference (boo#1255292). * CVE-2025-14607: manipulation to component dcmdata could lead to memory corruption (boo#1255464). - Avoid unnecessary dependencies (boo#1254123): Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-5=1 - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2026-5=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): dcmtk-3.7.0-bp157.3.6.1 dcmtk-debuginfo-3.7.0-bp157.3.6.1 dcmtk-debugsource-3.7.0-bp157.3.6.1 dcmtk-devel-3.7.0-bp157.3.6.1 libdcmtk20-3.7.0-bp157.3.6.1 libdcmtk20-debuginfo-3.7.0-bp157.3.6.1 - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): dcmtk-3.7.0-bp156.4.15.1 dcmtk-devel-3.7.0-bp156.4.15.1 libdcmtk20-3.7.0-bp156.4.15.1 References: https://www.suse.com/security/cve/CVE-2025-14607.html https://www.suse.com/security/cve/CVE-2025-14841.html https://bugzilla.suse.com/1254123 https://bugzilla.suse.com/1255292 https://bugzilla.suse.com/1255464 . An openSUSE Security Update for dcmtk addressing two vulnerabilities that could lead to memory issues and crashes.. openSUSE Security,dcmtool update,moderate risk,backports SLE. . LinuxSecurity.com Team

Calendar%202 Jan 09, 2026 OpenSUSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200