Explore top 10 tips to secure your open-source projects now. Read More
×
A regression has been discovered in the latest release of openvpn 2.5.1-3+deb11u3. The fix adressing CVE-2026-40215 contained a bug which could lead to segmentation faults. Furthermore, the function backported for the fix has recently been disovered to be vulnerable to CVE-2026- 12996.. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4653-2
Security update. Publication date: 04 Jul 2026 URL: https://advisories.mageia.org/MGAA-2026-0038.html Type: bugfix Affected Mageia releases: 10 Description: Update php-mailparse to the latest version. This release fixes a segmentation fault References: - https://bugs.mageia.org/show_bug.cgi?id=35674 - https://pecl.php.net/package-changelog.php?package=mailparse&release=3.2.0 SRPMS: - 10/core/php8.5-mailparse-3.2.0-1.mga10 - 10/core/php8.4-mailparse-3.2.0-1.mga10 . Update for Mageia addresses segmentation fault in php-mailparse, enhancing system stability and performance.. Mageia php8 update, php-mailparse security fix, Mageia 10 patch. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for avahi Announcement ID: SUSE-SU-2026:1441-1 Release Date: 2026-04-17T14:18:38Z Rating: moderate References: * bsc#1257235 Cross-References: * CVE-2026-24401 CVSS scores: * CVE-2026-24401 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for avahi fixes the following issue: * CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record (bsc#1257235). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1441=1 openSUSE-SLE-15.6-2026-1441=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1441=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1441=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1441=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libavahi-glib-devel-0.8-150600.15.15.1 * avahi-qt5-debugsource-0.8-150600.15.15.1 * libavahi-common3-debuginfo-0.8-150600.15.15.1 *libavahi-glib1-debuginfo-0.8-150600.15.15.1 * python3-avahi-gtk-0.8-150600.15.15.1 * avahi-0.8-150600.15.15.1 * libdns_sd-0.8-150600.15.15.1 * avahi-utils-debuginfo-0.8-150600.15.15.1 * libavahi-qt5-1-0.8-150600.15.15.1 * libavahi-libevent1-debuginfo-0.8-150600.15.15.1 * avahi-utils-gtk-0.8-150600.15.15.1 * avahi-debugsource-0.8-150600.15.15.1 * libavahi-gobject0-0.8-150600.15.15.1 * avahi-compat-howl-devel-0.8-150600.15.15.1 * libhowl0-0.8-150600.15.15.1 * avahi-autoipd-0.8-150600.15.15.1 * python3-avahi-0.8-150600.15.15.1 * libavahi-libevent1-0.8-150600.15.15.1 * libavahi-qt5-1-debuginfo-0.8-150600.15.15.1 * libavahi-qt5-devel-0.8-150600.15.15.1 * libavahi-ui-gtk3-0-0.8-150600.15.15.1 * libavahi-common3-0.8-150600.15.15.1 * typelib-1_0-Avahi-0_6-0.8-150600.15.15.1 * libavahi-client3-0.8-150600.15.15.1 * avahi-utils-gtk-debuginfo-0.8-150600.15.15.1 * avahi-utils-0.8-150600.15.15.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150600.15.15.1 * avahi-autoipd-debuginfo-0.8-150600.15.15.1 * libdns_sd-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-0.8-150600.15.15.1 * libavahi-gobject0-debuginfo-0.8-150600.15.15.1 * avahi-compat-mDNSResponder-devel-0.8-150600.15.15.1 * libavahi-core7-0.8-150600.15.15.1 * avahi-glib2-debugsource-0.8-150600.15.15.1 * libavahi-core7-debuginfo-0.8-150600.15.15.1 * libavahi-client3-debuginfo-0.8-150600.15.15.1 * libavahi-devel-0.8-150600.15.15.1 * libavahi-gobject-devel-0.8-150600.15.15.1 * libhowl0-debuginfo-0.8-150600.15.15.1 * avahi-debuginfo-0.8-150600.15.15.1 * openSUSE Leap 15.6 (x86_64) * libavahi-glib1-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-common3-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-32bit-0.8-150600.15.15.1 * avahi-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-common3-32bit-0.8-150600.15.15.1 * libdns_sd-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-32bit-0.8-150600.15.15.1 * libdns_sd-32bit-0.8-150600.15.15.1 * openSUSE Leap 15.6 (noarch) * avahi-lang-0.8-150600.15.15.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libavahi-glib1-64bit-0.8-150600.15.15.1 * avahi-64bit-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-64bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-64bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-64bit-0.8-150600.15.15.1 * libdns_sd-64bit-0.8-150600.15.15.1 * libdns_sd-64bit-debuginfo-0.8-150600.15.15.1 * libavahi-common3-64bit-debuginfo-0.8-150600.15.15.1 * libavahi-common3-64bit-0.8-150600.15.15.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libavahi-glib-devel-0.8-150600.15.15.1 * libavahi-common3-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-debuginfo-0.8-150600.15.15.1 * avahi-0.8-150600.15.15.1 * libdns_sd-0.8-150600.15.15.1 * avahi-utils-debuginfo-0.8-150600.15.15.1 * libavahi-libevent1-debuginfo-0.8-150600.15.15.1 * libavahi-gobject0-0.8-150600.15.15.1 * avahi-debugsource-0.8-150600.15.15.1 * avahi-compat-howl-devel-0.8-150600.15.15.1 * libhowl0-0.8-150600.15.15.1 * libavahi-libevent1-0.8-150600.15.15.1 * libavahi-ui-gtk3-0-0.8-150600.15.15.1 * libavahi-common3-0.8-150600.15.15.1 * typelib-1_0-Avahi-0_6-0.8-150600.15.15.1 * libavahi-client3-0.8-150600.15.15.1 * avahi-utils-0.8-150600.15.15.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150600.15.15.1 * libdns_sd-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-0.8-150600.15.15.1 * libavahi-gobject0-debuginfo-0.8-150600.15.15.1 * avahi-compat-mDNSResponder-devel-0.8-150600.15.15.1 * libavahi-core7-0.8-150600.15.15.1 * avahi-glib2-debugsource-0.8-150600.15.15.1 * libavahi-core7-debuginfo-0.8-150600.15.15.1 * libavahi-client3-debuginfo-0.8-150600.15.15.1 * libavahi-devel-0.8-150600.15.15.1 * libhowl0-debuginfo-0.8-150600.15.15.1 * avahi-debuginfo-0.8-150600.15.15.1 * Basesystem Module 15-SP7 (noarch) * avahi-lang-0.8-150600.15.15.1 * Basesystem Module 15-SP7 (x86_64) * libavahi-common3-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-32bit-0.8-150600.15.15.1 * avahi-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-common3-32bit-0.8-150600.15.15.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * avahi-glib2-debugsource-0.8-150600.15.15.1 * avahi-autoipd-0.8-150600.15.15.1 * libavahi-gobject-devel-0.8-150600.15.15.1 * avahi-utils-gtk-debuginfo-0.8-150600.15.15.1 * avahi-debuginfo-0.8-150600.15.15.1 * avahi-autoipd-debuginfo-0.8-150600.15.15.1 * avahi-utils-gtk-0.8-150600.15.15.1 * avahi-debugsource-0.8-150600.15.15.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * avahi-debugsource-0.8-150600.15.15.1 * python3-avahi-0.8-150600.15.15.1 * avahi-debuginfo-0.8-150600.15.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24401.html * https://bugzilla.suse.com/show_bug.cgi?id=1257235 . Update for avahi resolves a moderate issue with potential remote access crashes via unsolicited responses.. SUSE, Avahi, Security Update, Remote Access, CVE-2026-24401. . LinuxSecurity.com Team
An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for micropython ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0050-1 Rating: low References: #1257803 Cross-References: CVE-2025-59438 CVE-2026-1998 CVSS scores: CVE-2025-59438 (SUSE): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for micropython fixes the following issues: - CVE-2026-1998: Fixed a segmentation fault in 'mp_map_lookup' via 'mp_import_all' (boo#1257803) - Version 1.26.1 * esp32: update esp_tinyusb component to v1.7.6 * tools: add an environment variable MICROPY_MAINTAINER_BUILD * esp32: add IDF Component Lockfiles to git repo * shared/tinyusb: fix hang from new tx_overwritabe_if_not_connected flag * shared/tinyusb/mp_usbd_cdc: rewrite USB CDC TX loop * tools/mpremote: don't apply Espressif DTR/RTS quirk to TinyUSB CDC dev - Fix building on single core systems * Skip tests/thread/stress_schedule.py when single core system detected - Build with mbedtls-3.6.5 instead of bundled 3.6.2 to fix CVE-2025-59438 - Version 1.26.0 * Added machine.I2CTarget for creating I2C target devices on multiple ports. * New MCU support: STM32N6xx (800 MHz, ML accel) and ESP32-C2 (WiFi + BLE). * Major float accuracy boost (~28% ~98%), constant folding in compiler. * Optimized native/Viper emitters; reduced heap use for slices. * Time functions standardized (1970 2099); new boards across ESP32, SAMD, STM32, Zephyr. * ESP32: ESP-IDF 5.4.2, flash auto-detect, PCNT class, LAN8670 PHY. * RP2: compressed errors, better lightsleep, hardIRQ timers. * Zephyr v4.0.0: PWM, SoftI2C/SPI, BLE runtime services, boot.py/main.py support. * mpremote adds fs tree, improved df, portable config paths. * Updated lwIP, LittleFS, libhydrogen, stm32lib; expanded hardware/CI tests. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-50=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 x86_64): micropython-1.26.1-bp157.5.1 mpy-tools-1.26.1-bp157.5.1 - openSUSE Backports SLE-15-SP7 (noarch): mpremote-1.26.1-bp157.5.1 References: https://www.suse.com/security/cve/CVE-2025-59438.html https://www.suse.com/security/cve/CVE-2026-1998.html https://bugzilla.suse.com/1257803 . Update for micropython resolves two identified issues in openSUSE 15, advising installation of security patches.. openSUSE micropython update low severity security patch CVE-2025-59438. . Severity: Low. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for iperf Announcement ID: SUSE-SU-2026:20295-1 Release Date: 2025-04-22T14:08:15Z Rating: moderate References: * bsc#1234705 Cross-References: * CVE-2024-53580 CVSS scores: * CVE-2024-53580 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-53580 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53580 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro Extras 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for iperf fixes the following issues: Update to 3.18 (bsc#1234705, CVE-2024-53580): * SECURITY NOTE: Thanks to Leonid Krolle Bi.Zone for discovering a JSON type security vulnerability that caused a segmentation fault in the server. (CVE-2024-53580) This has now been fixed. (PR#1810) * UDP packets per second now reports the correct number of packets, by reporting NET_SOFTERROR if there's a EAGAIN/EINTR errno if no data was sent (#1367/PR#1379). * Several segmentation faults related to threading were fixed. One where `pthread_cancel` was called on an improperly initialized thread (#1801), another where threads were being recycled (#1760/PR#1761), and another where threads were improperly handling signals (#1750/PR#1752). * A segmentation fault from calling `freeaddrinfo` with `NULL` was fixed (PR#1755). * Some JSON options were fixed, including checking the size for `json_read` (PR#1709), but the size limit was removed for received server output (PR#1779). * A rcv-timeout error has been fixed. The Nread timeout was hardcoded and timed out before the `--rcv-timeout` option * There is no longer a limit on the omit time period * Fixed an output crash under 32-bit big-endian systems * An issue was fixed where CPU utilization was unexpectedly highduring limited baud rate tests. The `--pacing-timer` option was removed, but it is still available in the library * Add SCTP information to `--json` output and fixed compile error when SCTP is not supported (#1731). * `--fq-rate` was changed from a uint to a uint64 to allow pacing above 32G. Not yet tested on big-endian systems * Build with OpenSSL for key based authentication support ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.0 zypper in -t patch SUSE-SLE-Micro-Extras-6.0-296=1 ## Package List: * SUSE Linux Micro Extras 6.0 (aarch64 ppc64le s390x x86_64) * libiperf0-debuginfo-3.18-1.1 * iperf-debugsource-3.18-1.1 * libiperf0-3.18-1.1 * iperf-debuginfo-3.18-1.1 * iperf-3.18-1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-53580.html * https://bugzilla.suse.com/show_bug.cgi?id=1234705 . Mitigate the JSON security flaw in iperf with this crucial SUSE update. Ensure system reliability and performance improvements.. iperf update,SUSE patch,security flaw resolution,network performance fix,SUSE Linux Micro. . LinuxSecurity.com Team
An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for micropython ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20199-1 Rating: low References: * bsc#1257803 Cross-References: * CVE-2026-1998 Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for micropython fixes the following issues: Changes in micropython: - CVE-2026-1998: Fixed segmentation fault in `mp_map_lookup` via `mp_import_all` (bsc#1257803). - Version 1.26.1 * esp32: update esp_tinyusb component to v1.7.6 * tools: add an environment variable MICROPY_MAINTAINER_BUILD * esp32: add IDF Component Lockfiles to git repo * shared/tinyusb: fix hang from new tx_overwritabe_if_not_connected flag * shared/tinyusb/mp_usbd_cdc: rewrite USB CDC TX loop * tools/mpremote: don't apply Espressif DTR/RTS quirk to TinyUSB CDC dev - Fix building on single core systems * Skip tests/thread/stress_schedule.py when single core system detected Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-122=1 Package List: - openSUSE Leap 16.0: micropython-1.26.1-bp160.1.1 mpremote-1.26.1-bp160.1.1 mpy-tools-1.26.1-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2026-1998.html . Install the latest openSUSE micropython update to resolve a segmentation fault issue and improve stability for users.. openSUSE, Micropython, Patch Update. . Severity: Low. LinuxSecurity.com Team
Two vulnerabilities have been addressed in DCMTK, a collection of libraries and applications implementing large parts of the DICOM standard for medical images. CVE-2025-14607 Possible memory corruption caused by illegal attributes in datasets which. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4443-1
An update that solves two vulnerabilities and has one errata is now available.. openSUSE Security Update: Security update for dcmtk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0005-1 Rating: moderate References: #1254123 #1255292 #1255464 Cross-References: CVE-2025-14607 CVE-2025-14841 Affected Products: openSUSE Backports SLE-15-SP6 openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for dcmtk fixes the following issues: - Update to 3.7.0. See docs/CHANGES.370 for the full list of changes * CVE-2025-14841: invalid messages may trigger a segmentation fault due to a NULL pointer dereference (boo#1255292). * CVE-2025-14607: manipulation to component dcmdata could lead to memory corruption (boo#1255464). - Avoid unnecessary dependencies (boo#1254123): Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-5=1 - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2026-5=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): dcmtk-3.7.0-bp157.3.6.1 dcmtk-debuginfo-3.7.0-bp157.3.6.1 dcmtk-debugsource-3.7.0-bp157.3.6.1 dcmtk-devel-3.7.0-bp157.3.6.1 libdcmtk20-3.7.0-bp157.3.6.1 libdcmtk20-debuginfo-3.7.0-bp157.3.6.1 - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): dcmtk-3.7.0-bp156.4.15.1 dcmtk-devel-3.7.0-bp156.4.15.1 libdcmtk20-3.7.0-bp156.4.15.1 References: https://www.suse.com/security/cve/CVE-2025-14607.html https://www.suse.com/security/cve/CVE-2025-14841.html https://bugzilla.suse.com/1254123 https://bugzilla.suse.com/1255292 https://bugzilla.suse.com/1255464 . An openSUSE Security Update for dcmtk addressing two vulnerabilities that could lead to memory issues and crashes.. openSUSE Security,dcmtool update,moderate risk,backports SLE. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.