Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
202
security advisorycriticalOpenSUSEopenSUSE go1.25 Critical Security Patch CVE-2025-61732 CVE-2025-68121
An update that solves two vulnerabilities and has one security fix can now be installed.. # Security update for go1.25 Announcement ID: SUSE-SU-2026:0427-1 Release Date: 2026-02-11T08:32:27Z Rating: critical References: * bsc#1244485 * bsc#1256818 * bsc#1257692 Cross-References: * CVE-2025-61732 * CVE-2025-68121 CVSS scores: * CVE-2025-61732 ( SUSE ): 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-61732 ( SUSE ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-61732 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-68121 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-68121 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-68121 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-68121 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for go1.25 fixes the following issues: Update to version 1.25.7. Security issues fixed: * CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692). * CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). Other updates and bugfixes: * version update to 1.25.7: * go#75844 cmd/compile: OOM killed on linux/arm64 * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs * go#77425 crypto/tls: CL 737700 broke session resumption on macOS ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-427=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-427=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-427=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-427=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-427=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-427=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-427=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-427=1 * SUSELinux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-427=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-427=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-427=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-427=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * go1.25-race-1.25.7-150000.1.29.1 * go1.25-1.25.7-150000.1.29.1 * go1.25-doc-1.25.7-150000.1.29.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * go1.25-race-1.25.7-150000.1.29.1 * go1.25-1.25.7-150000.1.29.1 * go1.25-doc-1.25.7-150000.1.29.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * go1.25-race-1.25.7-150000.1.29.1 * go1.25-1.25.7-150000.1.29.1 * go1.25-doc-1.25.7-150000.1.29.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * go1.25-race-1.25.7-150000.1.29.1 * go1.25-1.25.7-150000.1.29.1 * go1.25-doc-1.25.7-150000.1.29.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * go1.25-race-1.25.7-150000.1.29.1 * go1.25-1.25.7-150000.1.29.1 * go1.25-doc-1.25.7-150000.1.29.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * go1.25-race-1.25.7-150000.1.29.1 * go1.25-1.25.7-150000.1.29.1 * go1.25-doc-1.25.7-150000.1.29.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * go1.25-race-1.25.7-150000.1.29.1 * go1.25-1.25.7-150000.1.29.1 * go1.25-doc-1.25.7-150000.1.29.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * go1.25-race-1.25.7-150000.1.29.1 * go1.25-1.25.7-150000.1.29.1 * go1.25-doc-1.25.7-150000.1.29.1 * SUSE Linux Enterprise Server 15 SP4 LTSS(aarch64 ppc64le s390x x86_64) * go1.25-race-1.25.7-150000.1.29.1 * go1.25-1.25.7-150000.1.29.1 * go1.25-doc-1.25.7-150000.1.29.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-race-1.25.7-150000.1.29.1 * go1.25-1.25.7-150000.1.29.1 * go1.25-doc-1.25.7-150000.1.29.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-race-1.25.7-150000.1.29.1 * go1.25-1.25.7-150000.1.29.1 * go1.25-doc-1.25.7-150000.1.29.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * go1.25-race-1.25.7-150000.1.29.1 * go1.25-1.25.7-150000.1.29.1 * go1.25-doc-1.25.7-150000.1.29.1 ## References: * https://www.suse.com/security/cve/CVE-2025-61732.html * https://www.suse.com/security/cve/CVE-2025-68121.html * https://bugzilla.suse.com/show_bug.cgi?id=1244485 * https://bugzilla.suse.com/show_bug.cgi?id=1256818 * https://bugzilla.suse.com/show_bug.cgi?id=1257692 . Install the latest critical update for go1.25 in openSUSE addressing two security issues to enhance protection.. openSUSE security update, go1.25 critical patch, security issues, SUSE vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Feb 11, 2026
•Critical
OpenSUSE
89
security advisoryfedoracriticalFedora 43: Critical Issue in RNP Session Key Decryption Found
Version 0.18.1 Security Fixed critical issue where PKESK (public-key encrypted) session keys were generated as all-zero, allowing trivial decryption of messages encrypted with public keys only (CVE-2025-13470, CVE-2025-13402). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-a96ccc98ca 2025-11-29 16:43:28.332695+00:00 -------------------------------------------------------------------------------- Name : rnp Product : Fedora 43 Version : 0.18.1 Release : 1.fc43 URL : https://github.com/rnpgp/rnp Summary : OpenPGP (RFC4880) tools Description : RNP is a set of OpenPGP (RFC4880) tools. -------------------------------------------------------------------------------- Update Information: Version 0.18.1 Security Fixed critical issue where PKESK (public-key encrypted) session keys were generated as all-zero, allowing trivial decryption of messages encrypted with public keys only (CVE-2025-13470, CVE-2025-13402) -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2025 Remi Collet - 0.18.1-1 - update to 0.18.1 for CVE-2025-13402 - disable gpg check reported as https://github.com/rnpgp/rnp/issues/2375 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2415870 - CVE-2025-13402 rnp: RNP PKESK Session Keys Generated as All\u2011Zero [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2415870 [ 2 ] Bug #2417035 - CVE-2025-13470 rnp: RNP: Confidentiality compromise due to uninitialized symmetric session key in Public-Key Encrypted Session Key (PKESK) packets [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2417035 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-a96ccc98ca' at the command line. For more information, refer to the dnf documentationavailable at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Critical security fix in Fedora 43 rnp addresses key generation flaws allowing decryption of messages.. Fedora 43,rnp,security fix,PKESK,openpgp. . Severity: Critical. LinuxSecurity.com Team
Nov 29, 2025
•Critical
Fedora
89
security advisoryupdateFedoraFedora 42: 2025-853e37285c critical: flask session signing issue
Update to flask-3.1.1.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-853e37285c 2025-05-30 01:14:13.237014+00:00 -------------------------------------------------------------------------------- Name : mingw-python-flit-core Product : Fedora 42 Version : 3.12.0 Release : 1.fc42 URL : https://pypi.org/project/flit-core/ Summary : MinGW Python flit_core library Description : MinGW Python flit_core library. -------------------------------------------------------------------------------- Update Information: Update to flask-3.1.1. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 28 2025 Sandro Mani - 3.12.0-1 - Update to 3.12.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2366239 - CVE-2025-47278 mingw-python-flask: Flask Session Signing Fallback Key Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366239 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-853e37285c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 30, 2025
•Critical
Fedora
203
security advisorysession keytls issueMageia 7: MGASA-2020-0268 Critical: GnuTLS Session Key Issue
Updated gnutls packages fix security vulnerability: It was found that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application . MGASA-2020-0268 - Updated gnutls packages fix security vulnerability Publication date: 20 Jun 2020 URL: https://advisories.mageia.org/MGASA-2020-0268.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-13777 Updated gnutls packages fix security vulnerability: It was found that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a MitM attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (CVE-2020-13777). References: - https://bugs.mageia.org/show_bug.cgi?id=26749 - https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03 - https://www.cve.org/CVERecord?id=CVE-2020-13777 SRPMS: - 7/core/gnutls-3.6.14-1.mga7 . OpenSSL patch resolves an SSL/TLS protocol vulnerability which leads to a session key issue. This could enable MitM (Man in the Middle) exploitation.. gnutls, session key, Mageia security advisory. . Severity: Critical. LinuxSecurity.com Team
Jun 20, 2020
•Critical
Mageia
89
security advisoryfedorasoftware patchFedora 26: libICE Update Moderate: Session Key Weakness Fix
Security fix for CVE-2017-2626. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-7ac378e011 2017-04-01 16:46:19.651086 -------------------------------------------------------------------------------- Name : libICE Product : Fedora 26 Version : 1.0.9 Release : 8.fc26 URL : https://www.x.org/wiki/ Summary : X.Org X11 ICE runtime library Description : The X.Org X11 ICE (Inter-Client Exchange) runtime library. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-2626 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1427715 - CVE-2017-2626 libICE: weak entropy usage in session keys [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1427715 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade libICE' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Apr 01, 2017
•Important
Fedora
89
security advisorysecurity issueFedoraFedora 26: Security Advisory for libXdmcp Update on Session Key Entropy
Security fix for CVE-2017-2625. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-09f65e5e00 2017-04-01 16:46:19.651051 -------------------------------------------------------------------------------- Name : libXdmcp Product : Fedora 26 Version : 1.1.2 Release : 5.fc26 URL : https://www.x.org/wiki/ Summary : X Display Manager Control Protocol library Description : X Display Manager Control Protocol library. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-2625 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1427716 - CVE-2017-2625 libXdmcp: weak entropy usage for session keys [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1427716 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade libXdmcp' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Apr 01, 2017
•Important
Fedora
89
security advisoryfedoracriticalFedora 24: Security Advisory for libXdmcp Critical Session Key Issue
Security fix for CVE-2017-2625. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-bcb1999e65 2017-03-05 17:28:15.511158 -------------------------------------------------------------------------------- Name : libXdmcp Product : Fedora 24 Version : 1.1.2 Release : 5.fc24 URL : https://www.x.org/wiki/ Summary : X Display Manager Control Protocol library Description : X Display Manager Control Protocol library. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-2625 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1427716 - CVE-2017-2625 libXdmcp: weak entropy usage for session keys [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1427716 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade libXdmcp' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Mar 05, 2017
•Critical
Fedora
89
security advisoryFedorasession keyFedora 25: Essential Security Patch for libICE CVE-2017-2626 - Entropy Flaw
Security fix for CVE-2017-2626. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-c02eb668a7 2017-03-03 17:05:44.333653 -------------------------------------------------------------------------------- Name : libICE Product : Fedora 25 Version : 1.0.9 Release : 8.fc25 URL : https://www.x.org/wiki/ Summary : X.Org X11 ICE runtime library Description : The X.Org X11 ICE (Inter-Client Exchange) runtime library. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-2626 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1427715 - CVE-2017-2626 libICE: weak entropy usage in session keys [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1427715 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade libICE' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Mar 03, 2017
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!