Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves one vulnerability and contains one feature can now be installed.. # Security update for wicked Announcement ID: SUSE-SU-2026:2353-1 Release Date: 2026-06-10T14:55:06Z Rating: important References: * bsc#1265221 * jsc#PED-1942 Cross-References: * CVE-2026-44932 CVSS scores: * CVE-2026-44932 ( SUSE ): 5.8 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H * CVE-2026-44932 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for wicked fixes the following issues: * CVE-2026-44932: Fixed indirect remote shell command injection via unsanitized DHCP options (bsc#1265221). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-2353=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-2353=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2353=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2353=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2353=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patchSUSE-SLE-Product-SLES_SAP-15-SP5-2026-2353=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * wicked-debugsource-0.6.79-150500.3.42.1 * wicked-nbft-0.6.79-150500.3.42.1 * wicked-0.6.79-150500.3.42.1 * wicked-debuginfo-0.6.79-150500.3.42.1 * wicked-service-0.6.79-150500.3.42.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * wicked-0.6.79-150500.3.42.1 * wicked-service-0.6.79-150500.3.42.1 * wicked-debugsource-0.6.79-150500.3.42.1 * wicked-debuginfo-0.6.79-150500.3.42.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * wicked-debugsource-0.6.79-150500.3.42.1 * wicked-nbft-0.6.79-150500.3.42.1 * wicked-0.6.79-150500.3.42.1 * wicked-debuginfo-0.6.79-150500.3.42.1 * wicked-service-0.6.79-150500.3.42.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * wicked-debugsource-0.6.79-150500.3.42.1 * wicked-nbft-0.6.79-150500.3.42.1 * wicked-0.6.79-150500.3.42.1 * wicked-debuginfo-0.6.79-150500.3.42.1 * wicked-service-0.6.79-150500.3.42.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * wicked-debugsource-0.6.79-150500.3.42.1 * wicked-nbft-0.6.79-150500.3.42.1 * wicked-0.6.79-150500.3.42.1 * wicked-debuginfo-0.6.79-150500.3.42.1 * wicked-service-0.6.79-150500.3.42.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * wicked-debugsource-0.6.79-150500.3.42.1 * wicked-nbft-0.6.79-150500.3.42.1 * wicked-0.6.79-150500.3.42.1 * wicked-debuginfo-0.6.79-150500.3.42.1 * wicked-service-0.6.79-150500.3.42.1 ## References: * https://www.suse.com/security/cve/CVE-2026-44932.html * https://bugzilla.suse.com/show_bug.cgi?id=1265221 * https://jira.suse.com/browse/PED-1942 . An important security update for wicked addresses a remote command injection flaw. Install to enhance system safety.. SUSE Wicked Update, Remote Command Injection,OpenSUSE Security. . Severity: Important. LinuxSecurity.com Team
A vulnerability has been discovered in YAML-LibYAML, which can lead to shell injection.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202506-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: YAML-LibYAML: Shell injection Date: June 12, 2025 Bugs: #949498 ID: 202506-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in YAML-LibYAML, which can lead to shell injection. Background ========== YAML-LibYAML provides YAML Serialization using XS and libyaml for Perl. Affected packages ================= Package Vulnerable Unaffected --------------------- ------------ ------------ dev-perl/YAML-LibYAML < 0.903.0 > = 0.903.0 Description =========== YAML-LibYAML uses the legacy '2-arg' open() call which is susceptible to shell injection via malicious filenames. Impact ====== Shell injection may be used to execute arbitrary code using a malicious filename. Workaround ========== There is no known workaround at this time. Resolution ========== All YAML-LibYAML users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-perl/YAML-LibYAML-0.903.0" References ========== [ 1 ] CVE-2025-40908 https://nvd.nist.gov/vuln/detail/CVE-2025-40908 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202506-11 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
A vulnerability has been discovered in File-Find-Rule, which can lead to shell injection.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202506-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: File-Find-Rule: Shell Injection Date: June 12, 2025 Bugs: #957182 ID: 202506-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in File-Find-Rule, which can lead to shell injection. Background ========== File-Find-Rule is an alternative interface to File::Find. Affected packages ================= Package Vulnerable Unaffected ----------------------- ------------ ------------ dev-perl/File-Find-Rule < 0.350.0 > = 0.350.0 Description =========== File-Find-Rule uses the legacy '2-arg' open() call which is susceptible to shell injection via malicious filenames. Impact ====== Shell injection may be used to execute arbitrary code using a malicious filename. Workaround ========== There is no known workaround at this time. Resolution ========== All File-Find-Rule users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-perl/File-Find-Rule-0.350.0" References ========== [ 1 ] CVE-2011-10007 https://nvd.nist.gov/vuln/detail/CVE-2011-10007 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202506-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-2130 http://linux.oracle.com/errata/ELSA-2025-2130.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: emacs-24.3-23.0.1.el7_9.1.x86_64.rpm emacs-common-24.3-23.0.1.el7_9.1.x86_64.rpm emacs-el-24.3-23.0.1.el7_9.1.noarch.rpm emacs-filesystem-24.3-23.0.1.el7_9.1.noarch.rpm emacs-nox-24.3-23.0.1.el7_9.1.x86_64.rpm emacs-terminal-24.3-23.0.1.el7_9.1.noarch.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//emacs-24.3-23.0.1.el7_9.1.src.rpm Related CVEs: CVE-2025-1244 Description of changes: [1:24.3-23.0.1.1] - Fix CVE-2025-1244 man.el shell injection vulnerability [Orabug: 37658579] _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-1917 http://linux.oracle.com/errata/ELSA-2025-1917.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: emacs-26.1-13.el8_10.x86_64.rpm emacs-common-26.1-13.el8_10.x86_64.rpm emacs-filesystem-26.1-13.el8_10.noarch.rpm emacs-lucid-26.1-13.el8_10.x86_64.rpm emacs-nox-26.1-13.el8_10.x86_64.rpm emacs-terminal-26.1-13.el8_10.noarch.rpm aarch64: emacs-26.1-13.el8_10.aarch64.rpm emacs-common-26.1-13.el8_10.aarch64.rpm emacs-filesystem-26.1-13.el8_10.noarch.rpm emacs-lucid-26.1-13.el8_10.aarch64.rpm emacs-nox-26.1-13.el8_10.aarch64.rpm emacs-terminal-26.1-13.el8_10.noarch.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates//emacs-26.1-13.el8_10.src.rpm Related CVEs: CVE-2025-1244 Description of changes: [1:26.1-13] - Fix man.el shell injection vulnerability (RHEL-79016) _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-1915 http://linux.oracle.com/errata/ELSA-2025-1915.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: emacs-27.2-11.el9_5.1.x86_64.rpm emacs-common-27.2-11.el9_5.1.x86_64.rpm emacs-filesystem-27.2-11.el9_5.1.noarch.rpm emacs-lucid-27.2-11.el9_5.1.x86_64.rpm emacs-nox-27.2-11.el9_5.1.x86_64.rpm aarch64: emacs-27.2-11.el9_5.1.aarch64.rpm emacs-common-27.2-11.el9_5.1.aarch64.rpm emacs-filesystem-27.2-11.el9_5.1.noarch.rpm emacs-lucid-27.2-11.el9_5.1.aarch64.rpm emacs-nox-27.2-11.el9_5.1.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol9/SRPMS-updates//emacs-27.2-11.el9_5.1.src.rpm Related CVEs: CVE-2025-1244 Description of changes: [1:27.2-11.1] - Eliminate use of obsolete patch syntax (RHEL-80443) [1:27.2-11] - Fix man.el shell injection vulnerability (RHEL-79025) _______________________________________________ El-errata mailing list
New emacs packages are available for Slackware 15.0 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] emacs (SSA:2025-057-01) New emacs packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/emacs-30.1-i586-1_slack15.0.txz: Upgraded. This update fixes two security issues: Fix shell injection vulnerability in man.el (CVE-2025-1244). New user option 'trusted-content' to allow potentially dangerous features. This option lists those files and directories whose content Emacs should consider as sufficiently trusted to run any part of the code contained therein even without any explicit user request. For example, Flymake's backend for Emacs Lisp consults this option and disables itself with an "untrusted content" warning if the file is not listed. Emacs Lisp authors should note that a major or minor mode must never set this option to the ':all' value. This option is used to fix CVE-2024-53920. Thanks to pbslxw for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2025-1244 https://www.cve.org/CVERecord?id=CVE-2024-53920 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/emacs-30.1-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/emacs-30.1-x86_64-1_slack15.0.txz Updated package for Slackware-current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/e/emacs-30.1-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/e/emacs-30.1-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 7f9a4dee990732eaf086f6d90906a05a emacs-30.1-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 68c8414823407b3eb297ef3434e04674 emacs-30.1-x86_64-1_slack15.0.txz Slackware -current package: 30407fb50cf96c95b660e4aafcbbc909 e/emacs-30.1-i686-1.txz Slackware x86_64 -current package: 293c63e33dbaaf457c83545012a91ccb e/emacs-30.1-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg emacs-30.1-i586-1_slack15.0.txz +-----+ . Recent updates to emacs packages for Slackware address major security vulnerabilities, significantly bolstering the safety and stability of the system.. Emacs Shell Injection, Slackware Security Update, Trusted Content, Security Patch. . Severity: Critical. LinuxSecurity.com Team
* bsc#1237091 Cross-References: * CVE-2025-1244 . # Security update for emacs Announcement ID: SUSE-SU-2025:0589-1 Release Date: 2025-02-19T10:31:31Z Rating: important References: * bsc#1237091 Cross-References: * CVE-2025-1244 CVSS scores: * CVE-2025-1244 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-1244 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-1244 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for emacs fixes the following issues: * CVE-2025-1244: improper handling of custom "man" URI schemes allow for shell command injections. (bsc#1237091) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-589=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-589=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-589=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-589=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * etags-debuginfo-25.3-150000.3.25.3 * emacs-debugsource-25.3-150000.3.25.3 * emacs-x11-debuginfo-25.3-150000.3.25.3 *emacs-nox-debuginfo-25.3-150000.3.25.3 * emacs-nox-25.3-150000.3.25.3 * emacs-25.3-150000.3.25.3 * etags-25.3-150000.3.25.3 * emacs-debuginfo-25.3-150000.3.25.3 * emacs-x11-25.3-150000.3.25.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * emacs-info-25.3-150000.3.25.3 * emacs-el-25.3-150000.3.25.3 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * etags-debuginfo-25.3-150000.3.25.3 * emacs-debugsource-25.3-150000.3.25.3 * emacs-x11-debuginfo-25.3-150000.3.25.3 * emacs-nox-debuginfo-25.3-150000.3.25.3 * emacs-nox-25.3-150000.3.25.3 * emacs-25.3-150000.3.25.3 * etags-25.3-150000.3.25.3 * emacs-debuginfo-25.3-150000.3.25.3 * emacs-x11-25.3-150000.3.25.3 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * emacs-info-25.3-150000.3.25.3 * emacs-el-25.3-150000.3.25.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * etags-debuginfo-25.3-150000.3.25.3 * emacs-debugsource-25.3-150000.3.25.3 * emacs-x11-debuginfo-25.3-150000.3.25.3 * emacs-nox-debuginfo-25.3-150000.3.25.3 * emacs-nox-25.3-150000.3.25.3 * emacs-25.3-150000.3.25.3 * etags-25.3-150000.3.25.3 * emacs-debuginfo-25.3-150000.3.25.3 * emacs-x11-25.3-150000.3.25.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * emacs-info-25.3-150000.3.25.3 * emacs-el-25.3-150000.3.25.3 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * etags-debuginfo-25.3-150000.3.25.3 * emacs-debugsource-25.3-150000.3.25.3 * emacs-x11-debuginfo-25.3-150000.3.25.3 * emacs-nox-debuginfo-25.3-150000.3.25.3 * emacs-nox-25.3-150000.3.25.3 * emacs-25.3-150000.3.25.3 * etags-25.3-150000.3.25.3 * emacs-debuginfo-25.3-150000.3.25.3 * emacs-x11-25.3-150000.3.25.3 * SUSE Enterprise Storage 7.1 (noarch) * emacs-info-25.3-150000.3.25.3 * emacs-el-25.3-150000.3.25.3 ## References: *https://www.suse.com/security/cve/CVE-2025-1244.html * https://bugzilla.suse.com/show_bug.cgi?id=1237091 . Crucial patch released addressing vulnerabilities related to shell command injections in Emacs. Recommended installation through SUSE's standard procedures.. Emacs Security, SUSE Updates, Shell Injection Fix, Software Patches. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.