Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves 13 vulnerabilities can now be installed.. # Security update for apache2 Announcement ID: SUSE-SU-2026:2759-1 Release Date: 2026-07-06T02:04:25Z Rating: important References: * bsc#1267503 * bsc#1267955 * bsc#1267956 * bsc#1267962 * bsc#1267963 * bsc#1267965 * bsc#1267969 * bsc#1267970 * bsc#1267971 * bsc#1267972 * bsc#1267976 * bsc#1267977 * bsc#1267978 Cross-References: * CVE-2026-29167 * CVE-2026-29170 * CVE-2026-34355 * CVE-2026-34356 * CVE-2026-42535 * CVE-2026-42536 * CVE-2026-43951 * CVE-2026-44119 * CVE-2026-44185 * CVE-2026-44186 * CVE-2026-44631 * CVE-2026-48913 * CVE-2026-49975 CVSS scores: * CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29167 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-29170 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42535 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-42535 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-42536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42536( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43951 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-43951 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-44119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44119 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44185 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44186 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-44186 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44631 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-44631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-48913 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48913 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-49975 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H AffectedProducts: * Basesystem Module 15-SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for apache2 fixes the following issues * CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976). * CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977). * CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978). * CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955). * CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956). * CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962). * CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963). * CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965). * CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969). * CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of service (bsc#1267970). * CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971). * CVE-2026-48913: file handle exhaustion during request processing in mod_http2 can lead to a use-after-free (bsc#1267972). * CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2759=1 * Basesystem Module15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2759=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-2759=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * apache2-prefork-2.4.66-150700.4.23.1 * apache2-debuginfo-2.4.66-150700.4.23.1 * apache2-prefork-debuginfo-2.4.66-150700.4.23.1 * apache2-prefork-debugsource-2.4.66-150700.4.23.1 * apache2-2.4.66-150700.4.23.1 * apache2-debugsource-2.4.66-150700.4.23.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * apache2-utils-debuginfo-2.4.66-150700.4.23.1 * apache2-worker-debuginfo-2.4.66-150700.4.23.1 * apache2-worker-2.4.66-150700.4.23.1 * apache2-worker-debugsource-2.4.66-150700.4.23.1 * apache2-devel-2.4.66-150700.4.23.1 * apache2-utils-2.4.66-150700.4.23.1 * apache2-utils-debugsource-2.4.66-150700.4.23.1 * Server Applications Module 15-SP7 (noarch) * apache2-manual-2.4.66-150700.4.23.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * apache2-event-debugsource-2.4.66-150700.4.23.1 * apache2-event-2.4.66-150700.4.23.1 * apache2-event-debuginfo-2.4.66-150700.4.23.1 ## References: * https://www.suse.com/security/cve/CVE-2026-29167.html * https://www.suse.com/security/cve/CVE-2026-29170.html * https://www.suse.com/security/cve/CVE-2026-34355.html * https://www.suse.com/security/cve/CVE-2026-34356.html * https://www.suse.com/security/cve/CVE-2026-42535.html * https://www.suse.com/security/cve/CVE-2026-42536.html * https://www.suse.com/security/cve/CVE-2026-43951.html * https://www.suse.com/security/cve/CVE-2026-44119.html * https://www.suse.com/security/cve/CVE-2026-44185.html * https://www.suse.com/security/cve/CVE-2026-44186.html * https://www.suse.com/security/cve/CVE-2026-44631.html * https://www.suse.com/security/cve/CVE-2026-48913.html * https://www.suse.com/security/cve/CVE-2026-49975.html *https://bugzilla.suse.com/show_bug.cgi?id=1267503 * https://bugzilla.suse.com/show_bug.cgi?id=1267955 * https://bugzilla.suse.com/show_bug.cgi?id=1267956 * https://bugzilla.suse.com/show_bug.cgi?id=1267962 * https://bugzilla.suse.com/show_bug.cgi?id=1267963 * https://bugzilla.suse.com/show_bug.cgi?id=1267965 * https://bugzilla.suse.com/show_bug.cgi?id=1267969 * https://bugzilla.suse.com/show_bug.cgi?id=1267970 * https://bugzilla.suse.com/show_bug.cgi?id=1267971 * https://bugzilla.suse.com/show_bug.cgi?id=1267972 * https://bugzilla.suse.com/show_bug.cgi?id=1267976 * https://bugzilla.suse.com/show_bug.cgi?id=1267977 * https://bugzilla.suse.com/show_bug.cgi?id=1267978 . This SUSE security update addresses 13 important vulnerabilities in Apache2, enhancing system protection and integrity.. SUSE security Apache2 vulnerabilities update. . Severity: Important. LinuxSecurity.com Team
7-zip 26.02 Some bugs and vulnerabilities were fixed.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-7eaa63bea6 2026-07-04 01:06:18.979289+00:00 -------------------------------------------------------------------------------- Name : 7zip Product : Fedora 43 Version : 26.02 Release : 1.fc43 URL : https://7-zip.org Summary : A file archiver Description : 7-Zip is a file archiver with a high compression ratio. The main features of 7-Zip are: * High compression ratio in 7z format with LZMA and LZMA2 compression * Supported formats: * Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM * Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT, GPT, HFS, IHEX, ISO, LZH, LZMA, MBR, MSI, NSIS, NTFS, QCOW2, RPM, SquashFS, UDF, UEFI, VDI, VHD, VMDK, WIM, XAR and Z. * For ZIP and GZIP formats, 7-Zip provides a compression ratio that is 2-10 % better than the ratio provided by PKZip and WinZip * Strong AES-256 encryption in 7z and ZIP formats * Powerful command line version -------------------------------------------------------------------------------- Update Information: 7-zip 26.02 Some bugs and vulnerabilities were fixed. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 1 2026 Michel Lind - 26.02-1 - Update to version 26.02; Resolves: rhbz#2493347 * Wed Jul 1 2026 Michel Lind - 26.01-2 - Load 7z.so from a fixed libexec path instead of deriving it from argv[0] - Resolves: rhbz#2491337 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2491337 - 7-zip under the root account cannot extract RAR archives https://bugzilla.redhat.com/show_bug.cgi?id=2491337 [ 2 ] Bug #2493347 - 7zip-26.02 is available https://bugzilla.redhat.com/show_bug.cgi?id=2493347 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-7eaa63bea6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that solves one vulnerability can now be installed.. # Security update for ldns Announcement ID: SUSE-SU-2026:22167-1 Release Date: 2026-06-18T21:04:53Z Rating: important References: * bsc#1267670 Cross-References: * CVE-2026-10846 CVSS scores: * CVE-2026-10846 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-10846 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-10846 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-10846 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for ldns fixes the following issue * CVE-2026-10846: when ldns is used by applications for (stub) resolving, it does not sufficiently verify that received responses belong to a sent query (bsc#1267670). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-958=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-958=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * perl-DNS-LDNS-debuginfo-1.8.4-160000.3.1 * libldns3-debuginfo-1.8.4-160000.3.1 * ldns-debuginfo-1.8.4-160000.3.1 * ldns-debugsource-1.8.4-160000.3.1 * ldns-1.8.4-160000.3.1 * python3-ldns-1.8.4-160000.3.1 * perl-DNS-LDNS-1.8.4-160000.3.1 * libldns3-1.8.4-160000.3.1 * python3-ldns-debuginfo-1.8.4-160000.3.1 *ldns-devel-1.8.4-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * perl-DNS-LDNS-debuginfo-1.8.4-160000.3.1 * libldns3-debuginfo-1.8.4-160000.3.1 * ldns-debuginfo-1.8.4-160000.3.1 * ldns-debugsource-1.8.4-160000.3.1 * ldns-1.8.4-160000.3.1 * python3-ldns-1.8.4-160000.3.1 * perl-DNS-LDNS-1.8.4-160000.3.1 * libldns3-1.8.4-160000.3.1 * python3-ldns-debuginfo-1.8.4-160000.3.1 * ldns-devel-1.8.4-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-10846.html * https://bugzilla.suse.com/show_bug.cgi?id=1267670 . An important update for ldns resolves a security issue. Installation via SUSE recommended methods is advised.. SUSE security update, ldns patch, software vulnerability fix. . Severity: Important. LinuxSecurity.com Team
uriparser could be made to crash if it received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-8409-1 June 09, 2026 uriparser vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: uriparser could be made to crash if it received specially crafted input. Software Description: - uriparser: Strictly RFC 3986 compliant URI parsing library Details: It was discovered that uriparser incorrectly handled certain URI strings. An attacker could possibly use this issue to cause uriparser to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS liburiparser1 0.9.7+dfsg-2ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 22.04 LTS liburiparser1 0.9.6+dfsg-1ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS liburiparser1 0.9.3-2ubuntu0.1~esm4 Available with Ubuntu Pro Ubuntu 18.04 LTS liburiparser1 0.8.4-1+deb9u2ubuntu0.1+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS liburiparser1 0.8.4-1ubuntu0.16.04.1~esm5 Available with Ubuntu Pro Ubuntu 14.04 LTS liburiparser1 0.7.5-1ubuntu2+esm5 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8409-1 CVE-2025-67899 . Emergency update for Ubuntu addressing a critical uriparser issue that could cause crashing and denial ofservice.. Ubuntu Security, Denial of Service, uriparser Issue, System Update, RFC Compliance. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # ggml-devel-9500-1.1 on GA media Announcement ID: openSUSE-SU-2026:10961-1 Rating: moderate Cross-References: * CVE-2026-21869 Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the ggml-devel-9500-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * ggml-devel 9500-1.1 * libggml-base0 9500-1.1 * libggml-cpu 9500-1.1 * libggml-opencl 9500-1.1 * libggml-vulkan 9500-1.1 * libggml0 9500-1.1 * libllama-common0 9500-1.1 * libllama0 9500-1.1 * libmtmd0 9500-1.1 * llamacpp 9500-1.1 * llamacpp-devel 9500-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21869.html . Discover updates addressing security in openSUSE Tumbleweed's ggml-devel package. Dive into the details now.. openSUSE Tumbleweed,general package updates,security issues,software vulnerabilities. . Severity: moderate. LinuxSecurity.com Team
Kea DHCP could be made to crash if it received specially crafted messages.. ========================================================================== Ubuntu Security Notice USN-8403-1 June 08, 2026 isc-kea vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS Summary: Kea DHCP could be made to crash if it received specially crafted messages. Software Description: - isc-kea: Standards-based DHCP server Details: Ali Norouzi discovered that Kea DHCP did not properly handle maliciously crafted messages over configured API sockets and HA listeners. A remote attacker could possibly use this issue to cause Kea DHCP to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 kea-admin 2.6.3-2ubuntu0.1 kea-common 2.6.3-2ubuntu0.1 kea-dhcp-ddns-server 2.6.3-2ubuntu0.1 kea-dhcp4-server 2.6.3-2ubuntu0.1 kea-dhcp6-server 2.6.3-2ubuntu0.1 Ubuntu 24.04 LTS kea-admin 2.4.1-3ubuntu0.2 kea-common 2.4.1-3ubuntu0.2 kea-dhcp-ddns-server 2.4.1-3ubuntu0.2 kea-dhcp4-server 2.4.1-3ubuntu0.2 kea-dhcp6-server 2.4.1-3ubuntu0.2 After a standard system update you may need to restart Kea DHCP server instances to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8403-1 CVE-2026-3608 Package Information: https://launchpad.net/ubuntu/+source/isc-kea/2.6.3-2ubuntu0.1 https://launchpad.net/ubuntu/+source/isc-kea/2.4.1-3ubuntu0.2 . Kea DHCP has a significant issue where crafted messages can cause crashes, impacting service availability. Update recommended.. Kea DHCP Denial of Service, Ubuntu Security Notice, isc-kea vulnerability, Update Required, SoftwareIssue. . Severity: Important. LinuxSecurity.com Team
An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed.. openSUSE security update: security update for python-pip ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20880-1 Rating: moderate References: * bsc#1262429 * bsc#1263442 Cross-References: * CVE-2026-1703 * CVE-2026-3219 * CVE-2026-6357 CVSS scores: * CVE-2026-1703 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-1703 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3219 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-3219 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-6357 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N * CVE-2026-6357 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed. Description: This update for python-pip fixes the following issues: - CVE-2026-3219: concatenated tar and ZIP files are handled as ZIP files, resulting in possibly obfuscated malicious code (bsc#1262429). - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation, resulting in potential arbitrary code execution (bsc#1263442). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-872=1 Package List: - openSUSE Leap 16.0: python313-pip-25.0.1-160000.4.1 python313-pip-wheel-25.0.1-160000.4.1 References: * https://www.suse.com/security/cve/CVE-2026-1703.html * https://www.suse.com/security/cve/CVE-2026-3219.html *https://www.suse.com/security/cve/CVE-2026-6357.html . Update for python-pip on openSUSE addresses three issues, allowing installation of both security and bug fix patches.. openSUSE Update, Python Pip Security, Vulnerability Fixes, Software Patch Management, Open Source Security. . Severity: moderate. LinuxSecurity.com Team
Several security issues were fixed in FRR.. ========================================================================== Ubuntu Security Notice USN-8376-1 June 03, 2026 frr vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in FRR. Software Description: - frr: FRRouting suite of internet protocols Details: It was discovered that FRR incorrectly handled certain OSPF Traffic Engineering and Segment Routing TLVs. An attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. (CVE-2026-28532) It was discovered that FRR incorrectly handled certain BGP FlowSpec components. An attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. (CVE-2026-37457) It was discovered that FRR did not properly validate certain MP_REACH_NLRI messages. An authenticated user could possibly use this issue to cause FRR to crash, resulting in a denial of service. (CVE-2026-37458) It was discovered that FRR incorrectly handled processing certain BGP UPDATE messages. An attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. This issue only affected Ubuntu 25.04 and Ubuntu 25.10. (CVE-2026-37459) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS frr 10.5.1-1ubuntu4.1 Ubuntu 25.10 frr 10.4.1-3ubuntu1.4 Ubuntu 24.04 LTS frr 8.4.4-1.1ubuntu6.7 Ubuntu 22.04 LTS frr 8.1-1ubuntu1.16 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8376-1 CVE-2026-28532, CVE-2026-37457, CVE-2026-37458, CVE-2026-37459 Package Information: https://launchpad.net/ubuntu/+source/frr/10.5.1-1ubuntu4.1 https://launchpad.net/ubuntu/+source/frr/10.4.1-3ubuntu1.4 https://launchpad.net/ubuntu/+source/frr/8.4.4-1.1ubuntu6.7 https://launchpad.net/ubuntu/+source/frr/8.1-1ubuntu1.16 . Critical updates for security issues in FRRouting (FRR) across multiple Ubuntu releases. Ensure your systems are protected!. FRRouting, Ubuntu security, denial of service, software update, security advisory. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.