Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 264 articles for you...
100

SUSE Apache2 Important Security Issues Addressed 2026-2759-1

An update that solves 13 vulnerabilities can now be installed.. # Security update for apache2 Announcement ID: SUSE-SU-2026:2759-1 Release Date: 2026-07-06T02:04:25Z Rating: important References: * bsc#1267503 * bsc#1267955 * bsc#1267956 * bsc#1267962 * bsc#1267963 * bsc#1267965 * bsc#1267969 * bsc#1267970 * bsc#1267971 * bsc#1267972 * bsc#1267976 * bsc#1267977 * bsc#1267978 Cross-References: * CVE-2026-29167 * CVE-2026-29170 * CVE-2026-34355 * CVE-2026-34356 * CVE-2026-42535 * CVE-2026-42536 * CVE-2026-43951 * CVE-2026-44119 * CVE-2026-44185 * CVE-2026-44186 * CVE-2026-44631 * CVE-2026-48913 * CVE-2026-49975 CVSS scores: * CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29167 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-29170 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42535 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-42535 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-42536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42536( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43951 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-43951 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-44119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44119 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44185 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44186 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-44186 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44631 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-44631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-48913 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48913 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-49975 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H AffectedProducts: * Basesystem Module 15-SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for apache2 fixes the following issues * CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976). * CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977). * CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978). * CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955). * CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956). * CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962). * CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963). * CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965). * CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969). * CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of service (bsc#1267970). * CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971). * CVE-2026-48913: file handle exhaustion during request processing in mod_http2 can lead to a use-after-free (bsc#1267972). * CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2759=1 * Basesystem Module15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2759=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-2759=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * apache2-prefork-2.4.66-150700.4.23.1 * apache2-debuginfo-2.4.66-150700.4.23.1 * apache2-prefork-debuginfo-2.4.66-150700.4.23.1 * apache2-prefork-debugsource-2.4.66-150700.4.23.1 * apache2-2.4.66-150700.4.23.1 * apache2-debugsource-2.4.66-150700.4.23.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * apache2-utils-debuginfo-2.4.66-150700.4.23.1 * apache2-worker-debuginfo-2.4.66-150700.4.23.1 * apache2-worker-2.4.66-150700.4.23.1 * apache2-worker-debugsource-2.4.66-150700.4.23.1 * apache2-devel-2.4.66-150700.4.23.1 * apache2-utils-2.4.66-150700.4.23.1 * apache2-utils-debugsource-2.4.66-150700.4.23.1 * Server Applications Module 15-SP7 (noarch) * apache2-manual-2.4.66-150700.4.23.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * apache2-event-debugsource-2.4.66-150700.4.23.1 * apache2-event-2.4.66-150700.4.23.1 * apache2-event-debuginfo-2.4.66-150700.4.23.1 ## References: * https://www.suse.com/security/cve/CVE-2026-29167.html * https://www.suse.com/security/cve/CVE-2026-29170.html * https://www.suse.com/security/cve/CVE-2026-34355.html * https://www.suse.com/security/cve/CVE-2026-34356.html * https://www.suse.com/security/cve/CVE-2026-42535.html * https://www.suse.com/security/cve/CVE-2026-42536.html * https://www.suse.com/security/cve/CVE-2026-43951.html * https://www.suse.com/security/cve/CVE-2026-44119.html * https://www.suse.com/security/cve/CVE-2026-44185.html * https://www.suse.com/security/cve/CVE-2026-44186.html * https://www.suse.com/security/cve/CVE-2026-44631.html * https://www.suse.com/security/cve/CVE-2026-48913.html * https://www.suse.com/security/cve/CVE-2026-49975.html *https://bugzilla.suse.com/show_bug.cgi?id=1267503 * https://bugzilla.suse.com/show_bug.cgi?id=1267955 * https://bugzilla.suse.com/show_bug.cgi?id=1267956 * https://bugzilla.suse.com/show_bug.cgi?id=1267962 * https://bugzilla.suse.com/show_bug.cgi?id=1267963 * https://bugzilla.suse.com/show_bug.cgi?id=1267965 * https://bugzilla.suse.com/show_bug.cgi?id=1267969 * https://bugzilla.suse.com/show_bug.cgi?id=1267970 * https://bugzilla.suse.com/show_bug.cgi?id=1267971 * https://bugzilla.suse.com/show_bug.cgi?id=1267972 * https://bugzilla.suse.com/show_bug.cgi?id=1267976 * https://bugzilla.suse.com/show_bug.cgi?id=1267977 * https://bugzilla.suse.com/show_bug.cgi?id=1267978 . This SUSE security update addresses 13 important vulnerabilities in Apache2, enhancing system protection and integrity.. SUSE security Apache2 vulnerabilities update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 06, 2026 Important SuSE
89

Fedora 43 7zip Critical Bugs Vulnerability Advisory 2026-7eaa63bea6

7-zip 26.02 Some bugs and vulnerabilities were fixed.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-7eaa63bea6 2026-07-04 01:06:18.979289+00:00 -------------------------------------------------------------------------------- Name : 7zip Product : Fedora 43 Version : 26.02 Release : 1.fc43 URL : https://7-zip.org Summary : A file archiver Description : 7-Zip is a file archiver with a high compression ratio. The main features of 7-Zip are: * High compression ratio in 7z format with LZMA and LZMA2 compression * Supported formats: * Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM * Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT, GPT, HFS, IHEX, ISO, LZH, LZMA, MBR, MSI, NSIS, NTFS, QCOW2, RPM, SquashFS, UDF, UEFI, VDI, VHD, VMDK, WIM, XAR and Z. * For ZIP and GZIP formats, 7-Zip provides a compression ratio that is 2-10 % better than the ratio provided by PKZip and WinZip * Strong AES-256 encryption in 7z and ZIP formats * Powerful command line version -------------------------------------------------------------------------------- Update Information: 7-zip 26.02 Some bugs and vulnerabilities were fixed. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 1 2026 Michel Lind - 26.02-1 - Update to version 26.02; Resolves: rhbz#2493347 * Wed Jul 1 2026 Michel Lind - 26.01-2 - Load 7z.so from a fixed libexec path instead of deriving it from argv[0] - Resolves: rhbz#2491337 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2491337 - 7-zip under the root account cannot extract RAR archives https://bugzilla.redhat.com/show_bug.cgi?id=2491337 [ 2 ] Bug #2493347 - 7zip-26.02 is available https://bugzilla.redhat.com/show_bug.cgi?id=2493347 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-7eaa63bea6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . 7-zip 26.02 fixes important bugs and vulnerabilities in Fedora 43, enhancing security and performance. Upgrade now!. Fedora updates 7zip file archiver security fix bugs vulnerabilities. . LinuxSecurity.com Team

Calendar%202 Jul 03, 2026 Fedora
100

SUSE ldns Important Security Fix for CVE-2026-10846 2026-22167-1

An update that solves one vulnerability can now be installed.. # Security update for ldns Announcement ID: SUSE-SU-2026:22167-1 Release Date: 2026-06-18T21:04:53Z Rating: important References: * bsc#1267670 Cross-References: * CVE-2026-10846 CVSS scores: * CVE-2026-10846 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-10846 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-10846 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-10846 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for ldns fixes the following issue * CVE-2026-10846: when ldns is used by applications for (stub) resolving, it does not sufficiently verify that received responses belong to a sent query (bsc#1267670). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-958=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-958=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * perl-DNS-LDNS-debuginfo-1.8.4-160000.3.1 * libldns3-debuginfo-1.8.4-160000.3.1 * ldns-debuginfo-1.8.4-160000.3.1 * ldns-debugsource-1.8.4-160000.3.1 * ldns-1.8.4-160000.3.1 * python3-ldns-1.8.4-160000.3.1 * perl-DNS-LDNS-1.8.4-160000.3.1 * libldns3-1.8.4-160000.3.1 * python3-ldns-debuginfo-1.8.4-160000.3.1 *ldns-devel-1.8.4-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * perl-DNS-LDNS-debuginfo-1.8.4-160000.3.1 * libldns3-debuginfo-1.8.4-160000.3.1 * ldns-debuginfo-1.8.4-160000.3.1 * ldns-debugsource-1.8.4-160000.3.1 * ldns-1.8.4-160000.3.1 * python3-ldns-1.8.4-160000.3.1 * perl-DNS-LDNS-1.8.4-160000.3.1 * libldns3-1.8.4-160000.3.1 * python3-ldns-debuginfo-1.8.4-160000.3.1 * ldns-devel-1.8.4-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-10846.html * https://bugzilla.suse.com/show_bug.cgi?id=1267670 . An important update for ldns resolves a security issue. Installation via SUSE recommended methods is advised.. SUSE security update, ldns patch, software vulnerability fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 23, 2026 Important SuSE
172

Ubuntu 24.04 8409-1 Uriparser Important Denial of Service

uriparser could be made to crash if it received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-8409-1 June 09, 2026 uriparser vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: uriparser could be made to crash if it received specially crafted input. Software Description: - uriparser: Strictly RFC 3986 compliant URI parsing library Details: It was discovered that uriparser incorrectly handled certain URI strings. An attacker could possibly use this issue to cause uriparser to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS liburiparser1 0.9.7+dfsg-2ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 22.04 LTS liburiparser1 0.9.6+dfsg-1ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS liburiparser1 0.9.3-2ubuntu0.1~esm4 Available with Ubuntu Pro Ubuntu 18.04 LTS liburiparser1 0.8.4-1+deb9u2ubuntu0.1+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS liburiparser1 0.8.4-1ubuntu0.16.04.1~esm5 Available with Ubuntu Pro Ubuntu 14.04 LTS liburiparser1 0.7.5-1ubuntu2+esm5 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8409-1 CVE-2025-67899 . Emergency update for Ubuntu addressing a critical uriparser issue that could cause crashing and denial ofservice.. Ubuntu Security, Denial of Service, uriparser Issue, System Update, RFC Compliance. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 10, 2026 Important Ubuntu
202

openSUSE Tumbleweed ggml-devel Moderate Security Issue CVE-2026-21869

An update that solves one vulnerability can now be installed.. # ggml-devel-9500-1.1 on GA media Announcement ID: openSUSE-SU-2026:10961-1 Rating: moderate Cross-References: * CVE-2026-21869 Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the ggml-devel-9500-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * ggml-devel 9500-1.1 * libggml-base0 9500-1.1 * libggml-cpu 9500-1.1 * libggml-opencl 9500-1.1 * libggml-vulkan 9500-1.1 * libggml0 9500-1.1 * libllama-common0 9500-1.1 * libllama0 9500-1.1 * libmtmd0 9500-1.1 * llamacpp 9500-1.1 * llamacpp-devel 9500-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21869.html . Discover updates addressing security in openSUSE Tumbleweed's ggml-devel package. Dive into the details now.. openSUSE Tumbleweed,general package updates,security issues,software vulnerabilities. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jun 09, 2026 moderate OpenSUSE
172

Ubuntu 25.10 24.04 LTS Kea DHCP Important Denial of Service USN-8403-1

Kea DHCP could be made to crash if it received specially crafted messages.. ========================================================================== Ubuntu Security Notice USN-8403-1 June 08, 2026 isc-kea vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS Summary: Kea DHCP could be made to crash if it received specially crafted messages. Software Description: - isc-kea: Standards-based DHCP server Details: Ali Norouzi discovered that Kea DHCP did not properly handle maliciously crafted messages over configured API sockets and HA listeners. A remote attacker could possibly use this issue to cause Kea DHCP to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 kea-admin 2.6.3-2ubuntu0.1 kea-common 2.6.3-2ubuntu0.1 kea-dhcp-ddns-server 2.6.3-2ubuntu0.1 kea-dhcp4-server 2.6.3-2ubuntu0.1 kea-dhcp6-server 2.6.3-2ubuntu0.1 Ubuntu 24.04 LTS kea-admin 2.4.1-3ubuntu0.2 kea-common 2.4.1-3ubuntu0.2 kea-dhcp-ddns-server 2.4.1-3ubuntu0.2 kea-dhcp4-server 2.4.1-3ubuntu0.2 kea-dhcp6-server 2.4.1-3ubuntu0.2 After a standard system update you may need to restart Kea DHCP server instances to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8403-1 CVE-2026-3608 Package Information: https://launchpad.net/ubuntu/+source/isc-kea/2.6.3-2ubuntu0.1 https://launchpad.net/ubuntu/+source/isc-kea/2.4.1-3ubuntu0.2 . Kea DHCP has a significant issue where crafted messages can cause crashes, impacting service availability. Update recommended.. Kea DHCP Denial of Service, Ubuntu Security Notice, isc-kea vulnerability, Update Required, SoftwareIssue. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 08, 2026 Important Ubuntu
202

openSUSE Python Pip Moderate Fix for Execution Risks CVE-2026-3219

An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed.. openSUSE security update: security update for python-pip ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20880-1 Rating: moderate References: * bsc#1262429 * bsc#1263442 Cross-References: * CVE-2026-1703 * CVE-2026-3219 * CVE-2026-6357 CVSS scores: * CVE-2026-1703 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-1703 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3219 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-3219 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-6357 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N * CVE-2026-6357 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed. Description: This update for python-pip fixes the following issues: - CVE-2026-3219: concatenated tar and ZIP files are handled as ZIP files, resulting in possibly obfuscated malicious code (bsc#1262429). - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation, resulting in potential arbitrary code execution (bsc#1263442). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-872=1 Package List: - openSUSE Leap 16.0: python313-pip-25.0.1-160000.4.1 python313-pip-wheel-25.0.1-160000.4.1 References: * https://www.suse.com/security/cve/CVE-2026-1703.html * https://www.suse.com/security/cve/CVE-2026-3219.html *https://www.suse.com/security/cve/CVE-2026-6357.html . Update for python-pip on openSUSE addresses three issues, allowing installation of both security and bug fix patches.. openSUSE Update, Python Pip Security, Vulnerability Fixes, Software Patch Management, Open Source Security. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jun 03, 2026 moderate OpenSUSE
172

Ubuntu 26.04 FRR Significant Denial of Service Vulnerability USN-8376-1

Several security issues were fixed in FRR.. ========================================================================== Ubuntu Security Notice USN-8376-1 June 03, 2026 frr vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in FRR. Software Description: - frr: FRRouting suite of internet protocols Details: It was discovered that FRR incorrectly handled certain OSPF Traffic Engineering and Segment Routing TLVs. An attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. (CVE-2026-28532) It was discovered that FRR incorrectly handled certain BGP FlowSpec components. An attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. (CVE-2026-37457) It was discovered that FRR did not properly validate certain MP_REACH_NLRI messages. An authenticated user could possibly use this issue to cause FRR to crash, resulting in a denial of service. (CVE-2026-37458) It was discovered that FRR incorrectly handled processing certain BGP UPDATE messages. An attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. This issue only affected Ubuntu 25.04 and Ubuntu 25.10. (CVE-2026-37459) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS frr 10.5.1-1ubuntu4.1 Ubuntu 25.10 frr 10.4.1-3ubuntu1.4 Ubuntu 24.04 LTS frr 8.4.4-1.1ubuntu6.7 Ubuntu 22.04 LTS frr 8.1-1ubuntu1.16 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8376-1 CVE-2026-28532, CVE-2026-37457, CVE-2026-37458, CVE-2026-37459 Package Information: https://launchpad.net/ubuntu/+source/frr/10.5.1-1ubuntu4.1 https://launchpad.net/ubuntu/+source/frr/10.4.1-3ubuntu1.4 https://launchpad.net/ubuntu/+source/frr/8.4.4-1.1ubuntu6.7 https://launchpad.net/ubuntu/+source/frr/8.1-1ubuntu1.16 . Critical updates for security issues in FRRouting (FRR) across multiple Ubuntu releases. Ensure your systems are protected!. FRRouting, Ubuntu security, denial of service, software update, security advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 03, 2026 Important Ubuntu
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200