Explore top 10 tips to secure your open-source projects now. Read More
×
Update to latest upstream version.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-8463c31b61 2026-06-06 01:10:36.431966+00:00 -------------------------------------------------------------------------------- Name : thunderbird Product : Fedora 43 Version : 149.0.1 Release : 3.fc43 URL : http://www.mozilla.org/projects/thunderbird/ Summary : Mozilla Thunderbird mail/newsgroup client Description : Mozilla Thunderbird is a standalone mail and newsgroup client. -------------------------------------------------------------------------------- Update Information: Update to latest upstream version. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2026 Jan Horak - 149.0.1-1 - Update to 149.0.1 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-8463c31b61' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-8468 http://linux.oracle.com/errata/ELSA-2025-8468.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-20.19.2-1.module+el9.6.0+90603+e4b3d4d2.x86_64.rpm nodejs-devel-20.19.2-1.module+el9.6.0+90603+e4b3d4d2.x86_64.rpm nodejs-docs-20.19.2-1.module+el9.6.0+90603+e4b3d4d2.noarch.rpm nodejs-full-i18n-20.19.2-1.module+el9.6.0+90603+e4b3d4d2.x86_64.rpm nodejs-nodemon-3.0.1-1.module+el9.6.0+90603+e4b3d4d2.noarch.rpm nodejs-packaging-2021.06-4.module+el9.6.0+90603+e4b3d4d2.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el9.6.0+90603+e4b3d4d2.noarch.rpm npm-10.8.2-1.20.19.2.1.module+el9.6.0+90603+e4b3d4d2.x86_64.rpm aarch64: nodejs-20.19.2-1.module+el9.6.0+90603+e4b3d4d2.aarch64.rpm nodejs-devel-20.19.2-1.module+el9.6.0+90603+e4b3d4d2.aarch64.rpm nodejs-docs-20.19.2-1.module+el9.6.0+90603+e4b3d4d2.noarch.rpm nodejs-full-i18n-20.19.2-1.module+el9.6.0+90603+e4b3d4d2.aarch64.rpm nodejs-nodemon-3.0.1-1.module+el9.6.0+90603+e4b3d4d2.noarch.rpm nodejs-packaging-2021.06-4.module+el9.6.0+90603+e4b3d4d2.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el9.6.0+90603+e4b3d4d2.noarch.rpm npm-10.8.2-1.20.19.2.1.module+el9.6.0+90603+e4b3d4d2.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//nodejs-20.19.2-1.module+el9.6.0+90603+e4b3d4d2.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//nodejs-nodemon-3.0.1-1.module+el9.6.0+90603+e4b3d4d2.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//nodejs-packaging-2021.06-4.module+el9.6.0+90603+e4b3d4d2.src.rpm Related CVEs: CVE-2025-23166 Description of changes: nodejs [1:20.19.2-1] - Update to version 20.19.2 Resolves: RHEL-92865 RHEL-88876 RHEL-91597 nodejs-nodemon nodejs-packaging _______________________________________________ El-errata mailing list
twitter-bootstrap3 a popular front end framework was affected by a vulnerability. A cross-site scripting (XSS) vulnerability . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4204-1
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-7589 http://linux.oracle.com/errata/ELSA-2025-7589.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: aspnetcore-runtime-8.0-8.0.16-1.0.1.el8_10.x86_64.rpm aspnetcore-runtime-dbg-8.0-8.0.16-1.0.1.el8_10.x86_64.rpm aspnetcore-targeting-pack-8.0-8.0.16-1.0.1.el8_10.x86_64.rpm dotnet-apphost-pack-8.0-8.0.16-1.0.1.el8_10.x86_64.rpm dotnet-hostfxr-8.0-8.0.16-1.0.1.el8_10.x86_64.rpm dotnet-runtime-8.0-8.0.16-1.0.1.el8_10.x86_64.rpm dotnet-runtime-dbg-8.0-8.0.16-1.0.1.el8_10.x86_64.rpm dotnet-sdk-8.0-8.0.116-1.0.1.el8_10.x86_64.rpm dotnet-sdk-dbg-8.0-8.0.116-1.0.1.el8_10.x86_64.rpm dotnet-targeting-pack-8.0-8.0.16-1.0.1.el8_10.x86_64.rpm dotnet-templates-8.0-8.0.116-1.0.1.el8_10.x86_64.rpm dotnet-sdk-8.0-source-built-artifacts-8.0.116-1.0.1.el8_10.x86_64.rpm aarch64: aspnetcore-runtime-8.0-8.0.16-1.0.1.el8_10.aarch64.rpm aspnetcore-runtime-dbg-8.0-8.0.16-1.0.1.el8_10.aarch64.rpm aspnetcore-targeting-pack-8.0-8.0.16-1.0.1.el8_10.aarch64.rpm dotnet-apphost-pack-8.0-8.0.16-1.0.1.el8_10.aarch64.rpm dotnet-hostfxr-8.0-8.0.16-1.0.1.el8_10.aarch64.rpm dotnet-runtime-8.0-8.0.16-1.0.1.el8_10.aarch64.rpm dotnet-runtime-dbg-8.0-8.0.16-1.0.1.el8_10.aarch64.rpm dotnet-sdk-8.0-8.0.116-1.0.1.el8_10.aarch64.rpm dotnet-sdk-dbg-8.0-8.0.116-1.0.1.el8_10.aarch64.rpm dotnet-targeting-pack-8.0-8.0.16-1.0.1.el8_10.aarch64.rpm dotnet-templates-8.0-8.0.116-1.0.1.el8_10.aarch64.rpm dotnet-sdk-8.0-source-built-artifacts-8.0.116-1.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//dotnet8.0-8.0.116-1.0.1.el8_10.src.rpm Related CVEs: CVE-2025-26646 Description of changes: [8.0.116-1.0.1] - Add support for Oracle Linux [8.0.116-1] - Update to .NET SDK 8.0.116 and Runtime 8.0.16 - Resolves: RHEL-89446 _______________________________________________ El-errata mailinglist
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-4488 http://linux.oracle.com/errata/ELSA-2025-4488.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable LinuxNetwork: x86_64: ruby-3.1.7-146.module+el9.5.0+90564+273a1edd.i686.rpm ruby-3.1.7-146.module+el9.5.0+90564+273a1edd.x86_64.rpm ruby-bundled-gems-3.1.7-146.module+el9.5.0+90564+273a1edd.i686.rpm ruby-bundled-gems-3.1.7-146.module+el9.5.0+90564+273a1edd.x86_64.rpm ruby-default-gems-3.1.7-146.module+el9.5.0+90564+273a1edd.noarch.rpm ruby-devel-3.1.7-146.module+el9.5.0+90564+273a1edd.i686.rpm ruby-devel-3.1.7-146.module+el9.5.0+90564+273a1edd.x86_64.rpm ruby-doc-3.1.7-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygem-bigdecimal-3.1.1-146.module+el9.5.0+90564+273a1edd.i686.rpm rubygem-bigdecimal-3.1.1-146.module+el9.5.0+90564+273a1edd.x86_64.rpm rubygem-bundler-2.3.27-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygem-io-console-0.5.11-146.module+el9.5.0+90564+273a1edd.i686.rpm rubygem-io-console-0.5.11-146.module+el9.5.0+90564+273a1edd.x86_64.rpm rubygem-irb-1.4.1-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygem-json-2.6.1-146.module+el9.5.0+90564+273a1edd.i686.rpm rubygem-json-2.6.1-146.module+el9.5.0+90564+273a1edd.x86_64.rpm rubygem-minitest-5.15.0-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygem-mysql2-0.5.4-1.module+el9.1.0+20815+286161bd.x86_64.rpm rubygem-mysql2-doc-0.5.4-1.module+el9.1.0+20815+286161bd.noarch.rpm rubygem-pg-1.3.5-1.module+el9.1.0+20815+286161bd.x86_64.rpm rubygem-pg-doc-1.3.5-1.module+el9.1.0+20815+286161bd.noarch.rpm rubygem-power_assert-2.0.1-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygem-psych-4.0.4-146.module+el9.5.0+90564+273a1edd.i686.rpm rubygem-psych-4.0.4-146.module+el9.5.0+90564+273a1edd.x86_64.rpm rubygem-rake-13.0.6-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygem-rbs-2.7.0-146.module+el9.5.0+90564+273a1edd.i686.rpm rubygem-rbs-2.7.0-146.module+el9.5.0+90564+273a1edd.x86_64.rpm rubygem-rdoc-6.4.1.1-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygem-rexml-3.3.9-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygem-rss-0.3.1-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygems-3.3.27-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygems-devel-3.3.27-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygem-test-unit-3.5.3-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygem-typeprof-0.21.3-146.module+el9.5.0+90564+273a1edd.noarch.rpm ruby-libs-3.1.7-146.module+el9.5.0+90564+273a1edd.i686.rpm ruby-libs-3.1.7-146.module+el9.5.0+90564+273a1edd.x86_64.rpm aarch64: ruby-3.1.7-146.module+el9.5.0+90564+273a1edd.aarch64.rpm ruby-bundled-gems-3.1.7-146.module+el9.5.0+90564+273a1edd.aarch64.rpm ruby-default-gems-3.1.7-146.module+el9.5.0+90564+273a1edd.noarch.rpm ruby-devel-3.1.7-146.module+el9.5.0+90564+273a1edd.aarch64.rpm ruby-doc-3.1.7-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygem-bigdecimal-3.1.1-146.module+el9.5.0+90564+273a1edd.aarch64.rpm rubygem-bundler-2.3.27-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygem-io-console-0.5.11-146.module+el9.5.0+90564+273a1edd.aarch64.rpm rubygem-irb-1.4.1-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygem-json-2.6.1-146.module+el9.5.0+90564+273a1edd.aarch64.rpm rubygem-minitest-5.15.0-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygem-mysql2-0.5.4-1.module+el9.1.0+20815+286161bd.aarch64.rpm rubygem-mysql2-doc-0.5.4-1.module+el9.1.0+20815+286161bd.noarch.rpm rubygem-pg-1.3.5-1.module+el9.1.0+20815+286161bd.aarch64.rpm rubygem-pg-doc-1.3.5-1.module+el9.1.0+20815+286161bd.noarch.rpm rubygem-power_assert-2.0.1-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygem-psych-4.0.4-146.module+el9.5.0+90564+273a1edd.aarch64.rpm rubygem-rake-13.0.6-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygem-rbs-2.7.0-146.module+el9.5.0+90564+273a1edd.aarch64.rpm rubygem-rdoc-6.4.1.1-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygem-rexml-3.3.9-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygem-rss-0.3.1-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygems-3.3.27-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygems-devel-3.3.27-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygem-test-unit-3.5.3-146.module+el9.5.0+90564+273a1edd.noarch.rpm rubygem-typeprof-0.21.3-146.module+el9.5.0+90564+273a1edd.noarch.rpm ruby-libs-3.1.7-146.module+el9.5.0+90564+273a1edd.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//ruby-3.1.7-146.module+el9.5.0+90564+273a1edd.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//rubygem-mysql2-0.5.4-1.module+el9.1.0+20815+286161bd.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//rubygem-pg-1.3.5-1.module+el9.1.0+20815+286161bd.src.rpm Related CVEs: CVE-2024-39908 CVE-2024-41123 CVE-2024-41946 CVE-2024-43398 CVE-2025-27219 CVE-2025-27220 CVE-2025-27221 Description of changes: ruby [3.1.7-146] - Upgrade to Ruby 3.1.7. Resolves: RHEL-55410 - Fix DoS vulnerability in REXML. (CVE-2024-39908) Resolves: RHEL-86077 _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-4797 http://linux.oracle.com/errata/ELSA-2025-4797.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: thunderbird-128.10.0-1.0.1.el8_10.x86_64.rpm aarch64: thunderbird-128.10.0-1.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//thunderbird-128.10.0-1.0.1.el8_10.src.rpm Related CVEs: CVE-2025-2817 CVE-2025-4083 CVE-2025-4087 CVE-2025-4091 CVE-2025-4093 Description of changes: [128.10.0-1.0.1] - Fix prefs for new nss [Orabug: 37079820] - Add Oracle prefs file - Force use of gcc-toolset-13 due to clang dependency [128.10.0] - Add OpenELA debranding [128.10.0-1] - Update to 128.10.0 build1 _______________________________________________ El-errata mailing list
Update uv to 0.6.14, with various bugfixes and new features. Update rust-idna to 1.0.3 (fixing RUSTSEC-2024-0421), rust-url to 2.5.4, rust- adblock to 0.9.6, and rust-cookie_store to 0.21.1; adjust some reverse dependencies of rust-idna. Initial packages for many dependencies. Update rust-ron to 0.9.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-cd87acc644 2025-04-21 16:44:59.680841+00:00 -------------------------------------------------------------------------------- Name : rust-ron Product : Fedora 41 Version : 0.9.0 Release : 1.fc41 URL : https://crates.io/crates/ron Summary : Rusty Object Notation Description : Rusty Object Notation. -------------------------------------------------------------------------------- Update Information: Update uv to 0.6.14, with various bugfixes and new features. Update rust-idna to 1.0.3 (fixing RUSTSEC-2024-0421), rust-url to 2.5.4, rust- adblock to 0.9.6, and rust-cookie_store to 0.21.1; adjust some reverse dependencies of rust-idna. Initial packages for many dependencies. Update rust-ron to 0.9. Update rust-zip to 2.6.1, fixing GHSA-94vh-gphv-8pm8. -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 6 2025 Benjamin A. Beasley - 0.9.0-1 - Update to version 0.9.0; Fixes RHBZ#2353220 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2277901 - rust-adblock-0.9.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=2277901 [ 2 ] Bug #2291175 - rust-idna-1.0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2291175 [ 3 ] Bug #2323618 - rust-url-2.5.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2323618 [ 4 ] Bug #2324926 - rust-cookie_store-0.21.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2324926 [ 5 ] Bug #2352783 - rust-zip-2.6.1 isavailable https://bugzilla.redhat.com/show_bug.cgi?id=2352783 [ 6 ] Bug #2358015 - Review Request: rust-write16 - UTF-16 analog of the Write trait https://bugzilla.redhat.com/show_bug.cgi?id=2358015 [ 7 ] Bug #2358018 - Review Request: rust-utf16_iter - Iterator by char over potentially-invalid UTF-16 in &[u16] https://bugzilla.redhat.com/show_bug.cgi?id=2358018 [ 8 ] Bug #2358020 - Review Request: rust-icu_locid - API for managing Unicode Language and Locale Identifiers https://bugzilla.redhat.com/show_bug.cgi?id=2358020 [ 9 ] Bug #2358105 - Review Request: rust-icu_provider_macros - Proc macros for ICU data providers https://bugzilla.redhat.com/show_bug.cgi?id=2358105 [ 10 ] Bug #2358290 - Review Request: rust-icu_provider - Trait and struct definitions for the ICU data provider https://bugzilla.redhat.com/show_bug.cgi?id=2358290 [ 11 ] Bug #2358292 - Review Request: rust-icu_locid_transform_data - Data for the icu_locid_transform crate https://bugzilla.redhat.com/show_bug.cgi?id=2358292 [ 12 ] Bug #2358507 - Review Request: rust-icu_locid_transform - API for Unicode Language and Locale Identifiers canonicalization https://bugzilla.redhat.com/show_bug.cgi?id=2358507 [ 13 ] Bug #2358521 - Review Request: rust-icu_properties_data - Data for the icu_properties crate https://bugzilla.redhat.com/show_bug.cgi?id=2358521 [ 14 ] Bug #2358522 - Review Request: rust-icu_normalizer_data - Data for the icu_normalizer crate https://bugzilla.redhat.com/show_bug.cgi?id=2358522 [ 15 ] Bug #2358527 - Review Request: rust-icu_properties - Definitions for Unicode properties https://bugzilla.redhat.com/show_bug.cgi?id=2358527 [ 16 ] Bug #2358606 - Review Request: rust-icu_normalizer - API for normalizing text into Unicode Normalization Forms https://bugzilla.redhat.com/show_bug.cgi?id=2358606 [ 17 ] Bug #2358642 - Review Request: rust-idna_adapter - Back end adapter for idna https://bugzilla.redhat.com/show_bug.cgi?id=2358642 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-cd87acc644' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
New perl packages are available for Slackware 15.0 and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] perl (SSA:2025-104-01) New perl packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/perl-5.34.3-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Heap-buffer-overflow with tr// Also upgraded Perl modules: DBI-1.647, Module-Runtime-0.017, Path-Tiny-0.148, URI-5.31. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-56406 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/perl-5.34.3-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/perl-5.34.3-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/perl-5.40.2-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/perl-5.40.2-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 1e31ca6132157ce8335d3984daf5898c perl-5.34.3-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 56ff5c8bb144c9d66ca215cb46f3689d perl-5.34.3-x86_64-1_slack15.0.txz Slackware -current package: a6276118d4464a7a4795578a9a744b76 d/perl-5.40.2-i686-1.txz Slackware x86_64 -current package: 43f2e00e07043f12a5f4996a6e52e486 d/perl-5.40.2-x86_64-1.txz Installationinstructions: +------------------------+ Upgrade the package as root: # upgradepkg perl-5.34.3-i586-1_slack15.0.txz +-----+ . Recent updates to perl packages for Slackware have been introduced to mitigate a significant heap overflow vulnerability and bolster overall security protocols.. perl updates, Slackware security, heap overflow fix, software packages. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.