Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves six vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:22031-1 Release Date: 2026-06-01T20:59:02Z Rating: important References: * bsc#1259798 * bsc#1260563 * bsc#1260908 * bsc#1264096 * bsc#1265224 * bsc#1265384 Cross-References: * CVE-2025-54518 * CVE-2026-23243 * CVE-2026-23274 * CVE-2026-23317 * CVE-2026-46300 * CVE-2026-46333 CVSS scores: * CVE-2025-54518 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-54518 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-54518 ( NVD ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46300 ( SUSE ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-46300 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46333 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46333 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46333 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908). * CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260563). * CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224). * CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-853=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-853=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_1-debugsource-11-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-11-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-debuginfo-11-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-SLE16_Update_1-debugsource-11-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-11-160000.1.1 *kernel-livepatch-6_12_0-160000_6-default-debuginfo-11-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-54518.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23317.html * https://www.suse.com/security/cve/CVE-2026-46300.html * https://www.suse.com/security/cve/CVE-2026-46333.html * https://bugzilla.suse.com/show_bug.cgi?id=1259798 * https://bugzilla.suse.com/show_bug.cgi?id=1260563 * https://bugzilla.suse.com/show_bug.cgi?id=1260908 * https://bugzilla.suse.com/show_bug.cgi?id=1264096 * https://bugzilla.suse.com/show_bug.cgi?id=1265224 * https://bugzilla.suse.com/show_bug.cgi?id=1265384 . SUSE Linux kernel security update addresses six vulnerabilities, enhancing system integrity and protecting against exploits.. SUSE Linux Server, kernel patch, security update, exploit mitigation. . Severity: Important. LinuxSecurity.com Team
Important: thunderbird security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:15892", "synopsis": "Important: thunderbird security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for thunderbird.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6772)\n\n* firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-6754)\n\n* firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component (CVE-2026-6762)\n\n* firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6752)\n\n* firefox: thunderbird: Other issue in the Storage: IndexedDB component (CVE-2026-6770)\n\n* firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component (CVE-2026-6757)\n\n* firefox: thunderbird: Other issue in the Libraries component in NSS (CVE-2026-6767)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6786)\n\n* firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6753)\n\n* firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-6759)\n\n* firefox: thunderbird: Use-after-free in the WebRTC component (CVE-2026-6747)\n\n* firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component (CVE-2026-6749)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6766)\n\n* firefox: thunderbird: Privilege escalation in the Networking component (CVE-2026-6761)\n\n* firefox: thunderbird: Mitigation bypass in the File Handling component(CVE-2026-6763)\n\n* firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-6750)\n\n* firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6748)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6785)\n\n* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-6771)\n\n* firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component (CVE-2026-6764)\n\n* firefox: thunderbird: Information disclosure in the Form Autofill component (CVE-2026-6765)\n\n* firefox: thunderbird: Privilege escalation in the Debugger component (CVE-2026-6769)\n\n* firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6751)\n\n* firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-6776)\n\n* firefox: thunderbird: Use-after-free in the DOM: Core & HTML component (CVE-2026-6746)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2460074", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460074", "description": ""}, {"ticket": "2460075", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460075", "description": ""}, {"ticket": "2460076", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460076", "description": ""}, {"ticket": "2460078", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460078", "description": ""}, {"ticket": "2460079", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460079", "description": ""}, {"ticket": "2460085","sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460085", "description": ""}, {"ticket": "2460086", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460086", "description": ""}, {"ticket": "2460088", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460088", "description": ""}, {"ticket": "2460092", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460092", "description": ""}, {"ticket": "2460094", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460094", "description": ""}, {"ticket": "2460095", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460095", "description": ""}, {"ticket": "2460096", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460096", "description": ""}, {"ticket": "2460097", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460097", "description": ""}, {"ticket": "2460099", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460099", "description": ""}, {"ticket": "2460101", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460101", "description": ""}, {"ticket": "2460102", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460102", "description": ""}, {"ticket": "2460103", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460103", "description": ""}, {"ticket": "2460104", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460104", "description": ""}, {"ticket": "2460105", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460105", "description": ""}, {"ticket": "2460106", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460106", "description": ""}, {"ticket": "2460107", "sourceBy": "Red Hat", "sourceLink":"https://bugzilla.redhat.com/show_bug.cgi?id=2460107", "description": ""}, {"ticket": "2460108", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460108", "description": ""}, {"ticket": "2460109", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460109", "description": ""}, {"ticket": "2460110", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460110", "description": ""}, {"ticket": "2460112", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460112", "description": ""}], "cves": [{"name": "CVE-2026-6746", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6746", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-6747", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6747", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-6748", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6748", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-824"}, {"name": "CVE-2026-6749", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6749", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-824"}, {"name": "CVE-2026-6750", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6750", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-266"}, {"name": "CVE-2026-6751", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6751", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe":"CWE-824"}, {"name": "CVE-2026-6752", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6752", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-131"}, {"name": "CVE-2026-6753", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6753", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}, {"name": "CVE-2026-6754", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6754", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-6757", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6757", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-823"}, {"name": "CVE-2026-6759", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6759", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-6761", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6761", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-266"}, {"name": "CVE-2026-6762", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6762", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-1021"}, {"name": "CVE-2026-6763", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6763", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-66"}, {"name": "CVE-2026-6764", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6764", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-805"}, {"name": "CVE-2026-6765", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6765", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-359"}, {"name": "CVE-2026-6766", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6766", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-125"}, {"name": "CVE-2026-6767", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6767", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-676"}, {"name": "CVE-2026-6769", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6769", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-266"}, {"name": "CVE-2026-6770", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6770", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-440"}, {"name": "CVE-2026-6771", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6771", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-358"}, {"name": "CVE-2026-6772", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6772", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-6776", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6776", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N","cvss3BaseScore": "3.4", "cwe": "CWE-131"}, {"name": "CVE-2026-6785", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6785", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}, {"name": "CVE-2026-6786", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6786", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}], "references": [], "publishedAt": "2026-05-13T12:03:42.485295Z", "rpms": {"Rocky Linux 9": {"nvras": ["thunderbird-0:140.10.0-1.el9_7.aarch64.rpm", "thunderbird-0:140.10.0-1.el9_7.ppc64le.rpm", "thunderbird-0:140.10.0-1.el9_7.s390x.rpm", "thunderbird-0:140.10.0-1.el9_7.src.rpm", "thunderbird-0:140.10.0-1.el9_7.x86_64.rpm", "thunderbird-debuginfo-0:140.10.0-1.el9_7.aarch64.rpm", "thunderbird-debuginfo-0:140.10.0-1.el9_7.ppc64le.rpm", "thunderbird-debuginfo-0:140.10.0-1.el9_7.s390x.rpm", "thunderbird-debuginfo-0:140.10.0-1.el9_7.x86_64.rpm", "thunderbird-debugsource-0:140.10.0-1.el9_7.aarch64.rpm", "thunderbird-debugsource-0:140.10.0-1.el9_7.ppc64le.rpm", "thunderbird-debugsource-0:140.10.0-1.el9_7.s390x.rpm", "thunderbird-debugsource-0:140.10.0-1.el9_7.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Mozilla Thunderbird security update for Rocky Linux improves defenses against spoofing and memory safety issues. Update required.. thunderbird security, Rocky Linux update, memory safety, spoofing security. . Severity: Important. LinuxSecurity.com Team
Important: firefox security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:10766", "synopsis": "Important: firefox security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for firefox.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nSecurity Fix(es):\n\n* firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6772)\n\n* firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-6754)\n\n* firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component (CVE-2026-6762)\n\n* firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6752)\n\n* firefox: thunderbird: Other issue in the Storage: IndexedDB component (CVE-2026-6770)\n\n* firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component (CVE-2026-6757)\n\n* firefox: thunderbird: Other issue in the Libraries component in NSS (CVE-2026-6767)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6786)\n\n* firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6753)\n\n* firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-6759)\n\n* firefox: thunderbird: Use-after-free in the WebRTC component (CVE-2026-6747)\n\n* firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component (CVE-2026-6749)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6766)\n\n* firefox: thunderbird: Privilege escalation in the Networking component (CVE-2026-6761)\n\n* firefox: thunderbird: Mitigation bypass in the FileHandling component (CVE-2026-6763)\n\n* firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-6750)\n\n* firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6748)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6785)\n\n* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-6771)\n\n* firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component (CVE-2026-6764)\n\n* firefox: thunderbird: Information disclosure in the Form Autofill component (CVE-2026-6765)\n\n* firefox: thunderbird: Privilege escalation in the Debugger component (CVE-2026-6769)\n\n* firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6751)\n\n* firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-6776)\n\n* firefox: thunderbird: Use-after-free in the DOM: Core & HTML component (CVE-2026-6746)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2460074", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460074", "description": ""}, {"ticket": "2460075", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460075", "description": ""}, {"ticket": "2460076", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460076", "description": ""}, {"ticket": "2460078", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460078", "description": ""}, {"ticket": "2460079", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460079", "description": ""}, {"ticket":"2460085", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460085", "description": ""}, {"ticket": "2460086", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460086", "description": ""}, {"ticket": "2460088", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460088", "description": ""}, {"ticket": "2460092", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460092", "description": ""}, {"ticket": "2460094", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460094", "description": ""}, {"ticket": "2460095", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460095", "description": ""}, {"ticket": "2460096", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460096", "description": ""}, {"ticket": "2460097", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460097", "description": ""}, {"ticket": "2460099", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460099", "description": ""}, {"ticket": "2460101", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460101", "description": ""}, {"ticket": "2460102", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460102", "description": ""}, {"ticket": "2460103", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460103", "description": ""}, {"ticket": "2460104", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460104", "description": ""}, {"ticket": "2460105", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460105", "description": ""}, {"ticket": "2460106", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460106", "description": ""}, {"ticket": "2460107", "sourceBy": "Red Hat","sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460107", "description": ""}, {"ticket": "2460108", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460108", "description": ""}, {"ticket": "2460109", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460109", "description": ""}, {"ticket": "2460110", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460110", "description": ""}, {"ticket": "2460112", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2460112", "description": ""}], "cves": [{"name": "CVE-2026-6746", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6746", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-6747", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6747", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-6748", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6748", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-824"}, {"name": "CVE-2026-6749", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6749", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-824"}, {"name": "CVE-2026-6750", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6750", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-266"}, {"name": "CVE-2026-6751", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6751", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore":"7.5", "cwe": "CWE-824"}, {"name": "CVE-2026-6752", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6752", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-131"}, {"name": "CVE-2026-6753", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6753", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}, {"name": "CVE-2026-6754", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6754", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-6757", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6757", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-823"}, {"name": "CVE-2026-6759", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6759", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-6761", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6761", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-266"}, {"name": "CVE-2026-6762", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6762", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-1021"}, {"name": "CVE-2026-6763", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6763", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-66"}, {"name": "CVE-2026-6764", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6764", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-805"}, {"name": "CVE-2026-6765", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6765", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-359"}, {"name": "CVE-2026-6766", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6766", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-125"}, {"name": "CVE-2026-6767", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6767", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-676"}, {"name": "CVE-2026-6769", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6769", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-266"}, {"name": "CVE-2026-6770", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6770", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-440"}, {"name": "CVE-2026-6771", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6771", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-358"}, {"name": "CVE-2026-6772", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6772", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-6776", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6776", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N","cvss3BaseScore": "3.4", "cwe": "CWE-131"}, {"name": "CVE-2026-6785", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6785", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}, {"name": "CVE-2026-6786", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6786", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}], "references": [], "publishedAt": "2026-04-30T18:01:05.380956Z", "rpms": {"Rocky Linux 8": {"nvras": ["firefox-0:140.10.0-1.el8_10.aarch64.rpm", "firefox-0:140.10.0-1.el8_10.src.rpm", "firefox-0:140.10.0-1.el8_10.x86_64.rpm", "firefox-debuginfo-0:140.10.0-1.el8_10.aarch64.rpm", "firefox-debuginfo-0:140.10.0-1.el8_10.x86_64.rpm", "firefox-debugsource-0:140.10.0-1.el8_10.aarch64.rpm", "firefox-debugsource-0:140.10.0-1.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux updates Firefox facing major security issues including use-after-free and spoofing risks, patch promptly.. Firefox Security Update,Rocky Linux Vulnerability,Open Source Browser Fixes. . Severity: Important. LinuxSecurity.com Team
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, spoofing, information disclosure or privilege escalation. For Debian 11 bullseye, these problems have been fixed in version 140.10.0esr-1~deb11u1.. Debian LTS Advisory DLA-4546-1
Important: firefox security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:0667", "synopsis": "Important: firefox security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for firefox.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nSecurity Fix(es):\n\n* firefox: Spoofing issue in the Downloads Panel component (CVE-2025-14327)\n\n* firefox: Use-after-free in the JavaScript: GC component (CVE-2026-0885)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 (CVE-2026-0891)\n\n* firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2026-0878)\n\n* firefox: Use-after-free in the IPC component (CVE-2026-0882)\n\n* firefox: Use-after-free in the JavaScript Engine component (CVE-2026-0884)\n\n* firefox: Information disclosure in the Networking component (CVE-2026-0883)\n\n* firefox: Mitigation bypass in the DOM: Security component (CVE-2026-0877)\n\n* firefox: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component (CVE-2026-0890)\n\n* firefox: Clickjacking issue, information disclosure in the PDF Viewer component (CVE-2026-0887)\n\n* firefox: Sandbox escape due to incorrect boundary conditions in the Graphics component (CVE-2026-0879)\n\n* firefox: Sandbox escape due to integer overflow in the Graphics component (CVE-2026-0880)\n\n* firefox: Incorrect boundary conditions in the Graphics component (CVE-2026-0886)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"],"fixes": [{"ticket": "2420507", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2420507", "description": ""}, {"ticket": "2428961", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428961", "description": ""}, {"ticket": "2428963", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428963", "description": ""}, {"ticket": "2428965", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428965", "description": ""}, {"ticket": "2428966", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428966", "description": ""}, {"ticket": "2428967", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428967", "description": ""}, {"ticket": "2428968", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428968", "description": ""}, {"ticket": "2428969", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428969", "description": ""}, {"ticket": "2428971", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428971", "description": ""}, {"ticket": "2428972", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428972", "description": ""}, {"ticket": "2428973", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428973", "description": ""}, {"ticket": "2428975", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428975", "description": ""}, {"ticket": "2428978", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2428978", "description": ""}], "cves": [{"name": "CVE-2025-14327", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-14327", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": null}, {"name": "CVE-2026-0877", "sourceBy": "MITRE", "sourceLink":"https://www.cve.org/CVERecord?id=CVE-2026-0877", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": null}, {"name": "CVE-2026-0878", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0878", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": null}, {"name": "CVE-2026-0879", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0879", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": null}, {"name": "CVE-2026-0880", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0880", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": null}, {"name": "CVE-2026-0882", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0882", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": null}, {"name": "CVE-2026-0883", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0883", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": null}, {"name": "CVE-2026-0884", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0884", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": null}, {"name": "CVE-2026-0885", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0885", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": null}, {"name": "CVE-2026-0886", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0886", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": null}, {"name": "CVE-2026-0887", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0887","cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": null}, {"name": "CVE-2026-0890", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0890", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "cvss3BaseScore": "3.4", "cwe": null}, {"name": "CVE-2026-0891", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-0891", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": null}], "references": [], "publishedAt": "2026-01-16T09:03:02.132913Z", "rpms": {"Rocky Linux 8": {"nvras": ["firefox-debugsource-0:140.7.0-1.el8_10.aarch64.rpm", "firefox-debuginfo-0:140.7.0-1.el8_10.aarch64.rpm", "firefox-debuginfo-0:140.7.0-1.el8_10.x86_64.rpm", "firefox-0:140.7.0-1.el8_10.aarch64.rpm", "firefox-0:140.7.0-1.el8_10.src.rpm", "firefox-0:140.7.0-1.el8_10.x86_64.rpm", "firefox-debugsource-0:140.7.0-1.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important security update for Firefox on Rocky Linux 8 addresses multiple issues such as spoofing and memory safety bugs.. Mozilla Firefox security, Rocky Linux updates, software vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Several security issues were fixed in AngularJS.. ========================================================================== Ubuntu Security Notice USN-7958-1 January 14, 2026 angular.js vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in AngularJS. Software Description: - angular.js: JavaScript-based web framework Details: It was discovered that AngularJS did not properly sanitize certain `xlink:href` attributes. A remote attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 16.04 LTS. (CVE-2019-14863) It was discovered that AngularJS incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause AngularJS to consume resources, leading to a regular expression denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2022-25844) It was discovered that AngularJS incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause AngularJS to consume resources, leading to a regular expression denial of service. (CVE-2023-26116, CVE-2023-26117) It was discovered that AngularJS incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause AngularJS to consume resources, leading to a regular expression denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2023-26118, CVE-2024-21490) It was discovered that AngularJS did not properly sanitize certain inputs in HTML elements. A remote attacker could possibly use this issue to perform spoofing and obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2024-8372, CVE-2024-8373, CVE-2025-2336) It was discovered that AngularJS did not properly sanitize certain inputs in HTML elements. A remote attacker could possibly use this issue to perform spoofing and obtain sensitive information. (CVE-2025-0716) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libjs-angularjs 1.8.3-1ubuntu0.25.04.1 Ubuntu 24.04 LTS libjs-angularjs 1.8.3-1ubuntu0.24.04.1 Ubuntu 22.04 LTS libjs-angularjs 1.8.2-2ubuntu0.1 Ubuntu 20.04 LTS libjs-angularjs 1.7.9-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS libjs-angularjs 1.5.10-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS libjs-angularjs 1.2.28-1ubuntu2+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7958-1 CVE-2019-14863, CVE-2022-25844, CVE-2023-26116, CVE-2023-26117, CVE-2023-26118, CVE-2024-21490, CVE-2024-8372, CVE-2024-8373, CVE-2025-0716, CVE-2025-2336 Package Information: https://launchpad.net/ubuntu/+source/angular.js/1.8.3-1ubuntu0.25.04.1 https://launchpad.net/ubuntu/+source/angular.js/1.8.3-1ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/angular.js/1.8.2-2ubuntu0.1 . Multiple security fixes were released for AngularJS affecting various Ubuntu versions. Critical updates recommended.. AngularJS vulnerabilities, Ubuntu security update, security issues, web framework patching. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-21110 http://linux.oracle.com/errata/ELSA-2025-21110.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: bind-9.16.23-34.0.1.el9_7.1.x86_64.rpm bind-chroot-9.16.23-34.0.1.el9_7.1.x86_64.rpm bind-devel-9.16.23-34.0.1.el9_7.1.i686.rpm bind-devel-9.16.23-34.0.1.el9_7.1.x86_64.rpm bind-dnssec-doc-9.16.23-34.0.1.el9_7.1.noarch.rpm bind-dnssec-utils-9.16.23-34.0.1.el9_7.1.x86_64.rpm bind-doc-9.16.23-34.0.1.el9_7.1.noarch.rpm bind-libs-9.16.23-34.0.1.el9_7.1.i686.rpm bind-libs-9.16.23-34.0.1.el9_7.1.x86_64.rpm bind-license-9.16.23-34.0.1.el9_7.1.noarch.rpm bind-utils-9.16.23-34.0.1.el9_7.1.x86_64.rpm python3-bind-9.16.23-34.0.1.el9_7.1.noarch.rpm aarch64: bind-9.16.23-34.0.1.el9_7.1.aarch64.rpm bind-chroot-9.16.23-34.0.1.el9_7.1.aarch64.rpm bind-devel-9.16.23-34.0.1.el9_7.1.aarch64.rpm bind-dnssec-doc-9.16.23-34.0.1.el9_7.1.noarch.rpm bind-dnssec-utils-9.16.23-34.0.1.el9_7.1.aarch64.rpm bind-doc-9.16.23-34.0.1.el9_7.1.noarch.rpm bind-libs-9.16.23-34.0.1.el9_7.1.aarch64.rpm bind-license-9.16.23-34.0.1.el9_7.1.noarch.rpm bind-utils-9.16.23-34.0.1.el9_7.1.aarch64.rpm python3-bind-9.16.23-34.0.1.el9_7.1.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/bind-9.16.23-34.0.1.el9_7.1.src.rpm Related CVEs: CVE-2025-40778 CVE-2025-40780 Description of changes: [32:9.16.23-34.0.1.1] - Fix warning when changing device file permissions [Orabug: 36518580] [32:9.16.23-34.1] - Prevent cache poisoning due to weak PRNG (CVE-2025-40780) - Replace downstream fixes with upstream changes - Address various spoofing attacks (CVE-2025-40778) [32:9.16.23-34] - Fix failures in idna system test (RHEL-66172) [32:9.16.23-33] - logrotate: skip if empty and remove old variants (RHEL-113942) [32:9.16.23-32] - Decode IDN names on input in all situations in utilities(RHEL-66172) _______________________________________________ El-errata mailing list
* bsc#1252379 * bsc#1252380 Cross-References: * CVE-2025-40778 . # Security update for bind Announcement ID: SUSE-SU-2025:4222-1 Release Date: 2025-11-25T08:54:07Z Rating: important References: * bsc#1252379 * bsc#1252380 Cross-References: * CVE-2025-40778 * CVE-2025-40780 CVSS scores: * CVE-2025-40778 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N * CVE-2025-40778 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2025-40778 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2025-40780 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N * CVE-2025-40780 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2025-40780 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 An update that solves two vulnerabilities can now be installed. ## Description: This update for bind fixes the following issues: * CVE-2025-40778: Address various spoofing attacks (bsc#1252379). * CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-Micro-5-2025-4222=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2025-4222=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (aarch64 ppc64le s390x x86_64) * libisc1606-9.16.6-150000.12.85.1 * libbind9-1600-debuginfo-9.16.6-150000.12.85.1 * libisccc1600-debuginfo-9.16.6-150000.12.85.1 * bind-debugsource-9.16.6-150000.12.85.1 * libisccfg1600-9.16.6-150000.12.85.1 * libns1604-debuginfo-9.16.6-150000.12.85.1 * libirs1601-9.16.6-150000.12.85.1 * libisc1606-debuginfo-9.16.6-150000.12.85.1 * libirs1601-debuginfo-9.16.6-150000.12.85.1 * libisccfg1600-debuginfo-9.16.6-150000.12.85.1 * libns1604-9.16.6-150000.12.85.1 * bind-utils-9.16.6-150000.12.85.1 * libdns1605-debuginfo-9.16.6-150000.12.85.1 * bind-debuginfo-9.16.6-150000.12.85.1 * libisccc1600-9.16.6-150000.12.85.1 * libbind9-1600-9.16.6-150000.12.85.1 * libdns1605-9.16.6-150000.12.85.1 * bind-utils-debuginfo-9.16.6-150000.12.85.1 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (noarch) * python3-bind-9.16.6-150000.12.85.1 * SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64) * libisc1606-9.16.6-150000.12.85.1 * libisccfg1600-9.16.6-150000.12.85.1 * libns1604-debuginfo-9.16.6-150000.12.85.1 * libirs1601-9.16.6-150000.12.85.1 * libns1604-9.16.6-150000.12.85.1 * bind-utils-9.16.6-150000.12.85.1 * libisccc1600-9.16.6-150000.12.85.1 * libbind9-1600-9.16.6-150000.12.85.1 * libdns1605-9.16.6-150000.12.85.1 * SUSE Manager Client Tools for SLE Micro 5 (aarch64_ilp32) * libisc1606-64bit-9.16.6-150000.12.85.1 * libirs1601-64bit-9.16.6-150000.12.85.1 * libisccc1600-64bit-9.16.6-150000.12.85.1 * libbind9-1600-64bit-9.16.6-150000.12.85.1 * libisccfg1600-64bit-9.16.6-150000.12.85.1 * libdns1605-64bit-9.16.6-150000.12.85.1 * SUSE Manager Client Tools for SLE Micro 5 (noarch) * python3-bind-9.16.6-150000.12.85.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40778.html * https://www.suse.com/security/cve/CVE-2025-40780.html * https://bugzilla.suse.com/show_bug.cgi?id=1252379 * https://bugzilla.suse.com/show_bug.cgi?id=1252380 .Security update for SUSE addressing important vulnerabilities in bind, including spoofing and cache-poisoning threats.. SUSE Linux, bind vulnerabilities, security patch, software update, SUSE advisory. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.