Explore top 10 tips to secure your open-source projects now. Read More
×
pam_userdb: fix password comparison timing leak. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-377015b34b 2026-07-10 00:52:14.826395+00:00 -------------------------------------------------------------------------------- Name : pam Product : Fedora 44 Version : 1.7.2 Release : 2.fc44 URL : http://www.linux-pam.org/ Summary : An extensible library which provides authentication for applications Description : PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication. -------------------------------------------------------------------------------- Update Information: pam_userdb: fix password comparison timing leak -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 8 2026 Iker Pedrosa - 1.7.2-2 - pam_userdb: fix password comparison timing leak Resolves: #2496416 Resolves: CVE-2026-54411 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2496416 - CVE-2026-54411 pam: Plaintext password recovery via timing discrepancy in pam_userdb module [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2496416 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-377015b34b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Important: memcached security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:27842", "synopsis": "Important: memcached security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for memcached.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. \n\nSecurity Fix(es):\n\n* memcached: memcached: Username enumeration via timing side channel (CVE-2026-47783)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2480089", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2480089", "description": ""}], "cves": [{"name": "CVE-2026-47783", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47783", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.1", "cwe": "CWE-208"}], "references": [], "publishedAt": "2026-06-24T12:05:09.232192Z", "rpms": {"Rocky Linux 10": {"nvras": ["memcached-debuginfo-0:1.6.23-7.el10_2.1.s390x.rpm", "memcached-0:1.6.23-7.el10_2.1.aarch64.rpm", "memcached-0:1.6.23-7.el10_2.1.ppc64le.rpm", "memcached-0:1.6.23-7.el10_2.1.src.rpm", "memcached-0:1.6.23-7.el10_2.1.s390x.rpm", "memcached-selinux-0:1.6.23-7.el10_2.1.aarch64.rpm", "memcached-debuginfo-0:1.6.23-7.el10_2.1.ppc64le.rpm", "memcached-debuginfo-0:1.6.23-7.el10_2.1.x86_64.rpm", "memcached-debugsource-0:1.6.23-7.el10_2.1.x86_64.rpm", "memcached-debugsource-0:1.6.23-7.el10_2.1.aarch64.rpm", "memcached-0:1.6.23-7.el10_2.1.x86_64.rpm","memcached-selinux-0:1.6.23-7.el10_2.1.s390x.rpm", "memcached-debuginfo-0:1.6.23-7.el10_2.1.aarch64.rpm", "memcached-selinux-0:1.6.23-7.el10_2.1.x86_64.rpm", "memcached-debugsource-0:1.6.23-7.el10_2.1.ppc64le.rpm", "memcached-debugsource-0:1.6.23-7.el10_2.1.s390x.rpm", "memcached-selinux-0:1.6.23-7.el10_2.1.ppc64le.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Memcached security update for Rocky Linux addresses important issues, enhancing protection against username enumeration attacks. Stay secure!. Rocky Linux memcached update. . Severity: Important. LinuxSecurity.com Team
Important: postgresql:13 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:28208", "synopsis": "Important: postgresql:13 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for postgres-decoderbufs, module.postgres-decoderbufs, module.pgaudit, module.pg_repack, pgaudit, pg_repack.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nSecurity Fix(es):\n\n* postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison (CVE-2026-6478)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2477447", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2477447", "description": ""}], "cves": [{"name": "CVE-2026-6478", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6478", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "cvss3BaseScore": "8.2", "cwe": "CWE-385"}], "references": [], "publishedAt": "2026-06-23T18:00:59.155864Z", "rpms": {"Rocky Linux 8": {"nvras": ["pgaudit-0:1.5.0-1.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "pgaudit-0:1.5.0-1.module+el8.9.0+1594+4a6adae9.aarch64.rpm", "pgaudit-0:1.5.0-1.module+el8.10.0+40055+b85d5ce2.src.rpm", "pgaudit-0:1.5.0-1.module+el8.9.0+1594+4a6adae9.src.rpm", "pgaudit-0:1.5.0-1.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "pgaudit-0:1.5.0-1.module+el8.9.0+1594+4a6adae9.x86_64.rpm", "pgaudit-debuginfo-0:1.5.0-1.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "pgaudit-debuginfo-0:1.5.0-1.module+el8.9.0+1594+4a6adae9.aarch64.rpm","pgaudit-debuginfo-0:1.5.0-1.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "pgaudit-debugsource-0:1.5.0-1.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "pgaudit-debugsource-0:1.5.0-1.module+el8.9.0+1594+4a6adae9.aarch64.rpm", "pgaudit-debugsource-0:1.5.0-1.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "pg_repack-0:1.4.6-3.module+el8.9.0+1594+4a6adae9.aarch64.rpm", "pg_repack-0:1.4.6-3.module+el8.9.0+1603+444d1b54.aarch64.rpm", "pg_repack-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "pg_repack-0:1.4.6-3.module+el8.10.0+1862+29bef648.aarch64.rpm", "pg_repack-0:1.4.6-3.module+el8.9.0+1594+4a6adae9.src.rpm", "pg_repack-0:1.4.6-3.module+el8.9.0+1603+444d1b54.src.rpm", "pg_repack-0:1.4.6-3.module+el8.10.0+1862+29bef648.src.rpm", "pg_repack-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.src.rpm", "pg_repack-0:1.4.6-3.module+el8.9.0+1603+444d1b54.x86_64.rpm", "pg_repack-0:1.4.6-3.module+el8.9.0+1594+4a6adae9.x86_64.rpm", "pg_repack-0:1.4.6-3.module+el8.10.0+1862+29bef648.x86_64.rpm", "pg_repack-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "pg_repack-debuginfo-0:1.4.6-3.module+el8.9.0+1603+444d1b54.aarch64.rpm", "pg_repack-debuginfo-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "pg_repack-debuginfo-0:1.4.6-3.module+el8.10.0+1862+29bef648.aarch64.rpm", "pg_repack-debuginfo-0:1.4.6-3.module+el8.9.0+1594+4a6adae9.aarch64.rpm", "pg_repack-debuginfo-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "pg_repack-debuginfo-0:1.4.6-3.module+el8.10.0+1862+29bef648.x86_64.rpm", "pg_repack-debugsource-0:1.4.6-3.module+el8.10.0+1862+29bef648.aarch64.rpm", "pg_repack-debugsource-0:1.4.6-3.module+el8.9.0+1603+444d1b54.aarch64.rpm", "pg_repack-debugsource-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "pg_repack-debugsource-0:1.4.6-3.module+el8.9.0+1594+4a6adae9.aarch64.rpm", "pg_repack-debugsource-0:1.4.6-3.module+el8.10.0+1862+29bef648.x86_64.rpm", "pg_repack-debugsource-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.9.0+1594+4a6adae9.aarch64.rpm","postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.9.0+1603+444d1b54.aarch64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+1862+29bef648.aarch64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.9.0+1603+444d1b54.src.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+1862+29bef648.src.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.9.0+1594+4a6adae9.src.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.src.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+1862+29bef648.x86_64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.9.0+1603+444d1b54.x86_64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.9.0+1594+4a6adae9.x86_64.rpm", "postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.10.0+1862+29bef648.aarch64.rpm", "postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.9.0+1594+4a6adae9.aarch64.rpm", "postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.9.0+1603+444d1b54.aarch64.rpm", "postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.10.0+1862+29bef648.x86_64.rpm", "postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.9.0+1603+444d1b54.aarch64.rpm", "postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.10.0+1862+29bef648.aarch64.rpm", "postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.9.0+1594+4a6adae9.aarch64.rpm", "postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.10.0+1862+29bef648.x86_64.rpm", "postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important PostgreSQL security update on Rocky Linux addresses credential recovery issue reflected in CVE-2026-6478..PostgreSQL Security, Rocky Linux Update, Credential Recovery Issue. . Severity: Important. LinuxSecurity.com Team
This update addresses a number of security issues: Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641) Generate salts using Crypt::URandom (a strong system RNG) instead of perl's. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e8231b773d 2026-06-21 01:09:26.438190+00:00 -------------------------------------------------------------------------------- Name : perl-Crypt-PBKDF2 Product : Fedora 43 Version : 0.261630 Release : 1.fc43 URL : https://metacpan.org/release/Crypt-PBKDF2 Summary : The PBKDF2 password hashing algorithm Description : PBKDF2 is a secure password hashing algorithm that uses the techniques of "key strengthening" to make the complexity of a brute-force attack arbitrarily high. PBKDF2 uses any other cryptographic hash or cipher (by convention, usually HMAC-SHA2, but Crypt::PBKDF2 is fully pluggable), and allows for an arbitrary number of iterations of the hashing function, and a nearly unlimited output hash size (up to 2**32-1 times the size of the output of the backend hash). The hash is salted, as any password hash should be, and the salt may also be of arbitrary size. -------------------------------------------------------------------------------- Update Information: This update addresses a number of security issues: Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641) Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638) Use a constant-time comparison in validate to avoid timing attacks (CVE-2017-20240) -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 12 2026 Paul Howarth -0.261630-1 - Update to 0.261630 (rhbz#2488228) - Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641) - Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638) - Use a constant-time comparison in 'validate' to avoid timing attacks (CVE-2017-20240) - Switch to Module::Build::Tiny flow - Package new README file * Sat Jan 17 2026 Fedora Release Engineering - 0.161520-25 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2488228 - perl-Crypt-PBKDF2-0.261630 is available https://bugzilla.redhat.com/show_bug.cgi?id=2488228 [ 2 ] Bug #2488894 - CVE-2017-20240 perl-Crypt-PBKDF2: information disclosure via timing attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488894 [ 3 ] Bug #2488896 - CVE-2026-9641 perl-Crypt-PBKDF2: weak default algorithm and insufficient iterations [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488896 [ 4 ] Bug #2488899 - CVE-2026-9638 perl-Crypt-PBKDF2: generation of insecure random values for salts [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488899 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e8231b773d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
This release of Mojo::JWT Improves the security of decode to prevent timing side-channel attacks in symmetric signatures. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-1da54e6cb8 2026-06-16 01:10:28.203205+00:00 -------------------------------------------------------------------------------- Name : perl-Mojo-JWT Product : Fedora 43 Version : 1.02 Release : 1.fc43 URL : https://metacpan.org/release/Mojo-JWT Summary : JSON Web Token the Mojo way Description : JSON Web Token is described in https://tools.ietf.org/html/rfc7519. Mojo::JWT implements that standard with an API that should feel familiar to Mojolicious users (though of course it is useful elsewhere). Indeed, JWT is much like Mojolicious::Sessions except that the result is a URL-safe text string rather than a cookie. -------------------------------------------------------------------------------- Update Information: This release of Mojo::JWT Improves the security of decode to prevent timing side-channel attacks in symmetric signatures -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 7 2026 Emmanuel Seyman - 1.02-1 - Update to 1.02 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-1da54e6cb8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
This release of Mojo::JWT Improves the security of decode to prevent timing side-channel attacks in symmetric signatures. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-80333f8f56 2026-06-16 01:01:54.934620+00:00 -------------------------------------------------------------------------------- Name : perl-Mojo-JWT Product : Fedora 44 Version : 1.02 Release : 1.fc44 URL : https://metacpan.org/release/Mojo-JWT Summary : JSON Web Token the Mojo way Description : JSON Web Token is described in https://tools.ietf.org/html/rfc7519. Mojo::JWT implements that standard with an API that should feel familiar to Mojolicious users (though of course it is useful elsewhere). Indeed, JWT is much like Mojolicious::Sessions except that the result is a URL-safe text string rather than a cookie. -------------------------------------------------------------------------------- Update Information: This release of Mojo::JWT Improves the security of decode to prevent timing side-channel attacks in symmetric signatures -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 7 2026 Emmanuel Seyman - 1.02-1 - Update to 1.02 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-80333f8f56' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Security update. Publication date: 12 Jun 2026 URL: https://advisories.mageia.org/MGASA-2026-0203.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-47783, CVE-2026-47784 Description: CVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass. CVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass. References: - https://bugs.mageia.org/show_bug.cgi?id=35552 - https://github.com/memcached/memcached/wiki/ReleaseNotes1642 - https://www.cve.org/CVERecord?id=CVE-2026-47783 - https://www.cve.org/CVERecord?id=CVE-2026-47784 SRPMS: - 9/core/memcached-1.6.42-1.mga9 . Critical memcached security advisory for Mageia 9 detailing significant timing attacks with CVE-2026-47783 and CVE-2026-47784.. Mageia memcached security timing attack CVE-2026-47783 CVE-2026-47784. . Severity: Critical. LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for memcached Announcement ID: SUSE-SU-2026:2292-1 Release Date: 2026-06-08T08:51:34Z Rating: important References: * bsc#1265873 * bsc#1265881 Cross-References: * CVE-2026-47783 * CVE-2026-47784 CVSS scores: * CVE-2026-47783 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-47783 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-47784 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-47784 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for memcached fixes the following issues * CVE-2026-47783: timing side-channel in SASL password database authentication (username) (bsc#1265873). * CVE-2026-47784: timing side-channel in SASL password database authentication (password) (bsc#1265881). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-2292=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2292=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * memcached-debugsource-1.4.39-4.14.1 * memcached-debuginfo-1.4.39-4.14.1 * memcached-devel-1.4.39-4.14.1 * memcached-1.4.39-4.14.1 * SUSE Linux Enterprise Server 12 SP5 LTSSExtended Security (x86_64) * memcached-debugsource-1.4.39-4.14.1 * memcached-debuginfo-1.4.39-4.14.1 * memcached-devel-1.4.39-4.14.1 * memcached-1.4.39-4.14.1 ## References: * https://www.suse.com/security/cve/CVE-2026-47783.html * https://www.suse.com/security/cve/CVE-2026-47784.html * https://bugzilla.suse.com/show_bug.cgi?id=1265873 * https://bugzilla.suse.com/show_bug.cgi?id=1265881 . Update for memcached addresses two important vulnerabilities in SUSE products. Immediate action recommended for security.. SUSE memcached update important timing attack authentication. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.