Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 268 articles for you...
89

Fedora 44 pam Timing Leak Fix CVE-2026-54411 Security Advisory

pam_userdb: fix password comparison timing leak. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-377015b34b 2026-07-10 00:52:14.826395+00:00 -------------------------------------------------------------------------------- Name : pam Product : Fedora 44 Version : 1.7.2 Release : 2.fc44 URL : http://www.linux-pam.org/ Summary : An extensible library which provides authentication for applications Description : PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication. -------------------------------------------------------------------------------- Update Information: pam_userdb: fix password comparison timing leak -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 8 2026 Iker Pedrosa - 1.7.2-2 - pam_userdb: fix password comparison timing leak Resolves: #2496416 Resolves: CVE-2026-54411 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2496416 - CVE-2026-54411 pam: Plaintext password recovery via timing discrepancy in pam_userdb module [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2496416 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-377015b34b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fix for pam User Database timing leak vulnerability in Fedora 44 requires immediate attention and update.. pam userdb, Fedora 44, timing attack, security update, authentication module. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 09, 2026 Important Fedora
219

Rocky Linux 10 memcached Critical Username Enumeration Flaw RLSA-2026-27842

Important: memcached security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:27842", "synopsis": "Important: memcached security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for memcached.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. \n\nSecurity Fix(es):\n\n* memcached: memcached: Username enumeration via timing side channel (CVE-2026-47783)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2480089", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2480089", "description": ""}], "cves": [{"name": "CVE-2026-47783", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47783", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.1", "cwe": "CWE-208"}], "references": [], "publishedAt": "2026-06-24T12:05:09.232192Z", "rpms": {"Rocky Linux 10": {"nvras": ["memcached-debuginfo-0:1.6.23-7.el10_2.1.s390x.rpm", "memcached-0:1.6.23-7.el10_2.1.aarch64.rpm", "memcached-0:1.6.23-7.el10_2.1.ppc64le.rpm", "memcached-0:1.6.23-7.el10_2.1.src.rpm", "memcached-0:1.6.23-7.el10_2.1.s390x.rpm", "memcached-selinux-0:1.6.23-7.el10_2.1.aarch64.rpm", "memcached-debuginfo-0:1.6.23-7.el10_2.1.ppc64le.rpm", "memcached-debuginfo-0:1.6.23-7.el10_2.1.x86_64.rpm", "memcached-debugsource-0:1.6.23-7.el10_2.1.x86_64.rpm", "memcached-debugsource-0:1.6.23-7.el10_2.1.aarch64.rpm", "memcached-0:1.6.23-7.el10_2.1.x86_64.rpm","memcached-selinux-0:1.6.23-7.el10_2.1.s390x.rpm", "memcached-debuginfo-0:1.6.23-7.el10_2.1.aarch64.rpm", "memcached-selinux-0:1.6.23-7.el10_2.1.x86_64.rpm", "memcached-debugsource-0:1.6.23-7.el10_2.1.ppc64le.rpm", "memcached-debugsource-0:1.6.23-7.el10_2.1.s390x.rpm", "memcached-selinux-0:1.6.23-7.el10_2.1.ppc64le.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Memcached security update for Rocky Linux addresses important issues, enhancing protection against username enumeration attacks. Stay secure!. Rocky Linux memcached update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 24, 2026 Important Rocky Linux
219

Rocky Linux PostgreSQL Key Credential Recovery Timing Attack CVE-2026-6478

Important: postgresql:13 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:28208", "synopsis": "Important: postgresql:13 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for postgres-decoderbufs, module.postgres-decoderbufs, module.pgaudit, module.pg_repack, pgaudit, pg_repack.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nSecurity Fix(es):\n\n* postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison (CVE-2026-6478)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2477447", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2477447", "description": ""}], "cves": [{"name": "CVE-2026-6478", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6478", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "cvss3BaseScore": "8.2", "cwe": "CWE-385"}], "references": [], "publishedAt": "2026-06-23T18:00:59.155864Z", "rpms": {"Rocky Linux 8": {"nvras": ["pgaudit-0:1.5.0-1.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "pgaudit-0:1.5.0-1.module+el8.9.0+1594+4a6adae9.aarch64.rpm", "pgaudit-0:1.5.0-1.module+el8.10.0+40055+b85d5ce2.src.rpm", "pgaudit-0:1.5.0-1.module+el8.9.0+1594+4a6adae9.src.rpm", "pgaudit-0:1.5.0-1.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "pgaudit-0:1.5.0-1.module+el8.9.0+1594+4a6adae9.x86_64.rpm", "pgaudit-debuginfo-0:1.5.0-1.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "pgaudit-debuginfo-0:1.5.0-1.module+el8.9.0+1594+4a6adae9.aarch64.rpm","pgaudit-debuginfo-0:1.5.0-1.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "pgaudit-debugsource-0:1.5.0-1.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "pgaudit-debugsource-0:1.5.0-1.module+el8.9.0+1594+4a6adae9.aarch64.rpm", "pgaudit-debugsource-0:1.5.0-1.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "pg_repack-0:1.4.6-3.module+el8.9.0+1594+4a6adae9.aarch64.rpm", "pg_repack-0:1.4.6-3.module+el8.9.0+1603+444d1b54.aarch64.rpm", "pg_repack-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "pg_repack-0:1.4.6-3.module+el8.10.0+1862+29bef648.aarch64.rpm", "pg_repack-0:1.4.6-3.module+el8.9.0+1594+4a6adae9.src.rpm", "pg_repack-0:1.4.6-3.module+el8.9.0+1603+444d1b54.src.rpm", "pg_repack-0:1.4.6-3.module+el8.10.0+1862+29bef648.src.rpm", "pg_repack-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.src.rpm", "pg_repack-0:1.4.6-3.module+el8.9.0+1603+444d1b54.x86_64.rpm", "pg_repack-0:1.4.6-3.module+el8.9.0+1594+4a6adae9.x86_64.rpm", "pg_repack-0:1.4.6-3.module+el8.10.0+1862+29bef648.x86_64.rpm", "pg_repack-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "pg_repack-debuginfo-0:1.4.6-3.module+el8.9.0+1603+444d1b54.aarch64.rpm", "pg_repack-debuginfo-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "pg_repack-debuginfo-0:1.4.6-3.module+el8.10.0+1862+29bef648.aarch64.rpm", "pg_repack-debuginfo-0:1.4.6-3.module+el8.9.0+1594+4a6adae9.aarch64.rpm", "pg_repack-debuginfo-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "pg_repack-debuginfo-0:1.4.6-3.module+el8.10.0+1862+29bef648.x86_64.rpm", "pg_repack-debugsource-0:1.4.6-3.module+el8.10.0+1862+29bef648.aarch64.rpm", "pg_repack-debugsource-0:1.4.6-3.module+el8.9.0+1603+444d1b54.aarch64.rpm", "pg_repack-debugsource-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "pg_repack-debugsource-0:1.4.6-3.module+el8.9.0+1594+4a6adae9.aarch64.rpm", "pg_repack-debugsource-0:1.4.6-3.module+el8.10.0+1862+29bef648.x86_64.rpm", "pg_repack-debugsource-0:1.4.6-3.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.9.0+1594+4a6adae9.aarch64.rpm","postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.9.0+1603+444d1b54.aarch64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+1862+29bef648.aarch64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.9.0+1603+444d1b54.src.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+1862+29bef648.src.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.9.0+1594+4a6adae9.src.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.src.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.10.0+1862+29bef648.x86_64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.9.0+1603+444d1b54.x86_64.rpm", "postgres-decoderbufs-0:0.10.0-2.module+el8.9.0+1594+4a6adae9.x86_64.rpm", "postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.10.0+1862+29bef648.aarch64.rpm", "postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.9.0+1594+4a6adae9.aarch64.rpm", "postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.9.0+1603+444d1b54.aarch64.rpm", "postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.x86_64.rpm", "postgres-decoderbufs-debuginfo-0:0.10.0-2.module+el8.10.0+1862+29bef648.x86_64.rpm", "postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.9.0+1603+444d1b54.aarch64.rpm", "postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.aarch64.rpm", "postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.10.0+1862+29bef648.aarch64.rpm", "postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.9.0+1594+4a6adae9.aarch64.rpm", "postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.10.0+1862+29bef648.x86_64.rpm", "postgres-decoderbufs-debugsource-0:0.10.0-2.module+el8.10.0+40055+b85d5ce2.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important PostgreSQL security update on Rocky Linux addresses credential recovery issue reflected in CVE-2026-6478..PostgreSQL Security, Rocky Linux Update, Credential Recovery Issue. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 23, 2026 Important Rocky Linux
89

Fedora 43 perl-Crypt-PBKDF2 Crucial Hashing Upgrade 2026-e8231b773d

This update addresses a number of security issues: Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641) Generate salts using Crypt::URandom (a strong system RNG) instead of perl's. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e8231b773d 2026-06-21 01:09:26.438190+00:00 -------------------------------------------------------------------------------- Name : perl-Crypt-PBKDF2 Product : Fedora 43 Version : 0.261630 Release : 1.fc43 URL : https://metacpan.org/release/Crypt-PBKDF2 Summary : The PBKDF2 password hashing algorithm Description : PBKDF2 is a secure password hashing algorithm that uses the techniques of "key strengthening" to make the complexity of a brute-force attack arbitrarily high. PBKDF2 uses any other cryptographic hash or cipher (by convention, usually HMAC-SHA2, but Crypt::PBKDF2 is fully pluggable), and allows for an arbitrary number of iterations of the hashing function, and a nearly unlimited output hash size (up to 2**32-1 times the size of the output of the backend hash). The hash is salted, as any password hash should be, and the salt may also be of arbitrary size. -------------------------------------------------------------------------------- Update Information: This update addresses a number of security issues: Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641) Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638) Use a constant-time comparison in validate to avoid timing attacks (CVE-2017-20240) -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 12 2026 Paul Howarth -0.261630-1 - Update to 0.261630 (rhbz#2488228) - Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641) - Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638) - Use a constant-time comparison in 'validate' to avoid timing attacks (CVE-2017-20240) - Switch to Module::Build::Tiny flow - Package new README file * Sat Jan 17 2026 Fedora Release Engineering - 0.161520-25 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2488228 - perl-Crypt-PBKDF2-0.261630 is available https://bugzilla.redhat.com/show_bug.cgi?id=2488228 [ 2 ] Bug #2488894 - CVE-2017-20240 perl-Crypt-PBKDF2: information disclosure via timing attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488894 [ 3 ] Bug #2488896 - CVE-2026-9641 perl-Crypt-PBKDF2: weak default algorithm and insufficient iterations [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488896 [ 4 ] Bug #2488899 - CVE-2026-9638 perl-Crypt-PBKDF2: generation of insecure random values for salts [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488899 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e8231b773d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Addressing significant security concerns in perl-Crypt-PBKDF2 for Fedora with enhanced hashing and salt generation standards.. Fedora security perl password hashing Crypt::PBKDF2. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 20, 2026 Important Fedora
89

Fedora 43 perl-Mojo-JWT Important Timing Attack Protect 2026-1da54e6cb8

This release of Mojo::JWT Improves the security of decode to prevent timing side-channel attacks in symmetric signatures. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-1da54e6cb8 2026-06-16 01:10:28.203205+00:00 -------------------------------------------------------------------------------- Name : perl-Mojo-JWT Product : Fedora 43 Version : 1.02 Release : 1.fc43 URL : https://metacpan.org/release/Mojo-JWT Summary : JSON Web Token the Mojo way Description : JSON Web Token is described in https://tools.ietf.org/html/rfc7519. Mojo::JWT implements that standard with an API that should feel familiar to Mojolicious users (though of course it is useful elsewhere). Indeed, JWT is much like Mojolicious::Sessions except that the result is a URL-safe text string rather than a cookie. -------------------------------------------------------------------------------- Update Information: This release of Mojo::JWT Improves the security of decode to prevent timing side-channel attacks in symmetric signatures -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 7 2026 Emmanuel Seyman - 1.02-1 - Update to 1.02 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-1da54e6cb8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. Tounsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Security update for Fedora 43 improves Mojo::JWT to prevent timing side-channel attacks.. Fedora Update, perl-Mojo-JWT, security enhancement, timing attacks, JSON Web Token. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 15, 2026 Important Fedora
89

Fedora 44 Perl Mojo-JWT Security Fix Advisory FEDORA-2026-80333f8f56

This release of Mojo::JWT Improves the security of decode to prevent timing side-channel attacks in symmetric signatures. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-80333f8f56 2026-06-16 01:01:54.934620+00:00 -------------------------------------------------------------------------------- Name : perl-Mojo-JWT Product : Fedora 44 Version : 1.02 Release : 1.fc44 URL : https://metacpan.org/release/Mojo-JWT Summary : JSON Web Token the Mojo way Description : JSON Web Token is described in https://tools.ietf.org/html/rfc7519. Mojo::JWT implements that standard with an API that should feel familiar to Mojolicious users (though of course it is useful elsewhere). Indeed, JWT is much like Mojolicious::Sessions except that the result is a URL-safe text string rather than a cookie. -------------------------------------------------------------------------------- Update Information: This release of Mojo::JWT Improves the security of decode to prevent timing side-channel attacks in symmetric signatures -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 7 2026 Emmanuel Seyman - 1.02-1 - Update to 1.02 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-80333f8f56' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. Tounsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Improve security against timing attacks with Fedora 44's Mojo::JWT update for safer signatures. Learn more.. Mojo-JWT update Fedora timing attack protection. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 15, 2026 Important Fedora
203

Mageia 9 Memcached Important SASL Timing Attack Fix 2026-0203

Security update. Publication date: 12 Jun 2026 URL: https://advisories.mageia.org/MGASA-2026-0203.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-47783, CVE-2026-47784 Description: CVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass. CVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass. References: - https://bugs.mageia.org/show_bug.cgi?id=35552 - https://github.com/memcached/memcached/wiki/ReleaseNotes1642 - https://www.cve.org/CVERecord?id=CVE-2026-47783 - https://www.cve.org/CVERecord?id=CVE-2026-47784 SRPMS: - 9/core/memcached-1.6.42-1.mga9 . Critical memcached security advisory for Mageia 9 detailing significant timing attacks with CVE-2026-47783 and CVE-2026-47784.. Mageia memcached security timing attack CVE-2026-47783 CVE-2026-47784. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 12, 2026 Critical Mageia
100

SUSE Linux Resolves Critical SASL Timing Attack in Memcached Update

An update that solves two vulnerabilities can now be installed.. # Security update for memcached Announcement ID: SUSE-SU-2026:2292-1 Release Date: 2026-06-08T08:51:34Z Rating: important References: * bsc#1265873 * bsc#1265881 Cross-References: * CVE-2026-47783 * CVE-2026-47784 CVSS scores: * CVE-2026-47783 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-47783 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-47784 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-47784 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for memcached fixes the following issues * CVE-2026-47783: timing side-channel in SASL password database authentication (username) (bsc#1265873). * CVE-2026-47784: timing side-channel in SASL password database authentication (password) (bsc#1265881). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-2292=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2292=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * memcached-debugsource-1.4.39-4.14.1 * memcached-debuginfo-1.4.39-4.14.1 * memcached-devel-1.4.39-4.14.1 * memcached-1.4.39-4.14.1 * SUSE Linux Enterprise Server 12 SP5 LTSSExtended Security (x86_64) * memcached-debugsource-1.4.39-4.14.1 * memcached-debuginfo-1.4.39-4.14.1 * memcached-devel-1.4.39-4.14.1 * memcached-1.4.39-4.14.1 ## References: * https://www.suse.com/security/cve/CVE-2026-47783.html * https://www.suse.com/security/cve/CVE-2026-47784.html * https://bugzilla.suse.com/show_bug.cgi?id=1265873 * https://bugzilla.suse.com/show_bug.cgi?id=1265881 . Update for memcached addresses two important vulnerabilities in SUSE products. Immediate action recommended for security.. SUSE memcached update important timing attack authentication. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 08, 2026 Important SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200