Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 16 articles for you...
202

openSUSE Transmission Moderate Clickjack Security CVE-2026-38978 Advisory

An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for transmission ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0237-1 Rating: moderate References: #1267404 Cross-References: CVE-2026-38978 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for transmission fixes the following issues: - CVE-2026-38978: add clickjack safeguards when serving http responses (boo#1267404). - Update to 4.0.6: + Improved parsing HTTP tracker announce response. (#6223) + Fixed 4.0.0 bug that caused some user scripts to have an invalid TR_TORRENT_TRACKERS environment variable. (#6434) + Fixed 4.0.0 bug where alt-speed-enabled had no effect in settings.json. (#6483) + Fixed 4.0.0 bug where the GTK client's "Use authentication" option was not saved between's sessions. (#6514) + Fixed 4.0.0 bug where the filename for single-file torrents aren't sanitized. (#6846) + Fixed 4.0.0 bug where piece size description text and slider state in torrent creation dialog are not always up-to-date. + Fixed build when compiling with GTKMM 4. (#6393) + Added the launchable desktop-id to metainfo files. (#6779) + Fixed build when compiling on BSD. (#6812) + Fixed a 4.0.0 bug where the infinite ratio symbol was displayed incorrectly in the WebUI. (#6491, #6500) + Fixed layout issue in speed display. (#6570) + General UI improvement related to filterbar and fixes download/upload speed info wrap. (#6761) + Fixed a couple of logging issues. (#6463) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypperpatch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-237=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64): transmission-4.0.6-bp157.2.3.1 transmission-daemon-4.0.6-bp157.2.3.1 transmission-gtk-4.0.6-bp157.2.3.1 transmission-qt-4.0.6-bp157.2.3.1 - openSUSE Backports SLE-15-SP7 (noarch): system-user-transmission-4.0.6-bp157.2.3.1 transmission-common-4.0.6-bp157.2.3.1 transmission-gtk-lang-4.0.6-bp157.2.3.1 transmission-qt-lang-4.0.6-bp157.2.3.1 References: https://www.suse.com/security/cve/CVE-2026-38978.html https://bugzilla.suse.com/1267404 . Transmission update for openSUSE resolves CVE-2026-38978, enhancing security against clickjacking attacks.. opensuse security update, transmission update, CVE-2026-38978, clickjack safeguards, moderate severity advisory. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 09, 2026 moderate OpenSUSE
202

openSUSE Transmission Moderate Clickjack Safeguards Vulnern 2026-21189-1

An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for transmission ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21189-1 Rating: moderate References: * bsc#1267404 Cross-References: * CVE-2026-38978 Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for transmission fixes the following issues: Changes in transmission: - CVE-2026-38978: add clickjack safeguards when serving http responses (bsc#1267404). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-384=1 Package List: - openSUSE Leap 16.0: system-user-transmission-4.0.6-bp160.2.1 transmission-4.0.6-bp160.2.1 transmission-common-4.0.6-bp160.2.1 transmission-daemon-4.0.6-bp160.2.1 transmission-gtk-4.0.6-bp160.2.1 transmission-gtk-lang-4.0.6-bp160.2.1 transmission-qt-4.0.6-bp160.2.1 transmission-qt-lang-4.0.6-bp160.2.1 References: * https://www.suse.com/security/cve/CVE-2026-38978.html . Transmission update for openSUSE Leap 16.0 fixes a moderate vulnerability and includes a bug fix. Install it now!. openSUSE, transmission update, CVE-2026-38978. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 02, 2026 moderate OpenSUSE
89

Fedora 44 Transmission Important CORS Use After Free Fix 2026-0c067e5040

Fixed a CORS bug that leaked the anti-CSRF nonce. (#8938) Fixed a use-after-free bug in peer code. (#8921) Fixed build error when compiling with fmt 12.2.0. (#8942). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-0c067e5040 2026-07-02 01:05:29.984018+00:00 -------------------------------------------------------------------------------- Name : transmission Product : Fedora 44 Version : 4.1.3 Release : 1.fc44 URL : http://www.transmissionbt.com Summary : A lightweight GTK+ BitTorrent client Description : Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end. -------------------------------------------------------------------------------- Update Information: Fixed a CORS bug that leaked the anti-CSRF nonce. (#8938) Fixed a use-after-free bug in peer code. (#8921) Fixed build error when compiling with fmt 12.2.0. (#8942) -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 30 2026 Gwyn Ciesla - 4.1.3-1 - 4.1.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494743 - transmission-4.1.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2494743 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-0c067e5040' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update for Transmission 4.1.3 in Fedora 44 fixes CORS and use-after-free issues, enhancing security and stability.. Fedora Transmission update CORS use-after-free. . LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 Fedora
172

Ubuntu 26.04 Transmission Important Clickjacking Threat USN-8404-1

Transmission could allow unintended actions if a user visited a malicious website.. ========================================================================== Ubuntu Security Notice USN-8404-1 June 08, 2026 transmission vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Transmission could allow unintended actions if a user visited a malicious website. Software Description: - transmission: lightweight BitTorrent client Details: It was discovered that Transmission had a clickjacking weakness in the browser-facing WebUI and RPC response paths. An attacker could possibly use this issue to trick users into performing unintended actions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS transmission 4.1.1+dfsg-1ubuntu1.1 transmission-daemon 4.1.1+dfsg-1ubuntu1.1 Ubuntu 25.10 transmission 4.1.0~beta2+dfsg-3ubuntu1.1 transmission-daemon 4.1.0~beta2+dfsg-3ubuntu1.1 Ubuntu 24.04 LTS transmission 4.0.5-1ubuntu0.1 transmission-daemon 4.0.5-1ubuntu0.1 Ubuntu 22.04 LTS transmission 3.00-2ubuntu2.2 transmission-daemon 3.00-2ubuntu2.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8404-1 CVE-2026-38978 Package Information: https://launchpad.net/ubuntu/+source/transmission/4.1.1+dfsg-1ubuntu1.1 https://launchpad.net/ubuntu/+source/transmission/4.1.0~beta2+dfsg-3ubuntu1.1 https://launchpad.net/ubuntu/+source/transmission/4.0.5-1ubuntu0.1 https://launchpad.net/ubuntu/+source/transmission/3.00-2ubuntu2.2 . Transmission has a clickjacking flaw; users could be tricked into unintended actions.. Ubuntu TransmissionClickjacking Update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 08, 2026 Important Ubuntu
172

Ubuntu 26.04 Transmission Significant Clickjacking Vulnerability USN-8404-1

Transmission could allow unintended actions if a user visited a malicious website.. ========================================================================== Ubuntu Security Notice USN-8404-1 June 08, 2026 transmission vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Transmission could allow unintended actions if a user visited a malicious website. Software Description: - transmission: lightweight BitTorrent client Details: It was discovered that Transmission had a clickjacking weakness in the browser-facing WebUI and RPC response paths. An attacker could possibly use this issue to trick users into performing unintended actions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS transmission 4.1.1+dfsg-1ubuntu1.1 transmission-daemon 4.1.1+dfsg-1ubuntu1.1 Ubuntu 25.10 transmission 4.1.0~beta2+dfsg-3ubuntu1.1 transmission-daemon 4.1.0~beta2+dfsg-3ubuntu1.1 Ubuntu 24.04 LTS transmission 4.0.5-1ubuntu0.1 transmission-daemon 4.0.5-1ubuntu0.1 Ubuntu 22.04 LTS transmission 3.00-2ubuntu2.2 transmission-daemon 3.00-2ubuntu2.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8404-1 CVE-2026-38978 Package Information: https://launchpad.net/ubuntu/+source/transmission/4.1.1+dfsg-1ubuntu1.1 https://launchpad.net/ubuntu/+source/transmission/4.1.0~beta2+dfsg-3ubuntu1.1 https://launchpad.net/ubuntu/+source/transmission/4.0.5-1ubuntu0.1 https://launchpad.net/ubuntu/+source/transmission/3.00-2ubuntu2.2 . Transmission in Ubuntu exposes users to clickjacking attacks; updates are essential for vulnerability mitigation..Ubuntu Transmission Clickjacking Attack Update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 08, 2026 Important Ubuntu
89

Fedora 44 Transmission 4.1.2 Important Clickjacking Fix CVE-2026-38978

4.1.2, fix for CVE-2026-38978. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c032fac814 2026-06-05 04:25:00.359120+00:00 -------------------------------------------------------------------------------- Name : transmission Product : Fedora 44 Version : 4.1.2 Release : 1.fc44 URL : http://www.transmissionbt.com Summary : A lightweight GTK+ BitTorrent client Description : Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end. -------------------------------------------------------------------------------- Update Information: 4.1.2, fix for CVE-2026-38978 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 3 2026 Gwyn Ciesla - 4.1.2-1 - 4.1.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2483871 - transmission-4.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2483871 [ 2 ] Bug #2484367 - CVE-2026-38978 transmission: Transmission: Clickjacking weakness in WebUI and RPC response paths [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484367 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c032fac814' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Transmission 4.1.2 update addresses important Clickjacking weakness in WebUI and RPC response. Immediate action recommended.. Transmission Clickjacking Update Fedora. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 05, 2026 Important Fedora
89

Fedora 43 Transmission 4.1.2 Clickjacking Fix CVE-2026-38978

4.1.2, fix for CVE-2026-38978. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-893c99f61c 2026-06-05 04:07:33.980067+00:00 -------------------------------------------------------------------------------- Name : transmission Product : Fedora 43 Version : 4.1.2 Release : 1.fc43 URL : http://www.transmissionbt.com Summary : A lightweight GTK+ BitTorrent client Description : Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end. -------------------------------------------------------------------------------- Update Information: 4.1.2, fix for CVE-2026-38978 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 3 2026 Gwyn Ciesla - 4.1.2-1 - 4.1.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2483871 - transmission-4.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2483871 [ 2 ] Bug #2484367 - CVE-2026-38978 transmission: Transmission: Clickjacking weakness in WebUI and RPC response paths [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484367 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-893c99f61c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Transmission 4.1.2 for Fedora 43 addresses Clickjacking issues with CVE-2026-38978. Get installation instructions now!. Linux Update, BitTorrent Client, Fedora Security Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 05, 2026 Important Fedora
89

Fedora 44 Transmission Important Clickjacking Fix 2026-c032fac814

4.1.2, fix for CVE-2026-38978. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c032fac814 2026-06-05 04:25:00.359120+00:00 -------------------------------------------------------------------------------- Name : transmission Product : Fedora 44 Version : 4.1.2 Release : 1.fc44 URL : http://www.transmissionbt.com Summary : A lightweight GTK+ BitTorrent client Description : Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end. -------------------------------------------------------------------------------- Update Information: 4.1.2, fix for CVE-2026-38978 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 3 2026 Gwyn Ciesla - 4.1.2-1 - 4.1.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2483871 - transmission-4.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2483871 [ 2 ] Bug #2484367 - CVE-2026-38978 transmission: Transmission: Clickjacking weakness in WebUI and RPC response paths [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484367 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c032fac814' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update transmission for Fedora 44 addresses important clickjacking issues for improved security.. Transmission clickjacking, Fedora 44 update, security advisory, BitTorrent client, software vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 05, 2026 Important Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200