Explore top 10 tips to secure your open-source projects now. Read More
×
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-50388 http://linux.oracle.com/errata/ELSA-2026-50388.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-5.4.17-2136.357.3.2.el7uek.x86_64.rpm kernel-uek-container-5.4.17-2136.357.3.2.el7uek.x86_64.rpm kernel-uek-container-debug-5.4.17-2136.357.3.2.el7uek.x86_64.rpm kernel-uek-debug-5.4.17-2136.357.3.2.el7uek.x86_64.rpm kernel-uek-debug-devel-5.4.17-2136.357.3.2.el7uek.x86_64.rpm kernel-uek-devel-5.4.17-2136.357.3.2.el7uek.x86_64.rpm kernel-uek-doc-5.4.17-2136.357.3.2.el7uek.noarch.rpm kernel-uek-tools-5.4.17-2136.357.3.2.el7uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.357.3.2.el7uek.src.rpm Related CVEs: CVE-2026-43499 Description of changes: [5.4.17-2136.357.3.2] - locking/rtmutex: Skip remove_waiter() when waiter is not enqueued (Davidlohr Bueso) [Orabug: 39706958] - rtmutex: Use waiter::task instead of current in remove_waiter() (Keenan Dong) [Orabug: 39706958] {CVE-2026-43499} [5.4.17-2136.357.3.1] - KVM: x86: Fix shadow paging use-after-free due to unexpected role (Paolo Bonzini) [Orabug: 39673892] - KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (Sean Christopherson) [Orabug: 39673892] - KVM: x86/MMU: Recursively zap nested TDP SPs when zapping last/only parent (Ben Gardon) [Orabug: 39673892] - KVM: x86/mmu: Move flush logic from mmu_page_zap_pte() to FNAME(invlpg) (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: pull call to drop_large_spte() into __link_shadow_page() (Paolo Bonzini) [Orabug: 39673892] - KVM: x86/mmu: Passing up the error state of mmu_alloc_shadow_roots() (Like Xu) [Orabug: 39673892] - KVM: MMU: load PDPTRs outside mmu_lock (Paolo Bonzini) [Orabug: 39673892] - KVM: x86/mmu: Check PDPTRs before allocating PAE roots (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Always pass 0 for@quadrant when gptes are 8 bytes (David Matlack) [Orabug: 39673892] - KVM: x86/mmu: Derive shadow MMU page role from parent (David Matlack) [Orabug: 39673892] - KVM: X86: Remove useless code to set role.gpte_is_8_bytes when role.direct (Lai Jiangshan) [Orabug: 39673892] - KVM: X86: Synchronize the shadow pagetable before link it (Lai Jiangshan) [Orabug: 39673892] - KVM: X86: Fix missed remote tlb flush in rmap_write_protect() (Lai Jiangshan) [Orabug: 39673892] - KVM: x86/mmu: Refactor shadow walk in __direct_map() to reduce indentation (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Stop passing "direct" to mmu_alloc_root() (David Matlack) [Orabug: 39673892] - KVM: x86/mmu: Use a bool for direct (David Matlack) [Orabug: 39673892] - kvm: mmu: Replace unsigned with unsigned int for PTE access (Ben Gardon) [Orabug: 39673892] - KVM: x86/mmu: Ensure MMU pages are available when allocating roots (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Allocate pae_root and lm_root pages in dedicated helper (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Allocate the lm_root before allocating PAE roots (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Capture 'mmu' in a local variable when allocating roots (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Alloc page for PDPTEs when shadowing 32-bit NPT with 64-bit (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Stash 'kvm' in a local variable in kvm_mmu_free_roots() (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Add a helper to consolidate root sp allocation (Sean Christopherson) [Orabug: 39673892] - net/sched: act_pedit: fix action bind logic (Pedro Tammela) [Orabug: 39680880] - net/sched: act_pedit: free pedit keys on bail from offset check (Pedro Tammela) [Orabug: 39680880] - net/sched: fix pedit partial COW leading to page cache corruption (Rajat Gupta) [Orabug: 39680880] {CVE-2026-46331} - net/sched: act_pedit: Parse L3 Header for L4 offset (Max Tottenham) [Orabug: 39680880] - net/sched:act_pedit: rate limit datapath messages (Pedro Tammela) [Orabug: 39680880] - net/sched: act_pedit: check static offsets a priori (Pedro Tammela) [Orabug: 39680880] - net/sched: act_pedit: remove extra check for key type (Pedro Tammela) [Orabug: 39680880] - net/sched: simplify tcf_pedit_act (Pedro Tammela) [Orabug: 39680880] - net/sched: transition act_pedit to rcu and percpu stats (Pedro Tammela) [Orabug: 39680880] - net/sched: act_pedit: use NLA_POLICY for parsing 'ex' keys (Pedro Tammela) [Orabug: 39680880] [5.4.17-2136.357.3] - net: skbuff: fix missing zerocopy reference in pskb_carve helpers (Minh Nguyen) [Orabug: 39619389] {CVE-2026-52943} [5.4.17-2136.357.2] - net: fix fanout UAF in packet_release() via NETDEV_UP race (Yochai Eisenrich) [Orabug: 39250953] {CVE-2026-31504} - x86/kaslr: Recognize all ZONE_DEVICE users as physaddr consumers (Dan Williams) [Orabug: 39429802] - x86/kaslr: Reduce KASLR entropy on most x86 systems (Balbir Singh) [Orabug: 39429802] - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb-> dev is null (Cezar Bulinaru) [Orabug: 39526882] {CVE-2022-50073} - arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Rutland) [Orabug: 39548666] {CVE-2025-10263} - arm64: tlb: Add ARM64_WORKAROUND_REPEAT_TLBI_SYNC (Mark Rutland) [Orabug: 39548666] - ARM: uek: Disable CONFIG_QCOM_FALKOR_ERRATUM_1003 (Boris Ostrovsky) [Orabug: 39548666] - arm64: tlb: allow XZR argument to TLBI ops (Mark Rutland) [Orabug: 39548666] - arm64: cputype: Add C1-Premium definitions (Mark Rutland) [Orabug: 39548666] - arm64: cputype: Add C1-Ultra definitions (Mark Rutland) [Orabug: 39548666] - ip6_tunnel: clear skb2-> cb[] in ip4ip6_err() (Eric Dumazet) [Orabug: 39300926] {CVE-2026-43037} [5.4.17-2136.357.1] - batman-adv: hold claim backbone gateways by reference (Haoze Xie) [Orabug: 39262375] {CVE-2026-31657} - scsi: fcoe: Reject FIP descriptors with zero fip_dlen in CVL walker (Michael Bommarito) [Orabug: 39446045] - scsi: target: iscsi: Fix CRC overread anddouble-free in iscsit_handle_text_cmd() (Michael Bommarito) [Orabug: 39446045] - scsi: target: iscsi: Bound iscsi_encode_text_output() appends to rsp_buf (Michael Bommarito) [Orabug: 39446045] - rds: Drop rds conn in connect worker if not in down state. (Rohit Nair) [Orabug: 39152239] [5.4.17-2136.356.4.1] - smb: client: reject userspace cifs.spnego descriptions (Asim Viladi Oglu Manizada) [Orabug: 39463669] {CVE-2026-46243} [5.4.17-2136.356.4] - tun: free page on build_skb failure in tun_xdp_one() (Weiming Shi) [Orabug: 39429147] - tap: free page on error paths in tap_get_user_xdp() (Weiming Shi) [Orabug: 39429147] - tun: free page on short-frame rejection in tun_xdp_one() (Weiming Shi) [Orabug: 39429147] [5.4.17-2136.356.3] - ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39384275,39391459] {CVE-2026-46333} - net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim) [Orabug: 39368828,39441326] {CVE-2026-43503,CVE-2026-46300} - net: skbuff: preserve shared-frag marker during coalescing (William Bowling) [Orabug: 39368828] {CVE-2026-46300} [5.4.17-2136.356.2] - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Jeff Layton) [Orabug: 39167617,39368718] {CVE-2026-31402} - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (Maurizio Lombardi) [Orabug: 38985173,39368732] {CVE-2026-23216} - scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (Maurizio Lombardi) [Orabug: 38970455,39368774] {CVE-2026-23193} - xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39334580,39367147] {CVE-2026-43284} - x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39218897] {CVE-2025-54518} [5.4.17-2136.356.1] - arm64/kvm: Include linux/random.h in trng.c (Siddh Raman Pant) [Orabug: 39327096] - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (Tam Nguyen) [Orabug: 39174662] - i2c: designware: Handle invalid SMBus block data response length value (Tam Nguyen)[Orabug: 39174662] - i2c: designware: fix __i2c_dw_disable() in case master is holding SCL low (Yann Sionneau) [Orabug: 39174662] _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-50374 http://linux.oracle.com/errata/ELSA-2026-50374.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: aarch64: kernel-uek-5.4.17-2136.357.3.1.el8uek.aarch64.rpm kernel-uek-debug-5.4.17-2136.357.3.1.el8uek.aarch64.rpm kernel-uek-debug-devel-5.4.17-2136.357.3.1.el8uek.aarch64.rpm kernel-uek-devel-5.4.17-2136.357.3.1.el8uek.aarch64.rpm kernel-uek-doc-5.4.17-2136.357.3.1.el8uek.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.357.3.1.el8uek.src.rpm Related CVEs: CVE-2022-50073 CVE-2025-10263 CVE-2026-31504 CVE-2026-31657 CVE-2026-43037 CVE-2026-46331 CVE-2026-52943 CVE-2026-53359 Description of changes: [5.4.17-2136.357.3.1] - KVM: x86: Fix shadow paging use-after-free due to unexpected role (Paolo Bonzini) [Orabug: 39673892] - KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (Sean Christopherson) [Orabug: 39673892] - KVM: x86/MMU: Recursively zap nested TDP SPs when zapping last/only parent (Ben Gardon) [Orabug: 39673892] - KVM: x86/mmu: Move flush logic from mmu_page_zap_pte() to FNAME(invlpg) (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: pull call to drop_large_spte() into __link_shadow_page() (Paolo Bonzini) [Orabug: 39673892] - KVM: x86/mmu: Passing up the error state of mmu_alloc_shadow_roots() (Like Xu) [Orabug: 39673892] - KVM: MMU: load PDPTRs outside mmu_lock (Paolo Bonzini) [Orabug: 39673892] - KVM: x86/mmu: Check PDPTRs before allocating PAE roots (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Always pass 0 for @quadrant when gptes are 8 bytes (David Matlack) [Orabug: 39673892] - KVM: x86/mmu: Derive shadow MMU page role from parent (David Matlack) [Orabug: 39673892] - KVM: X86: Remove useless code to set role.gpte_is_8_bytes when role.direct (Lai Jiangshan) [Orabug: 39673892] - KVM: X86: Synchronize the shadowpagetable before link it (Lai Jiangshan) [Orabug: 39673892] - KVM: X86: Fix missed remote tlb flush in rmap_write_protect() (Lai Jiangshan) [Orabug: 39673892] - KVM: x86/mmu: Refactor shadow walk in __direct_map() to reduce indentation (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Stop passing "direct" to mmu_alloc_root() (David Matlack) [Orabug: 39673892] - KVM: x86/mmu: Use a bool for direct (David Matlack) [Orabug: 39673892] - kvm: mmu: Replace unsigned with unsigned int for PTE access (Ben Gardon) [Orabug: 39673892] - KVM: x86/mmu: Ensure MMU pages are available when allocating roots (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Allocate pae_root and lm_root pages in dedicated helper (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Allocate the lm_root before allocating PAE roots (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Capture 'mmu' in a local variable when allocating roots (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Alloc page for PDPTEs when shadowing 32-bit NPT with 64-bit (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Stash 'kvm' in a local variable in kvm_mmu_free_roots() (Sean Christopherson) [Orabug: 39673892] - KVM: x86/mmu: Add a helper to consolidate root sp allocation (Sean Christopherson) [Orabug: 39673892] - net/sched: act_pedit: fix action bind logic (Pedro Tammela) [Orabug: 39680880] - net/sched: act_pedit: free pedit keys on bail from offset check (Pedro Tammela) [Orabug: 39680880] - net/sched: fix pedit partial COW leading to page cache corruption (Rajat Gupta) [Orabug: 39680880] {CVE-2026-46331} - net/sched: act_pedit: Parse L3 Header for L4 offset (Max Tottenham) [Orabug: 39680880] - net/sched: act_pedit: rate limit datapath messages (Pedro Tammela) [Orabug: 39680880] - net/sched: act_pedit: check static offsets a priori (Pedro Tammela) [Orabug: 39680880] - net/sched: act_pedit: remove extra check for key type (Pedro Tammela) [Orabug: 39680880] - net/sched: simplify tcf_pedit_act (Pedro Tammela) [Orabug: 39680880] - net/sched: transition act_pedit to rcu and percpu stats (Pedro Tammela) [Orabug: 39680880] - net/sched: act_pedit: use NLA_POLICY for parsing 'ex' keys (Pedro Tammela) [Orabug: 39680880] [5.4.17-2136.357.3] - net: skbuff: fix missing zerocopy reference in pskb_carve helpers (Minh Nguyen) [Orabug: 39619389] {CVE-2026-52943} [5.4.17-2136.357.2] - net: fix fanout UAF in packet_release() via NETDEV_UP race (Yochai Eisenrich) [Orabug: 39250953] {CVE-2026-31504} - x86/kaslr: Recognize all ZONE_DEVICE users as physaddr consumers (Dan Williams) [Orabug: 39429802] - x86/kaslr: Reduce KASLR entropy on most x86 systems (Balbir Singh) [Orabug: 39429802] - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb-> dev is null (Cezar Bulinaru) [Orabug: 39526882] {CVE-2022-50073} - arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Rutland) [Orabug: 39548666] {CVE-2025-10263} - arm64: tlb: Add ARM64_WORKAROUND_REPEAT_TLBI_SYNC (Mark Rutland) [Orabug: 39548666] - ARM: uek: Disable CONFIG_QCOM_FALKOR_ERRATUM_1003 (Boris Ostrovsky) [Orabug: 39548666] - arm64: tlb: allow XZR argument to TLBI ops (Mark Rutland) [Orabug: 39548666] - arm64: cputype: Add C1-Premium definitions (Mark Rutland) [Orabug: 39548666] - arm64: cputype: Add C1-Ultra definitions (Mark Rutland) [Orabug: 39548666] - ip6_tunnel: clear skb2-> cb[] in ip4ip6_err() (Eric Dumazet) [Orabug: 39300926] {CVE-2026-43037} [5.4.17-2136.357.1] - batman-adv: hold claim backbone gateways by reference (Haoze Xie) [Orabug: 39262375] {CVE-2026-31657} - scsi: fcoe: Reject FIP descriptors with zero fip_dlen in CVL walker (Michael Bommarito) [Orabug: 39446045] - scsi: target: iscsi: Fix CRC overread and double-free in iscsit_handle_text_cmd() (Michael Bommarito) [Orabug: 39446045] - scsi: target: iscsi: Bound iscsi_encode_text_output() appends to rsp_buf (Michael Bommarito) [Orabug: 39446045] - rds: Drop rds conn in connect worker if not in down state. (Rohit Nair) [Orabug: 39152239] [5.4.17-2136.356.4.1] -smb: client: reject userspace cifs.spnego descriptions (Asim Viladi Oglu Manizada) [Orabug: 39463669] {CVE-2026-46243} [5.4.17-2136.356.4] - tun: free page on build_skb failure in tun_xdp_one() (Weiming Shi) [Orabug: 39429147] - tap: free page on error paths in tap_get_user_xdp() (Weiming Shi) [Orabug: 39429147] - tun: free page on short-frame rejection in tun_xdp_one() (Weiming Shi) [Orabug: 39429147] [5.4.17-2136.356.3] - ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39384275,39391459] {CVE-2026-46333} - net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim) [Orabug: 39368828,39441326] {CVE-2026-43503,CVE-2026-46300} - net: skbuff: preserve shared-frag marker during coalescing (William Bowling) [Orabug: 39368828] {CVE-2026-46300} [5.4.17-2136.356.2] - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Jeff Layton) [Orabug: 39167617,39368718] {CVE-2026-31402} - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (Maurizio Lombardi) [Orabug: 38985173,39368732] {CVE-2026-23216} - scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (Maurizio Lombardi) [Orabug: 38970455,39368774] {CVE-2026-23193} - xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39334580,39367147] {CVE-2026-43284} - x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39218897] {CVE-2025-54518} [5.4.17-2136.356.1] - arm64/kvm: Include linux/random.h in trng.c (Siddh Raman Pant) [Orabug: 39327096] - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (Tam Nguyen) [Orabug: 39174662] - i2c: designware: Handle invalid SMBus block data response length value (Tam Nguyen) [Orabug: 39174662] - i2c: designware: fix __i2c_dw_disable() in case master is holding SCL low (Yann Sionneau) [Orabug: 39174662] [5.4.17-2136.355.3] - crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [Orabug: 39250687,39331106] {CVE-2026-43077} - crypto: af_alg - Fix page reassignmentoverflow in af_alg_pull_tsgl (Herbert Xu) [Orabug: 39250687,39331111] {CVE-2026-43078} - crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [Orabug: 39250687] - crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [Orabug: 39250687,39300911] {CVE-2026-43033} - crypto: authenc - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250687] - crypto: algif_aead - snapshot IV for async AEAD requests (Douya Le) [Orabug: 39250687,39452217] {CVE-2026-46028} - crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [Orabug: 39250687,39283868,39292250] {CVE-2026-31431} - crypto: algif_aead - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250687] {CVE-2026-31431} - crypto: scatterwalk - Backport memcpy_sglist() (Eric Biggers) [Orabug: 39250687] - crypto: doc - fix kernel-doc notation in chacha.c and af_alg.c (Randy Dunlap) [Orabug: 39250687] _______________________________________________ El-errata mailing list
Update to 3.27.1 It fixes CVE-2026-55191, CVE-2026-55192, CVE-2026-55193, CVE-2026-55194, CVE-2026-55648 and CVE-2026-55827.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-78a12ffec8 2026-07-04 01:06:18.979228+00:00 -------------------------------------------------------------------------------- Name : freerdp Product : Fedora 43 Version : 3.27.1 Release : 1.fc43 URL : http://www.freerdp.com/ Summary : Free implementation of the Remote Desktop Protocol (RDP) Description : The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox. -------------------------------------------------------------------------------- Update Information: Update to 3.27.1 It fixes CVE-2026-55191, CVE-2026-55192, CVE-2026-55193, CVE-2026-55194, CVE-2026-55648 and CVE-2026-55827. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 18 2026 Ondrej Holy - 2:3.27.1-1 - Update to 3.27.1 (CVE-2026-55191, CVE-2026-55192, CVE-2026-55193, CVE-2026-55194, CVE-2026-55648, CVE-2026-55827) Resolves: rhbz#2488900 * Fri Jun 12 2026 Yaakov Selkowitz - 2:3.26.0-8 - Rebuilt for openssl 4.0 * Mon Jun 8 2026 František Zatloukal - 2:3.26.0-7 - Rebuilt for icu 78.3 * Thu Jun 4 2026 Ondrej Holy - 2:3.26.0-6 - Enable uriparser support on RHEL * Tue May 26 2026 Yaakov Selkowitz - 2:3.26.0-5 - Drop multilib-rpm-config usage on RHEL -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-78a12ffec8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More detailson the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Critical updates for FreeRDP address multiple exploits, ensuring Fedora 43 users are secured against potential threats.. Fedora security patch, FreeRDP update, remote desktop vulnerability, Fedora 43 security. . Severity: Critical. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-21378 http://linux.oracle.com/errata/ELSA-2026-21378.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: firefox-140.12.0-1.0.1.el9_8.x86_64.rpm firefox-x11-140.12.0-1.0.1.el9_8.x86_64.rpm aarch64: firefox-140.12.0-1.0.1.el9_8.aarch64.rpm firefox-x11-140.12.0-1.0.1.el9_8.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/firefox-140.12.0-1.0.1.el9_8.src.rpm Related CVEs: CVE-2026-8388 CVE-2026-8391 CVE-2026-8401 CVE-2026-8946 CVE-2026-8947 CVE-2026-8950 CVE-2026-8953 CVE-2026-8954 CVE-2026-8955 CVE-2026-8956 CVE-2026-8957 CVE-2026-8958 CVE-2026-8961 CVE-2026-8962 CVE-2026-8968 CVE-2026-8970 CVE-2026-8974 CVE-2026-8975 Description of changes: [140.12.0-1.0.1] - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [140.12.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [140.12.0-1] - Update to 140.12.0 ESR [140.11.0-1] - Update to 140.11.0 ESR [140.10.2-1] - Update to 140.10.2 ESR [140.10.1-1] - Update to 140.10.1 ESR _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-19370 http://linux.oracle.com/errata/ELSA-2026-19370.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: firefox-140.12.0-1.0.1.el9_8.x86_64.rpm firefox-x11-140.12.0-1.0.1.el9_8.x86_64.rpm aarch64: firefox-140.12.0-1.0.1.el9_8.aarch64.rpm firefox-x11-140.12.0-1.0.1.el9_8.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/firefox-140.12.0-1.0.1.el9_8.src.rpm Related CVEs: CVE-2026-7320 CVE-2026-7321 CVE-2026-7322 CVE-2026-7323 Description of changes: [140.12.0-1.0.1] - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [140.12.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [140.12.0-1] - Update to 140.12.0 ESR [140.11.0-1] - Update to 140.11.0 ESR [140.10.2-1] - Update to 140.10.2 ESR [140.10.1-1] - Update to 140.10.1 ESR _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-29844 http://linux.oracle.com/errata/ELSA-2026-29844.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: tigervnc-1.15.0-7.el9_8.2.x86_64.rpm tigervnc-icons-1.15.0-7.el9_8.2.noarch.rpm tigervnc-license-1.15.0-7.el9_8.2.noarch.rpm tigervnc-selinux-1.15.0-7.el9_8.2.noarch.rpm tigervnc-server-1.15.0-7.el9_8.2.x86_64.rpm tigervnc-server-minimal-1.15.0-7.el9_8.2.x86_64.rpm tigervnc-server-module-1.15.0-7.el9_8.2.x86_64.rpm aarch64: tigervnc-1.15.0-7.el9_8.2.aarch64.rpm tigervnc-icons-1.15.0-7.el9_8.2.noarch.rpm tigervnc-license-1.15.0-7.el9_8.2.noarch.rpm tigervnc-selinux-1.15.0-7.el9_8.2.noarch.rpm tigervnc-server-1.15.0-7.el9_8.2.aarch64.rpm tigervnc-server-minimal-1.15.0-7.el9_8.2.aarch64.rpm tigervnc-server-module-1.15.0-7.el9_8.2.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/tigervnc-1.15.0-7.el9_8.2.src.rpm Related CVEs: CVE-2026-50256 CVE-2026-50257 CVE-2026-50258 CVE-2026-50259 CVE-2026-50260 CVE-2026-50261 CVE-2026-50262 CVE-2026-50263 CVE-2026-50264 Description of changes: [1.15.0-7.2] - Rebuild for updated xorg-x11-server Resolves: RHEL-184003 _______________________________________________ El-errata mailing list
Several security issues were fixed in MySQL.. ========================================================================== Ubuntu Security Notice USN-8457-1 June 22, 2026 mysql-8.0, mysql-8.4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in MySQL. Software Description: - mysql-8.4: MySQL database - mysql-8.0: MySQL database Details: It was discovered that MySQL Router incorrectly handled repeated TLS protocol upgrade requests. An unauthenticated remote attacker could possibly use this issue to cause MySQL Router to crash, resulting in a denial of service. (CVE-2026-46862) It was discovered that MySQL Server incorrectly handled connection authentication. An unauthenticated remote attacker could possibly use this issue to cause MySQL to crash, resulting in a denial of service. (CVE-2026-46863) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS mysql-server 8.4.10-0ubuntu0.26.04.1 Ubuntu 25.10 mysql-server 8.4.10-0ubuntu0.25.10.1 Ubuntu 24.04 LTS mysql-server-8.0 8.0.46-0ubuntu0.24.04.3 Ubuntu 22.04 LTS mysql-server-8.0 8.0.46-0ubuntu0.22.04.3 This update may use a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8457-1 CVE-2026-46862, CVE-2026-46863 Package Information: https://launchpad.net/ubuntu/+source/mysql-8.4/8.4.10-0ubuntu0.26.04.1 https://launchpad.net/ubuntu/+source/mysql-8.4/8.4.10-0ubuntu0.25.10.1 https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.46-0ubuntu0.24.04.3 https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.46-0ubuntu0.22.04.3 . Significant updatesfor MySQL on Ubuntu resolve critical issues. Threats include remote crash vulnerabilities. Secure now!. Ubuntu MySQL update critical threats denial of service. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for google-guest-agent ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20761-1 Rating: important References: * bsc#1260264 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for google-guest-agent fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260264). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-757=1 Package List: - openSUSE Leap 16.0: google-guest-agent-20250506.01-160000.2.1 References: * https://www.suse.com/security/cve/CVE-2026-33186.html . Important update for openSUSE fixing authorization bypass in google-guest-agent with CVE-2026-33186. Patch recommended.. openSUSE security update, google-guest-agent patch, important vulnerabilities, authorization bypass issue. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.