Explore top 10 tips to secure your open-source projects now. Read More
×
Update to version 3.10.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-45190a3b6b 2026-06-17 08:24:34.389254+00:00 -------------------------------------------------------------------------------- Name : ack Product : Fedora 43 Version : 3.10.0 Release : 1.fc43 URL : http://beyondgrep.com/ Summary : A Grep-like source code search tool Description : Ack is a grep-like search tool designed for use with large heterogeneous trees of source code. It searchs recursively and ignores common version control directories. -------------------------------------------------------------------------------- Update Information: Update to version 3.10.0 -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 7 2026 Bill Pemberton - 3.10.0-1 - Update to version 3.10.0 * Fri Jan 16 2026 Fedora Release Engineering - 3.9.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering - 3.9.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2486102 - ack-3.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2486102 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-45190a3b6b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
libre v4.8.1 (2026-05-28) fmt/pl: add pl_strip_html() sys/fs: add getpwuid fallback for fs_gethome tls: remove unused include rsa.h ice: check source address of incoming application packets. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-837d6ef455 2026-06-05 04:25:00.359060+00:00 -------------------------------------------------------------------------------- Name : libre Product : Fedora 44 Version : 4.8.1 Release : 1.fc44 URL : https://github.com/baresip/re Summary : Generic library for real-time communications Description : Libre is a generic library for real-time communications with async I/O support. Features are a SIP stack (RFC 3261), SDP, RTP and RTCP, SRTP and SRTCP (Secure RTP), DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with client/server, Websockets, Jitter buffer, async I/O (poll, epoll, select, kqueue), UDP/TCP/TLS/DTLS transport, JSON parser and Real Time Messaging Protocol (RTMP). -------------------------------------------------------------------------------- Update Information: libre v4.8.1 (2026-05-28) fmt/pl: add pl_strip_html() sys/fs: add getpwuid fallback for fs_gethome tls: remove unused include rsa.h ice: check source address of incoming application packets websock: Fix integer overflow in websock_decode() masked frame check https://github.com/baresip/re/security/advisories/GHSA-hvxv-v2gp-v93h https://github.com/baresip/baresip/issues/3705 -------------------------------------------------------------------------------- ChangeLog: * Thu May 28 2026 Robert Scheck 4.8.1-1 - Upgrade to 4.8.1 (#2482756) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2482756 - libre-4.8.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2482756 -------------------------------------------------------------------------------- This update can be installed with the "dnf" updateprogram. Use su -c 'dnf upgrade --advisory FEDORA-2026-837d6ef455' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-16875 http://linux.oracle.com/errata/ELSA-2026-16875.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: git-lfs-3.4.1-10.el8_10.x86_64.rpm aarch64: git-lfs-3.4.1-10.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/git-lfs-3.4.1-10.el8_10.src.rpm Related CVEs: CVE-2026-25679 CVE-2026-32280 CVE-2026-32282 CVE-2026-32283 Description of changes: [3.4.1-10] - Rebuild with new Golang - Resolves: RHEL-167541, RHEL-167379, RHEL-166518 [3.4.1-9] - Rebuild with new Golang - Resolves: RHEL-156637 _______________________________________________ El-errata mailing list
Several security issues were fixed in libsoup.. ========================================================================== Ubuntu Security Notice USN-8020-1 February 08, 2026 libsoup3 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in libsoup. Software Description: - libsoup3: HTTP client/server library for GNOME Details: It was discovered that libsoup did not correctly handle certain URL-decoded input, which could allow for HTTP header injection. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-1467, CVE-2026-1536) It was discovered that libsoup did not correctly handle removal of the Proxy-Authorization header. A remote attacker could possibly use this issue to leak sensitive information. (CVE-2026-1539) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 gir1.2-soup-3.0 3.6.5-4ubuntu0.2 libsoup-3.0-0 3.6.5-4ubuntu0.2 libsoup-3.0-common 3.6.5-4ubuntu0.2 libsoup-3.0-dev 3.6.5-4ubuntu0.2 libsoup-3.0-doc 3.6.5-4ubuntu0.2 libsoup-3.0-tests 3.6.5-4ubuntu0.2 Ubuntu 24.04 LTS gir1.2-soup-3.0 3.4.4-5ubuntu0.7 libsoup-3.0-0 3.4.4-5ubuntu0.7 libsoup-3.0-common 3.4.4-5ubuntu0.7 libsoup-3.0-dev 3.4.4-5ubuntu0.7 libsoup-3.0-doc 3.4.4-5ubuntu0.7 libsoup-3.0-tests 3.4.4-5ubuntu0.7 Ubuntu 22.04 LTS gir1.2-soup-3.0 3.0.7-0ubuntu1+esm7 Available with Ubuntu Pro libsoup-3.0-0 3.0.7-0ubuntu1+esm7 Available with Ubuntu Pro libsoup-3.0-common 3.0.7-0ubuntu1+esm7 Available with Ubuntu Pro libsoup-3.0-dev 3.0.7-0ubuntu1+esm7 Available with Ubuntu Pro libsoup-3.0-doc 3.0.7-0ubuntu1+esm7 Available with Ubuntu Pro libsoup-3.0-tests 3.0.7-0ubuntu1+esm7 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8020-1 CVE-2026-1467, CVE-2026-1536, CVE-2026-1539 Package Information: https://launchpad.net/ubuntu/+source/libsoup3/3.4.4-5ubuntu0.7 . Learn about fixed security issues in libsoup for Ubuntu 22.04 LTS, 24.04 LTS, 25.10 with update instructions.. libsoup3 security, Ubuntu software vulnerabilities, HTTP library risk. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # kubernetes1.30-apiserver-1.30.14-1.1 on GA media Announcement ID: openSUSE-SU-2025:15234-1 Rating: moderate Cross-References: * CVE-2025-22872 CVSS scores: * CVE-2025-22872 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-22872 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the kubernetes1.30-apiserver-1.30.14-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * kubernetes1.30-apiserver 1.30.14-1.1 * kubernetes1.30-client 1.30.14-1.1 * kubernetes1.30-client-bash-completion 1.30.14-1.1 * kubernetes1.30-client-common 1.30.14-1.1 * kubernetes1.30-client-fish-completion 1.30.14-1.1 * kubernetes1.30-controller-manager 1.30.14-1.1 * kubernetes1.30-kubeadm 1.30.14-1.1 * kubernetes1.30-kubelet 1.30.14-1.1 * kubernetes1.30-kubelet-common 1.30.14-1.1 * kubernetes1.30-proxy 1.30.14-1.1 * kubernetes1.30-scheduler 1.30.14-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-22872.html . openSUSE has released a security notice regarding weaknesses in the Kubernetes apiserver, encouraging users to promptly implement necessary updates.. openSUSE updates,kubernetes apiserver security,moderate security advisory. . LinuxSecurity.com Team
Several security issues were fixed in ClamAV.. ========================================================================== Ubuntu Security Notice USN-7615-1 July 02, 2025 clamav vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in ClamAV. Software Description: - clamav: Anti-virus utility for Unix Details: It was discovered that ClamAV incorrectly handled scanning UDF files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2025-20234) It was discovered that ClamAV incorrectly handled scanning PDF files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-20260) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 clamav 1.4.3+dfsg-0ubuntu0.25.04.1 Ubuntu 24.10 clamav 1.4.3+dfsg-0ubuntu0.24.10.1 Ubuntu 24.04 LTS clamav 1.4.3+dfsg-0ubuntu0.24.04.1 Ubuntu 22.04 LTS clamav 1.4.3+dfsg-0ubuntu0.22.04.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7615-1 CVE-2025-20234, CVE-2025-20260 Package Information: https://launchpad.net/ubuntu/+source/clamav/1.4.3+dfsg-0ubuntu0.25.04.1 https://launchpad.net/ubuntu/+source/clamav/1.4.3+dfsg-0ubuntu0.24.10.1 https://launchpad.net/ubuntu/+source/clamav/1.4.3+dfsg-0ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/clamav/1.4.3+dfsg-0ubuntu0.22.04.1 . Several security patches for ClamAV in Ubuntu mitigate denial of service vulnerabilities andgreatly enhance overall system security.. Ubuntu clamav security update, ClamAV denial of service, Ubuntu security notice, ClamAV vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-11-openjdk security update Advisory ID: RHSA-2023:1878-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1878 Issue date: 2023-04-19 CVE Names: CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 ==================================================================== 1. Summary: An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930) * OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939) * OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954) * OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967) * OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937) * OpenJDK: incorrect handling of NULLcharacters in ProcessBuilder (8295304) (CVE-2023-21938) * OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474) 2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191) 2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310) 2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832) 2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) 2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622) 2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) 6. Package List: Red Hat Enterprise Linux AppStream E4S (v.8.1): Source: java-11-openjdk-11.0.19.0.7-1.el8_1.src.rpm aarch64: java-11-openjdk-11.0.19.0.7-1.el8_1.aarch64.rpm java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_1.aarch64.rpm java-11-openjdk-debugsource-11.0.19.0.7-1.el8_1.aarch64.rpm java-11-openjdk-demo-11.0.19.0.7-1.el8_1.aarch64.rpm java-11-openjdk-devel-11.0.19.0.7-1.el8_1.aarch64.rpm java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_1.aarch64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_1.aarch64.rpm java-11-openjdk-headless-11.0.19.0.7-1.el8_1.aarch64.rpm java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_1.aarch64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_1.aarch64.rpm java-11-openjdk-javadoc-11.0.19.0.7-1.el8_1.aarch64.rpm java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_1.aarch64.rpm java-11-openjdk-jmods-11.0.19.0.7-1.el8_1.aarch64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_1.aarch64.rpm java-11-openjdk-src-11.0.19.0.7-1.el8_1.aarch64.rpm ppc64le: java-11-openjdk-11.0.19.0.7-1.el8_1.ppc64le.rpm java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_1.ppc64le.rpm java-11-openjdk-debugsource-11.0.19.0.7-1.el8_1.ppc64le.rpm java-11-openjdk-demo-11.0.19.0.7-1.el8_1.ppc64le.rpm java-11-openjdk-devel-11.0.19.0.7-1.el8_1.ppc64le.rpm java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_1.ppc64le.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_1.ppc64le.rpm java-11-openjdk-headless-11.0.19.0.7-1.el8_1.ppc64le.rpm java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_1.ppc64le.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_1.ppc64le.rpm java-11-openjdk-javadoc-11.0.19.0.7-1.el8_1.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_1.ppc64le.rpm java-11-openjdk-jmods-11.0.19.0.7-1.el8_1.ppc64le.rpm java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_1.ppc64le.rpm java-11-openjdk-src-11.0.19.0.7-1.el8_1.ppc64le.rpm s390x: java-11-openjdk-11.0.19.0.7-1.el8_1.s390x.rpm java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_1.s390x.rpm java-11-openjdk-debugsource-11.0.19.0.7-1.el8_1.s390x.rpm java-11-openjdk-demo-11.0.19.0.7-1.el8_1.s390x.rpm java-11-openjdk-devel-11.0.19.0.7-1.el8_1.s390x.rpm java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_1.s390x.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_1.s390x.rpm java-11-openjdk-headless-11.0.19.0.7-1.el8_1.s390x.rpm java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_1.s390x.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_1.s390x.rpm java-11-openjdk-javadoc-11.0.19.0.7-1.el8_1.s390x.rpm java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_1.s390x.rpm java-11-openjdk-jmods-11.0.19.0.7-1.el8_1.s390x.rpm java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_1.s390x.rpm java-11-openjdk-src-11.0.19.0.7-1.el8_1.s390x.rpm x86_64: java-11-openjdk-11.0.19.0.7-1.el8_1.x86_64.rpm java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_1.x86_64.rpm java-11-openjdk-debugsource-11.0.19.0.7-1.el8_1.x86_64.rpm java-11-openjdk-demo-11.0.19.0.7-1.el8_1.x86_64.rpm java-11-openjdk-devel-11.0.19.0.7-1.el8_1.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_1.x86_64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_1.x86_64.rpm java-11-openjdk-headless-11.0.19.0.7-1.el8_1.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_1.x86_64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_1.x86_64.rpm java-11-openjdk-javadoc-11.0.19.0.7-1.el8_1.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_1.x86_64.rpm java-11-openjdk-jmods-11.0.19.0.7-1.el8_1.x86_64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_1.x86_64.rpm java-11-openjdk-src-11.0.19.0.7-1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2023-21930 https://access.redhat.com/security/cve/CVE-2023-21937 https://access.redhat.com/security/cve/CVE-2023-21938 https://access.redhat.com/security/cve/CVE-2023-21939 https://access.redhat.com/security/cve/CVE-2023-21954 https://access.redhat.com/security/cve/CVE-2023-21967 https://access.redhat.com/security/cve/CVE-2023-21968 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZEgrvdzjgjWX9erEAQiIyA//WTqrd0YBgTw85wx3moh9whCGNb7oQ1F4 +4T3HBjtZnho0FSlMe/NkscNj+AjyPTROYww0cOgAuOfL2CeSW/sWDFVVT5LM4Iy LOu9J95l9T170OiDzX3fcOFGN71qIiUAkj7sve8MimmKNDWEjDKNvVG0o/oHE9tf pI99A3znmOVBMD7XOLwfFm6oWTlsf41y6PCkilMO+sRhd/5VQ5fOblu5LYSUNbZF wpwGtFCSs0DgHfyVbI+Gaf5MyMHQqC5wKZ2sSvNYLcw2dELicFTwtzqCyLud7hrv R36cNs9IrRo73or0FvWi5L2qLUGZ3pjxoWfORcfx6yzcwei5ao/sY2eoR7zIMVz5 DYiTQejLhRodM7Z5iVng5PLlQ8ZYW7FsPhStkBOLM2LM/oQzXtt1quUqmiDb8BXL ZMBaYBHV3ZW04TnOwwUJqyBheJwTY2wxRTSaSilLcyenQHHiTRxNyMK8TWInNbN6 N9AA49r+LOYDdBe4sagTi8Y5W3n/HBGdylvo1hjIHbELAzwe61M3mL251xdAX+4/ xU6E7gmUbHwHKPZ2DyFvZphSp8Hfzni5VXZ+wgX9HkGMKi01WfphKV5kx5O3x1Eo eoUvQwnt6hrvAOvsinHOpWEoYZluj1SU4c8cXesCoDE6MAu6qGLd+/ebMuWnvTvT lw1gy0GZRjA=d9/O -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Get the latest Linux and open source security news straight to your inbox.