Explore top 10 tips to secure your open-source projects now. Read More
×
Multiple security vulnerabilities were discovered in the SOGo groupware server, which could result in cross-site scripting or SQL injection. For the stable distribution (trixie), these problems have been fixed in version 5.12.1-3+deb13u2. We recommend that you upgrade your sogo packages.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6366-1
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-26181 http://linux.oracle.com/errata/ELSA-2026-26181.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: pgaudit-1.7.0-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm pg_repack-1.4.8-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm postgres-decoderbufs-1.9.7-1.Final.module+el8.9.0+90110+d8a562d5.x86_64.rpm postgresql-15.18-1.module+el8.10.0+90918+5e9abb9f.x86_64.rpm postgresql-contrib-15.18-1.module+el8.10.0+90918+5e9abb9f.x86_64.rpm postgresql-docs-15.18-1.module+el8.10.0+90918+5e9abb9f.x86_64.rpm postgresql-plperl-15.18-1.module+el8.10.0+90918+5e9abb9f.x86_64.rpm postgresql-plpython3-15.18-1.module+el8.10.0+90918+5e9abb9f.x86_64.rpm postgresql-pltcl-15.18-1.module+el8.10.0+90918+5e9abb9f.x86_64.rpm postgresql-private-devel-15.18-1.module+el8.10.0+90918+5e9abb9f.x86_64.rpm postgresql-private-libs-15.18-1.module+el8.10.0+90918+5e9abb9f.x86_64.rpm postgresql-server-15.18-1.module+el8.10.0+90918+5e9abb9f.x86_64.rpm postgresql-server-devel-15.18-1.module+el8.10.0+90918+5e9abb9f.x86_64.rpm postgresql-static-15.18-1.module+el8.10.0+90918+5e9abb9f.x86_64.rpm postgresql-test-15.18-1.module+el8.10.0+90918+5e9abb9f.x86_64.rpm postgresql-test-rpm-macros-15.18-1.module+el8.10.0+90918+5e9abb9f.noarch.rpm postgresql-upgrade-15.18-1.module+el8.10.0+90918+5e9abb9f.x86_64.rpm postgresql-upgrade-devel-15.18-1.module+el8.10.0+90918+5e9abb9f.x86_64.rpm aarch64: pgaudit-1.7.0-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm pg_repack-1.4.8-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm postgres-decoderbufs-1.9.7-1.Final.module+el8.9.0+90110+d8a562d5.aarch64.rpm postgresql-15.18-1.module+el8.10.0+90918+5e9abb9f.aarch64.rpm postgresql-contrib-15.18-1.module+el8.10.0+90918+5e9abb9f.aarch64.rpm postgresql-docs-15.18-1.module+el8.10.0+90918+5e9abb9f.aarch64.rpm postgresql-plperl-15.18-1.module+el8.10.0+90918+5e9abb9f.aarch64.rpm postgresql-plpython3-15.18-1.module+el8.10.0+90918+5e9abb9f.aarch64.rpm postgresql-pltcl-15.18-1.module+el8.10.0+90918+5e9abb9f.aarch64.rpm postgresql-private-devel-15.18-1.module+el8.10.0+90918+5e9abb9f.aarch64.rpm postgresql-private-libs-15.18-1.module+el8.10.0+90918+5e9abb9f.aarch64.rpm postgresql-server-15.18-1.module+el8.10.0+90918+5e9abb9f.aarch64.rpm postgresql-server-devel-15.18-1.module+el8.10.0+90918+5e9abb9f.aarch64.rpm postgresql-static-15.18-1.module+el8.10.0+90918+5e9abb9f.aarch64.rpm postgresql-test-15.18-1.module+el8.10.0+90918+5e9abb9f.aarch64.rpm postgresql-test-rpm-macros-15.18-1.module+el8.10.0+90918+5e9abb9f.noarch.rpm postgresql-upgrade-15.18-1.module+el8.10.0+90918+5e9abb9f.aarch64.rpm postgresql-upgrade-devel-15.18-1.module+el8.10.0+90918+5e9abb9f.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/pgaudit-1.7.0-1.module+el8.9.0+90110+d8a562d5.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/pg_repack-1.4.8-1.module+el8.9.0+90110+d8a562d5.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/postgres-decoderbufs-1.9.7-1.Final.module+el8.9.0+90110+d8a562d5.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/postgresql-15.18-1.module+el8.10.0+90918+5e9abb9f.src.rpm Related CVEs: CVE-2026-6473 CVE-2026-6478 Description of changes: pgaudit [1.7.0-1] - Update to 1.7.0 - Support postgresql 15 - Related: #2128241 [1.5.0-1] - Update to version 1.5.0 Related: #1855776 [1.4.0-4] - Bump release for rebuild against libpq-12.1-3 [1.4.0-3] - BuildRequires libpq-devel [1.4.0-2] - BuildRequires postgresql-server-devel [1.4.0-1] - Update to 1.4.0 [1.3.1-1] - Update to 1.3.1 and apply patch for pgsql v12 compatibility [1.2.0-4] - SCLize the SPEC [1.2.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [1.2.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild pg_repack [1.4.8-1] - Update to version 1.4.8 - Postgresql 15 is supported - Related: #2128241 [1.4.6-4] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [1.4.6-3] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [1.4.6-2] - Build jit based on what postgresql server does Related: #1933048 [1.4.6-1] - Rebase to upstream release 1.4.6 [1.4.5-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [1.4.5-2] - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [1.4.5-1] - Initial packaging postgres-decoderbufs [1.9.7-1.Final] - Iitial import for postgresql 15 stream - Related: #2128241 [1.4.0-4.Final] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [1.4.0-3.Final] - Build jit based on what postgresql server does Related: #1933048 [1.4.0-2.Final] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [1.4.0-1.Final] - Update to new release 1.4.0 [1.1.0-0.6.Final] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [1.1.0-0.5.Final] - Rebuilt for protobuf 3.14 [1.1.0-0.4.Final] - Rebuilt for protobuf 3.13 [1.1.0-0.3.Final] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [1.1.0-0.2.Final] - Rebuilt for protobuf 3.12 postgresql [15.18-1] - Update to 15.18 - Fix CVE-2026-6478 - Resolves: RHEL-179797 _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-26709 http://linux.oracle.com/errata/ELSA-2026-26709.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: xorg-x11-server-Xdmx-1.20.11-28.el8_10.2.x86_64.rpm xorg-x11-server-Xephyr-1.20.11-28.el8_10.2.x86_64.rpm xorg-x11-server-Xnest-1.20.11-28.el8_10.2.x86_64.rpm xorg-x11-server-Xorg-1.20.11-28.el8_10.2.x86_64.rpm xorg-x11-server-Xvfb-1.20.11-28.el8_10.2.x86_64.rpm xorg-x11-server-common-1.20.11-28.el8_10.2.x86_64.rpm xorg-x11-server-devel-1.20.11-28.el8_10.2.i686.rpm xorg-x11-server-devel-1.20.11-28.el8_10.2.x86_64.rpm xorg-x11-server-source-1.20.11-28.el8_10.2.noarch.rpm aarch64: xorg-x11-server-Xdmx-1.20.11-28.el8_10.2.aarch64.rpm xorg-x11-server-Xephyr-1.20.11-28.el8_10.2.aarch64.rpm xorg-x11-server-Xnest-1.20.11-28.el8_10.2.aarch64.rpm xorg-x11-server-Xorg-1.20.11-28.el8_10.2.aarch64.rpm xorg-x11-server-Xvfb-1.20.11-28.el8_10.2.aarch64.rpm xorg-x11-server-common-1.20.11-28.el8_10.2.aarch64.rpm xorg-x11-server-devel-1.20.11-28.el8_10.2.aarch64.rpm xorg-x11-server-source-1.20.11-28.el8_10.2.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/xorg-x11-server-1.20.11-28.el8_10.2.src.rpm Related CVEs: CVE-2026-50256 CVE-2026-50257 CVE-2026-50258 CVE-2026-50259 CVE-2026-50260 CVE-2026-50261 CVE-2026-50262 CVE-2026-50263 CVE-2026-50264 Description of changes: [1.20.11-28.2] - Other security related fixes Resolves: https://redhat.atlassian.net/browse/RHEL-184289 [1.20.11-28.1] - CVE fix for: CVE-2026-50256, CVE-2026-50257, CVE-2026-50258, CVE-2026-50259, CVE-2026-50260, CVE-2026-50261, CVE-2026-50262, CVE-2026-50263, CVE-2026-50264 Resolves: https://redhat.atlassian.net/browse/RHEL-182442 _______________________________________________ El-errata mailing list
New upstream release (151.0.3). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-d1aae27e8b 2026-06-06 01:02:02.289338+00:00 -------------------------------------------------------------------------------- Name : firefox Product : Fedora 44 Version : 151.0.3 Release : 1.fc44 URL : https://www.mozilla.org/firefox/ Summary : Mozilla Firefox Web browser Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. -------------------------------------------------------------------------------- Update Information: New upstream release (151.0.3) -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 3 2026 Martin Stransky - 151.0.3-1 - Update to latest upstream (151.0.3) -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-d1aae27e8b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
A vulnerability has been discovered in the Exim mail transport agent, which may result in remote code execution. For Debian 11 bullseye, this problem has been fixed in version 4.94.2-7+deb11u5. We recommend that you upgrade your exim4 packages.. Debian LTS Advisory DLA-4580-1
An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for hauler ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20662-1 Rating: moderate References: * bsc#1258614 Cross-References: * CVE-2026-24122 CVSS scores: * CVE-2026-24122 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-24122 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for hauler fixes the following issues: Changes in hauler: - update to 1.4.2 (bsc#1258614, CVE-2026-24122): * Bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 in the go_modules group across 1 directory * fix for new helm chart features * Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 in the go_modules group across 1 directory * Bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 in the go_modules group across 1 directory * Bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 in the go_modules group across 1 directory * update cosign fork to 3.0.4 plus dep tidy * fix: Fix file:// dependency chart path resolution * update github.com/olekukonko/tablewriter to v1.1.2 * keep registry on image rewrite if not specified * Bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 in the go_modules group across 1 directory * fix: handling of file referenced dependencies without repository field * Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 in the go_modules group across 1 directory * dev.md file * smaller changes and updates for v1.4.2 release Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_updateor "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-228=1 Package List: - openSUSE Leap 16.0: hauler-1.4.2-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2026-24122.html . Fix for a moderate issue in openSUSE hauler with CVE-2026-24122. Includes steps for installation and update.. openSUSE security, hauler update, CVE-2026-24122, patch instructions. . LinuxSecurity.com Team
Update NSS to 3.122.1 Update to Firefox 150.0 New upstream release (149.0.2). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-fb08ad61f2 2026-04-24 05:55:55.878917+00:00 -------------------------------------------------------------------------------- Name : firefox Product : Fedora 44 Version : 150.0 Release : 1.fc44 URL : https://www.mozilla.org/firefox/ Summary : Mozilla Firefox Web browser Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. -------------------------------------------------------------------------------- Update Information: Update NSS to 3.122.1 Update to Firefox 150.0 New upstream release (149.0.2) -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 16 2026 Martin Stransky - 150.0-1 - Update to latest upstream (150.0) * Wed Apr 8 2026 Martin Stransky - 149.0.2-1 - Update to latest upstream (149.0.2) * Tue Apr 7 2026 - 149.0-6 - Fixed rhbz#2449217 - Firefox launch script does not use XDG_CONFIG_HOME for extensions. * Tue Apr 7 2026 Martin Stransky - 149.0-5 - Add fix for mzbz#2026403 - some popups still blurry with fractional scaling in GNOME -------------------------------------------------------------------------------- References: [ 1 ] Bug #2460531 - Firefox 150 fixes 271 unspecified security issues (F44 blocker consideration) https://bugzilla.redhat.com/show_bug.cgi?id=2460531 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-fb08ad61f2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key.More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that can now be installed.. # Security update for rekor Announcement ID: SUSE-SU-2026:1488-1 Release Date: 2026-04-20T15:54:29Z Rating: important References: Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for rekor rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1488=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1488=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1488=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1488=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1488=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1488=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1488=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1488=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1488=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1488=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1488=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1488=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * rekor-1.4.3-150400.4.30.1 * rekor-debuginfo-1.4.3-150400.4.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * rekor-1.4.3-150400.4.30.1 * rekor-debuginfo-1.4.3-150400.4.30.1 * openSUSE Leap 15.4(aarch64 ppc64le s390x x86_64 i586) * rekor-1.4.3-150400.4.30.1 * rekor-debuginfo-1.4.3-150400.4.30.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * rekor-1.4.3-150400.4.30.1 * rekor-debuginfo-1.4.3-150400.4.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * rekor-1.4.3-150400.4.30.1 . Important update for rekor on openSUSE Leap 15.4 addresses current security flaws with easy installation instructions.. openSUSE update, rekor patch, important security advisory, SUSE Linux patch, Linux vulnerability alert. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.