Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 165 articles for you...
202

openSUSE Tumbleweed Tomcat11 Moderate Security Issue Advisory 2026-11195-1

An update that solves 6 vulnerabilities can now be installed.. # tomcat11-11.0.23-1.1 on GA media Announcement ID: openSUSE-SU-2026:11195-1 Rating: moderate Cross-References: * CVE-2026-50229 * CVE-2026-53404 * CVE-2026-53434 * CVE-2026-55276 * CVE-2026-55955 * CVE-2026-55956 CVSS scores: * CVE-2026-50229 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-50229 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-53404 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-53404 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-53434 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-53434 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-55276 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-55276 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-55955 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-55955 ( SUSE ): 2.3 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-55956 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-55956 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 6 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the tomcat11-11.0.23-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * tomcat11 11.0.23-1.1 * tomcat11-admin-webapps 11.0.23-1.1 * tomcat11-doc 11.0.23-1.1 * tomcat11-docs-webapp 11.0.23-1.1 * tomcat11-el-6_0-api 11.0.23-1.1 * tomcat11-embed 11.0.23-1.1 * tomcat11-jsp-4_0-api 11.0.23-1.1 * tomcat11-jsvc 11.0.23-1.1 * tomcat11-lib 11.0.23-1.1 * tomcat11-servlet-6_1-api 11.0.23-1.1 * tomcat11-webapps 11.0.23-1.1 ##References: * https://www.suse.com/security/cve/CVE-2026-50229.html * https://www.suse.com/security/cve/CVE-2026-53404.html * https://www.suse.com/security/cve/CVE-2026-53434.html * https://www.suse.com/security/cve/CVE-2026-55276.html * https://www.suse.com/security/cve/CVE-2026-55955.html * https://www.suse.com/security/cve/CVE-2026-55956.html . This update for openSUSE resolves several security issues in the tomcat11 package, enhancing system protection.. openSUSE security update, tomcat11 vulnerabilities, Linux application security. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 moderate OpenSUSE
100

SUSE perl-libwww-perl Moderate Authorization Issue Fix 2026-22353-1

An update that solves one vulnerability can now be installed.. # Security update for perl-libwww-perl Announcement ID: SUSE-SU-2026:22353-1 Release Date: 2026-06-24T19:41:53Z Rating: moderate References: * bsc#1265156 Cross-References: * CVE-2026-8368 CVSS scores: * CVE-2026-8368 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-8368 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-8368 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for perl-libwww-perl fixes the following issue * CVE-2026-8368: authorization and proxy-authorization headers are leaked on cross-origin redirects (bsc#1265156). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-1058=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-1058=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * perl-libwww-perl-6.770.0-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * perl-libwww-perl-6.770.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-8368.html * https://bugzilla.suse.com/show_bug.cgi?id=1265156 . A security update for SUSE addresses authorization issues in perl-libwww-perl, recommended for immediate installation.. SUSE update, perl-libwww-perl, security fix. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 moderate SuSE
89

Fedora 43 introduces vital security fix for XSS flaws in python-postorius

Update to 1.3.13 (minor packaging changes); backport unreleased fix for cross- side scripting via unescaped HTML. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c2b475c5f1 2026-06-27 00:54:50.049673+00:00 -------------------------------------------------------------------------------- Name : python-postorius Product : Fedora 43 Version : 1.3.13 Release : 1.fc43 URL : https://gitlab.com/mailman/postorius Summary : Web UI for GNU Mailman Description : The Postorius Django app provides a web user interface to access GNU Mailman. -------------------------------------------------------------------------------- Update Information: Update to 1.3.13 (minor packaging changes); backport unreleased fix for cross- side scripting via unescaped HTML -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 17 2026 Michel Lind - 1.3.13-1 - Backport unreleased fix for CVE-2026-44742 - With 1.3.13 we no longer need to exclude example_project * Tue Jun 16 2026 Python Maint - 1.3.12-8 - Rebuilt for Python 3.15 * Sat Jan 17 2026 Fedora Release Engineering - 1.3.12-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2476457 - CVE-2026-44742 python-postorius: Postorius: Cross-Site Scripting via unescaped HTML in message subject [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476457 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c2b475c5f1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key.More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Python-postorius in Fedora 43 has a fix for cross-site scripting risks; upgrade recommended to ensure security.. Fedora Python Postorius Cross-Site Scripting Update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 26, 2026 Important Fedora
89

Fedora 44 vaultwarden-web Update 2026.4.1 Addresses Critical Access Issues

update to 2026.4.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-111cf6d28f 2026-06-12 00:58:37.608012+00:00 -------------------------------------------------------------------------------- Name : vaultwarden-web Product : Fedora 44 Version : 2026.4.1 Release : 1.fc44 URL : https://github.com/dani-garcia/bw_web_builds Summary : Web vault for vaultwarden Description : Web vault for vaultwarden. -------------------------------------------------------------------------------- Update Information: update to 2026.4.1 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 3 2026 Jonathan Wright - 2026.4.1-1 - update to 2026.4.1 rhbz#2387335 - Fixes CVE-2026-27803 Unauthorized collection management operations due to improper access control - Fixes CVE-2026-27801 Two-factor authentication bypass allows unauthorized access and data deletion - Fixes CVE-2026-27802 Privilege Escalation via Unauthorized Bulk Permission Update - Fixes CVE-2026-27898 Information disclosure via API partial update -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-111cf6d28f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical updates to Fedora 44 vaultwarden-web enhance security and accessibility with crucial fixes and improvements.. Fedora 44 updates, vaultwarden-web security, unauthorized access fixes, data exposure vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 11, 2026 Important Fedora
172

Ubuntu 26.04 LTS libtemplate-perl Critical HTML Injection Vuln 8377-1

Template-Toolkit could allow arbitrary HTML and JavaScript to be injected into generated output.. ========================================================================== Ubuntu Security Notice USN-8377-1 June 03, 2026 libtemplate-perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Template-Toolkit could allow arbitrary HTML and JavaScript to be injected into generated output. Software Description: - libtemplate-perl: template processing system in Perl Details: It was discovered that Template-Toolkit did not properly escape single quotes in the html_filter function of Template::Plugin::HTML. An attacker could possibly use this issue to inject arbitrary HTML and JavaScript into generated output. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libtemplate-perl 3.102-1ubuntu0.1 Ubuntu 25.10 libtemplate-perl 2.27-1ubuntu0.25.10.1 Ubuntu 24.04 LTS libtemplate-perl 2.27-1ubuntu0.24.04.1 Ubuntu 22.04 LTS libtemplate-perl 2.27-1ubuntu0.22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8377-1 CVE-2026-5090 Package Information: https://launchpad.net/ubuntu/+source/libtemplate-perl/3.102-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libtemplate-perl/2.27-1ubuntu0.25.10.1 https://launchpad.net/ubuntu/+source/libtemplate-perl/2.27-1ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/libtemplate-perl/2.27-1ubuntu0.22.04.1 . Template-Toolkit in Ubuntu can allow arbitrary HTML and JavaScript injection, potentially compromising system integrity.. Ubuntu libtemplate-perl security fixed issues. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 03, 2026 Critical Ubuntu
89

Fedora 43 lemonldap-ng Update 2026-38914f4e04 SSO Access Management

Update to 2.22.3 https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-22-3-is-out/. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-38914f4e04 2026-04-30 01:19:30.574299+00:00 -------------------------------------------------------------------------------- Name : lemonldap-ng Product : Fedora 43 Version : 2.22.3 Release : 1.fc43 URL : https://lemonldap-ng.org Summary : Web Single Sign On (SSO) and Access Management Description : LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application. It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space as described below. -------------------------------------------------------------------------------- Update Information: Update to 2.22.3 https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-22-3-is-out/ -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 20 2026 Clement Oudot - 2.22.3-1 - Update to 2.22.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2459684 - lemonldap-ng-2.22.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2459684 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-38914f4e04' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . LemonLDAP-NG 2.22.3 released for Fedora 43, offering enhanced web SSO and access management.. lemonldap-ng update access management Fedora. . Severity: Informational. LinuxSecurity.com Team

Calendar%202 Apr 30, 2026 Informational Fedora
100

SUSE Nodejs20 Important Issues Update 2026-1371-1 CVE-2026-21637

An update that solves seven vulnerabilities can now be installed.. # Security update for nodejs20 Announcement ID: SUSE-SU-2026:1371-1 Release Date: 2026-04-15T14:46:55Z Rating: important References: * bsc#1256576 * bsc#1260455 * bsc#1260462 * bsc#1260463 * bsc#1260480 * bsc#1260482 * bsc#1260494 Cross-References: * CVE-2026-21637 * CVE-2026-21710 * CVE-2026-21713 * CVE-2026-21714 * CVE-2026-21715 * CVE-2026-21716 * CVE-2026-21717 CVSS scores: * CVE-2026-21637 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21713 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-21714 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21715 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21716 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-21716 ( SUSE ): 4.4CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-21717 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for nodejs20 fixes the following issues: Update to version 20.20.2. * CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request (bsc#1260494). * CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file permissions and ownership on already-open file descriptors (bsc#1260462). * CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482). * CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480). * CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and potential MAC forgery (bsc#1260463). * CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a header named `__proto__` when the application accesses `req.headersDistinct`(bsc#1260455). * CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or `ALPNCallback` are in use (bsc#1256576). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1371=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1371=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1371=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1371=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1371=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * corepack20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * openSUSE Leap 15.5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 *npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21637.html * https://www.suse.com/security/cve/CVE-2026-21710.html * https://www.suse.com/security/cve/CVE-2026-21713.html * https://www.suse.com/security/cve/CVE-2026-21714.html * https://www.suse.com/security/cve/CVE-2026-21715.html * https://www.suse.com/security/cve/CVE-2026-21716.html * https://www.suse.com/security/cve/CVE-2026-21717.html * https://bugzilla.suse.com/show_bug.cgi?id=1256576 * https://bugzilla.suse.com/show_bug.cgi?id=1260455 * https://bugzilla.suse.com/show_bug.cgi?id=1260462 * https://bugzilla.suse.com/show_bug.cgi?id=1260463 * https://bugzilla.suse.com/show_bug.cgi?id=1260480 * https://bugzilla.suse.com/show_bug.cgi?id=1260482 * https://bugzilla.suse.com/show_bug.cgi?id=1260494 . This update for SUSE nodejs20 addresses seven important issues to enhance security and performance. Install recommended patches.. Nodejs20, SUSE, security audit, system updates. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 15, 2026 Important SuSE
87

Debian Bookworm Shaarli Important Cross-Site Scripting Fix DSA-6128-1

Moritz Woermann discovered that missing input sanitising in Shaarli, a personal bookmarking service, could result in cross-site scripting. For the oldstable distribution (bookworm), this problem has been fixed in version 0.12.1+dfsg-8+deb12u2. For the stable distribution (trixie), this problem has been fixed in. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6128-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff February 09, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : shaarli CVE ID : CVE-2026-24476 Moritz Woermann discovered that missing input sanitising in Shaarli, a personal bookmarking service, could result in cross-site scripting. For the oldstable distribution (bookworm), this problem has been fixed in version 0.12.1+dfsg-8+deb12u2. For the stable distribution (trixie), this problem has been fixed in version 0.14.0+dfsg-2+deb13u1. We recommend that you upgrade your shaarli packages. For the detailed security status of shaarli please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/shaarli Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Missing input sanitizing in Shaarli leads to cross-site scripting risk in Debian distributions. Upgrade recommended.. Debian security advisory, Shaarli update, cross-site scripting, web application security, Debian DSA. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 09, 2026 Important Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200